Intro to Subversion Access Control 4.1

Big plans are brewing at WANdisco for 2012, and one project that has just been completed, is Subversion Access Control 4.1.

Access Control 4.1 includes a revamped user interface. The new look makes it easier for users to navigate through the security features offered by Access Control and setup new rules and permissions for Subversion repositories and paths.

The ‘Group’ concept has been replaced with “Teams’ and a new feature has been added to allow the designation of “Team Leader” who is then granted some administrator privileges. Specifically, the Team Leader is able to setup user access rules to a pre-defined repository path (or paths).

We are calling this new feature Delegated Admin since it allows granting of some administrator privileges to users. The context of how this feature could be used might be best described in terms of business units for an enterprise corporation. Consider the following scenario.

A company has 100 Apache Subversion users split into 10 teams, each associated with a separate BU, each team has its own Subversion repository. In the past, Access Control admin can go in and setup repository security rules that applies to all 100 users and repositories. With delegated admin the Access Control administration can create 10 new Teams and assign a Team Leader to each one, specifying the Repository that team should have access to. From there, the Team Leader can log into the system, add/remove the users for the team, and setup multiple rules needed to properly manage those Subversion assets.

Effectively what delegated admin does is allow Team Leaders, people in charge of their respective Business Units, to define and configure their own team rules. Access Control supports the concept of nested-teams which is called Sub-Teams (see screenshot) and this would even allow you to further organize teams from larger sections into multiple sub-sections (eg: West Coast Branch –> Plugins Team; West Coast Branch –> Application Team) and designate a team leader at each level to manage users and rules.

The role of the Access Control administrator now is to simply define Team Leaders and the resources which they can direct access over. Once defined the Team Leader can only create rules that affect their resources meaning the West Coast Branch won’t be able to setup access rules for the East Coast Branch’s repositories and vice-versa.

The ability to delegate some administrator functionality to Team Leaders, and in the context of specific Subversion paths and repositories, is a powerful new feature that will empower enterprise organizations and save time and money. Team Leaders are able to set access restrictions based on the need and requirements of their given team or business unit and no longer have to rely on a single administrator to do that for them.

WANdisco Updates Subversion Access Control

We’re pleased to announce a substantial update to our complete authorization, audit and access control solution for Enterprise Subversion, Subversion Access Control.

Subversion Access Control 4.1 is an innovative security solution for Apache Subversion that provides full audit, authorization and access control capabilities that go well beyond what Subversion offers on its own. Some of the key benefits to employing Access Control include:

• Delegated administration option that allows the root administrator to create teams and delegate administration authority to team leaders.

Automatic synchronization of Subversion Access Control with LDAP user and group configuration. Subversion Access Control automatically picks up LDAP user and group membership changes and assigns new users to the Subversion team that corresponds to their LDAP group.

Comprehensive audit capabilities that report every repository access attempt down to the file level, showing user, Subversion command, date and time and whether access was allowed or denied. Security administrators receive immediate alerts for any access violations.

Can be implemented standalone or in combination with Subversion MultiSite 4.1 for distributed development teams. With Subversion MultiSite, security policy changes made at one location are immediately replicated to every other to enforce consistency across all sites.

Subversion Access Control 4.1 is a substantial update for the product, not only adding a list of new functionality, but completely overhauling the underlying access model. The access control lists previously required to maintain complex security policies, have been replaced by an all-new, streamlined approach that applies access rules to hierarchical teams. For more information on what’s new and noteworthy in this update, see the Release Notes.

WANdisco will be hosting a free hour-long ‘Introducing Subversion Access Control 4.1’ webinar on April 12th. Early registration is recommended, as space is limited.

