Granting access and creating accounts on the Perforce depots at Advanced Micro Devices (AMD) is a 24/7 operation with engineers working around the world. Given the highly sensitive nature of the source code that resides on these depots, access to areas is tightly regulated and may be requested at a moment's notice. The administrators that create accounts and grant access to these areas should be enabled to perform these tasks wherever they are, and they may not necessarily have access to a desktop or have the means to log in to the company network remotely. By creating an interface accessible by Web browser with a pre-defined list of actions, AMD's administrators are able to perform these tasks securely by mobile device. Learn more about AMD's solution, and how you can enable mobile access to Perforce at your own company.
2. THE PROBLEM
• Granting access is a 24/7 operation
3. THE PROBLEM
• Granting access is a 24/7 operation
• Engineering teams span across the world
4. THE PROBLEM
• Granting access is a 24/7 operation
• Engineering teams span across the world
• Access to areas is tightly regulated
5. THE PROBLEM
• Granting access is a 24/7 operation
• Engineering teams span across the world
• Access to areas is tightly regulated
• A single team is authorized to give access
6. THE PROBLEM
• Granting access is a 24/7 operation
• Engineering teams span across the world
• Access to areas is tightly regulated
• A single team is authorized to give access
• Be able to perform this task whenever and wherever
8. THE SOLUTION
• Leverage the mobile device
• Create an interface accessible by web browser
9. THE SOLUTION
• Leverage the mobile device
• Create an interface accessible by web browser
• Use the browser on the mobile device
10. THE SOLUTION
• Leverage the mobile device
• Create an interface accessible by web browser
• Use the browser on the mobile device
• Do it securely
11. CONTEXT
This presentation touches on:
• Breadth of the organization
• Permissions in the protection table
• Centralized authorization process
12. CONTEXT
This presentation touches on:
• Breadth of the organization
• Permissions in the protection table
• Centralized authorization process
Then I discuss:
• Evolution of the solution
• Simplicity
• Where to go from here
32. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/...
w bm_merc //depot/main/merc/... depot
r ACC_merc //depot/main/merc/...
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
w bm_venus //depot/main/venus/...
stg main rel
r ACC_venus //depot/main/venus/...
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
33. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc
w bm_merc //depot/main/merc/...
r ACC_merc //depot/main/merc/...
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
w bm_venus //depot/main/venus/...
r ACC_venus //depot/main/venus/...
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
34. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc
w bm_merc //depot/main/merc/...
r ACC_merc //depot/main/merc/...
src
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc
w reg_merc //depot/stg/merc/acc.txt
w bm_venus //depot/main/venus/...
r ACC_venus //depot/main/venus/...
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
35. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc
w reg_merc //depot/stg/merc/acc.txt
w bm_venus //depot/main/venus/...
r ACC_venus //depot/main/venus/...
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
36. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc
w reg_merc //depot/stg/merc/acc.txt
w bm_venus //depot/main/venus/...
r ACC_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
37. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
38. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
39. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc 8.10
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src merc
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc venus
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
40. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc 8.10
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src merc
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc venus
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
41. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc 8.10
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src merc
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc venus
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
42. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc 8.10
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src merc
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc venus
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
43. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc 8.10
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src merc
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc venus
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
s grp_admins //...
44. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc 8.10
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src merc
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc
nda venus
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
nda
s grp_admins //...
45. DEPOT STRUCTURE & PERMISSIONS
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
stg main rel
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... merc merc 8.10
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
src merc
w ACC_merc //depot/stg/merc/src/... venus
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/... doc
nda venus
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/... venus
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/... src
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt doc
nda
s grp_admins //...
46. PERMISSIONS: HIGH-LEVEL TEAMS
r ACC_rel //depot/rel/...
bm_rel
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
r ACC_rel -//depot/rel/*/acc.txt bm_merc
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... nda_merc
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/... reg_merc
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/... bm_venus
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
nda_venus
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/...
w ACC_venus //depot/stg/venus/src/... reg_venus
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/... grp_admins
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
47. PERMISSIONS: HIGH-LEVEL TEAM EXAMPLES
r ACC_rel //depot/rel/...
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/...
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/...
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/... bm_venus
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/...
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/... grp_admins
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
48. PERMISSIONS: ACCESS GROUPS
r ACC_rel //depot/rel/...
