Open SourceTutorial

Geoserver for Enterprise PART I – Control resource usage and prevent DoS attack on your enterprise GIS with Control Flow extension.

Geoserver with Control Flow

In this series of articles I’ll delve into provisioning an enterprise grade GIS Server at ZERO cost in LICENSE and ZERO upfront cost using Geoserver map server.

Geoserver is an open source software server written in Java that allows users to share and edit geospatial data. Designed for interoperability, it publishes data from any major spatial data source (RDBMS, NoSQL DB, File Storage, Raster Sources) using OGC standards such OWS, WMTS, GeoJson etc.

Similar open source products are the UTM Mapserver and Mapnik.

Extensions are modules that add functionality to GeoServer. They are installed as add-ons to the base GeoServer installation.

In this article, I’ll illustrate how the control-flow extension can improve the performance of your Geoserver instance while adding a layer of security and reliability to your enterprise system.

With these extension you will achieve a cut-throat solution to the Esri’s ArcGIS Server if not the complete Enterprise platform.

It’s integral to mention, extending Geoserver with these extension is a simple step of downloading and extracting the *.jar file into the WEB-INF/lib folder of the Geoserver installation. 

Enterprise Requirements…

Enterprise solutions exhibit certain non-functional requirements that may proof cut-throat to applications that are not designed for that environment. These requirements that usually stem from the sheer umber of users the use case targets, to security concerns and amount of data to process and often essential as much as functional feature of the application. Here are a few of the concerns that influence design on enterprise systems;-

  • Security – Authentication and Authorization to resources
  • Usage/Resource control
  • System monitoring, Logging and health checks
  • Scalability and Reliability
  • Interoperability and Integration

The Control Flow Module

The control-flow module provide a performance boost for Geoserver as well as adding another layer of security. The control flow is the answer to i)Resource control and reliability as well as ii) some aspects of security. Geoserver administrator can use control-flow module to achieve 3 things;-

  • Boost Performance: – Geoserver tests indicate that GWC throughput peaks at 4 x the number of CPU cores and GetMap throughput peaks at 2x the number of CPU cores. Control flow allows the Geoserver Administrator to throttle request by adding these types rule to the configuration file.
  • Resource control: requests such as GetMap can use a significant amount of memory and consequently lead to OutOfMemoryError especially if many requests run in parallel. Control flow allows you to limit the amount of requests executing in parallel hence limiting the total amount of memory used just below the memory that was actually given to the JVM. There are two type of rules;-
    • Global OWS request count – limiting global ows requests
    • Per request control – control number of parallel request by type of service request like GetMap, GetFeatureInfo, etc
    • Request priority support – you can use this rul to set priority for your ows.* requests
    • Per user concurrency control – allow limiting the max requests a user can make as identified by a cookie or ip.
    • Per user rate control – allow limiting the maximum number of requests per unit of time, based either on a cookie or IP address.
    • Timeout
  • Fairness: A key to your system stability is limiting the number of request that one user can run in parallel so as to allow all your users fair performance.
  • The “fairness principle” links to a very critical security issues DoS attacks. Being able as an administrator to limit the number of request a user can run protects your system from Denial of Service attacks. Control flow allows the administrator to limits request using the rate control rules.

The control flow method does not normally reject requests, it just queues up those in excess and executes them late. However, with the timeout=<seconds> you can specify how long in seconds a request can be queued before its totally rejected.

The control flow is therefore an integral part of your administration system if you’re going to build your enterprise GIS on top of Geoserver. The proprietary systems have somehow implemented some of the things it does to secure your systems and make it reliable for all your users like rate limits by default. If you dig deeper you’ll realize that you can always tinker with these configurations to your liking.

In the PART II of this series I’ll be delving into how to build enterprise grade Authentication and Resource Authorization back-end in Geoserver.

Are you building a GIS infrastructure on Open Source technologies? Working with Geoserver in your enterprise environment? Let us know of your pain points and successes!

Reach Out to Us
Tell us something interesting today…

Comment here

Pin It on Pinterest