ACC_rel
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
r ACC_rel -//depot/rel/*/acc.txt REG_rel
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... ACC_main
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/... ACC_merc
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/... ACC_venus
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/...
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
49. PERMISSIONS: ACCESS GROUP EXAMPLE
r ACC_rel //depot/rel/...
ACC_rel
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... ACC_main
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/... ACC_merc
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/...
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/...
grp_shanghai
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
50. PERMISSIONS: ACCESS GROUP EXAMPLE
r ACC_rel //depot/rel/...
ACC_rel
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... ACC_main
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/... ACC_merc
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/... ACC_venus
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/...
grp_northamerica
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
51. PERMISSIONS: COMBINATION EXAMPLE
r ACC_rel //depot/rel/...
ACC_rel
w bm_rel //depot/rel/...
w ACC_rel //depot/rel/8.10/...
r ACC_rel -//depot/rel/*/acc.txt
w REG_rel //depot/rel/*/acc.txt
r ACC_main //depot/main/... ACC_main
r ACC_merc //depot/main/merc/...
w bm_merc //depot/main/merc/... ACC_merc
w ACC_merc //depot/stg/merc/src/...
w ACC_merc //depot/stg/merc/doc/... ACC_venus
w nda_merc //depot/stg/merc/nda/...
w reg_merc //depot/stg/merc/acc.txt
bm_venus
r ACC_venus //depot/main/venus/...
w bm_venus //depot/main/venus/...
grp_northamerica
w ACC_venus //depot/stg/venus/src/...
w ACC_venus //depot/stg/venus/doc/...
w nda_venus //depot/stg/venus/nda/...
w reg_venus //depot/stg/venus/acc.txt
s grp_admins //...
65. ADVANTAGES WITH WEB APPS
• Newer versions available right away.
• Experimental versions can be easily tested.
66. ADVANTAGES WITH WEB APPS
• Newer versions available right away.
• Experimental versions can be easily tested.
• Real-time validation on inputs.
67. ADVANTAGES WITH WEB APPS
• Newer versions available right away.
• Experimental versions can be easily tested.
• Real-time validation on inputs.
• OS-independent.
83. SECURITY
Wireless Solutions
• BlackBerry Enterprise Solution for Blackberries
• Secure VPN for iOS devices
84. SECURITY
Wireless Solutions
• BlackBerry Enterprise Solution for Blackberries
• Secure VPN for iOS devices
HTTP is not secure, use HTTPS!
• Encrypts the HTTP message prior to transmission
• Decrypts the message upon arrival
• Requires the use of CA certificates
85. SECURITY
Wireless Solutions
• BlackBerry Enterprise Solution for Blackberries
• Secure VPN for iOS devices
HTTP is not secure, use HTTPS!
• Encrypts the HTTP message prior to transmission
• Decrypts the message upon arrival
• Requires the use of CA certificates
User Authentication and Identification
• REMOTE_USER environment variable
86. REDUCING RISK
Keep the location of the web page unknown
• Only known to Perforce admins
87. REDUCING RISK
Keep the location of the web page unknown
• Only known to Perforce admins
Limit what can be done on the web page
• Create a new user account
• Display information from p4 protects and p4 groups
• Add an existing user to currently existing groups
• Remove the user from a group
• Reset the password of an existing user
88. WHAT NEXT?
Server-side APIs
• P4Java, P4Perl, P4Ruby, P4Python, P4PHP
• ASP.NET with Perforce C/C++ API
89. WHAT NEXT?
Server-side APIs
• P4Java, P4Perl, P4Ruby, P4Python, P4PHP
• ASP.NET with Perforce C/C++ API
Client-side Technologies
• jQuery, jQuery Mobile, HTML5
90. WHAT NEXT?
Server-side APIs
• P4Java, P4Perl, P4Ruby, P4Python, P4PHP
• ASP.NET with Perforce C/C++ API
Client-side Technologies
• jQuery, jQuery Mobile, HTML5
More Features!
• Monitor and restart servers
• Most-used commands can be called
91. CONCLUSION
The result:
• Simple mechanism
• Took advantage of existing resources
• Latest web technologies were not necessary
• Quick development, fast deployment
92. CONCLUSION
The result:
• Simple mechanism
• Took advantage of existing resources
• Latest web technologies were not necessary
• Quick development, fast deployment
The advantages:
• Web page + mobile device allows rich feature set
• Write once, run on all
• Feel at home with the same interface
• Not just work hard, but work SMART