The First Subversion 1.7 Alpha Release is Available Now and The Community Needs Your Feedback

The long awaited and highly anticipated release of Subversion 1.7 is almost upon us. Like any successful open source project, Subversion needs active participation and feedback from its user community. This is especially true in the case of 1.7, given its emphasis on client-side performance and new client tools. That's why Subversion 1.7.0 alpha-1 has now been made available for user testing. Major 1.7 enhancements include:

• HTTPv2- a protocol rewrite designed to enhance performance by reducing the number of round trips between the client and the server with every request.
• WC-NG - a rewrite of the working copy library that enhances performance by centralizing metadata storage and provides a foundation for supporting features such as shelving and offline commits in future releases.
• svnrdump - a new client tool that provides the same functionality as svnadmin dump and svnadmin load, but on remote repositories. There's no need for administrator access to the source or target repository on on the remote server's filesystem.

A complete list of what's new is available at http://subversion.apache.org/docs/release-notes/1.7.html. Download 1.7 now at: http://www.wandisco.com/subversion/download/1_7-alpha. Contribute to the success of this major new release by providing your feedback at: http://www.svnforum.org/forums/56-Apache-Subversion-1.7.0-Alpha-Support . This is your chance to make a positive impact on the world's most popular version control system and its more than five million users.




Support for Mac OS X Added to the World’s Most Comprehensive Set of Fully Tested Free Subversion Binaries

Certified Subversion 1.6.17 binaries are now available for the Mac OS X platform. These binaries work with Mac OS X versions 10.5.x and 10.6.x on PPC and Intel 32 and 64 bit architectures. This software provides a complete, fully tested version of Subversion based on the most recent stable release, including the latest fixes.

To upgrade to the newest release of Subversion on Mac OS X and take advantage of the fixes and enhancements that it offers go to: http://www.wandisco.com/subversion/download. You can register for free community support for the software at: www.svnforum.org. Professional support is also available if you require secure, high quality online, phone and email support with guaranteed response times and automated access to the latest fixes and updates.

Subversion 1.6.17 Now Available

Subversion 1.6.17 was just released today. This newest version provides several key enhancements as well as bug fixes. Most notably, 1.6.17 includes major improvements in checkout performance for large working copies on Windows, greater efficiency of ‘blame – g’ for users dealing with a large amount of mergeinfo and improved error handling on Windows. A detailed list of the changes included in this new release is available at: Subversion 1.6.17 Changes.

Release notes for the entire 1.6.x series can be found at: http://subversion.apache.org/docs/release-notes/1.6.html.

To upgrade to this latest release of Subversion and take advantage of the fixes and enhancements that it offers go to: http://www.wandisco.com/subversion/download

The Next Frontier of Enterprise Software Development: Social Coding For Subversion

WANdisco recently unveiled uberSVN - a major new product available free of charge that transforms Subversion into an open, extensible platform for application lifecycle management (ALM) . In addition to plug-and-play flexibility and rich system and user administration capabilities, uberSVN provides the first-ever social coding environment for Subversion, taking enterprise software development beyond the limits of email, wikis, defect trackers, peer-code-review-tools and other applications typically used to manage projects.

uberSVN’s social coding environment reflects the convergence of social networking paradigms represented by Facebook and Twitter that foster instant communication and the collaborative development models of open source communities where software with features similar to these social networking sites was first used. And it’s having the same positive impact on software quality and developer productivity behind corporate firewalls that it’s had in the open source communities that deliver such market-dominating software as the Apache web server, Linux operating system and even Subversion itself.

uberSVN is organized around development teams and their activities. Each team has a home page that profiles the team members, lists the projects they’re working on, repositories they’re using and their latest activity and status. Team members can see each other’s real-time progress by simply subscribing to Twitter-like feeds that managers can also monitor.

With uberSVN, just like developers in an open source community, software engineers in corporate IT environments can rapidly exchange information and continually learn from one another. The overall skill level of the development team goes up and the all-too-common pitfall of reinventing the wheel is avoided. The end result is higher quality software delivered in far less time.

uberSVN is free. Download it now at: http://www.ubersvn.com/download.

Making Subversion Agile in a Distributed Environment.

Agile development is iterative and incremental. It requires continuous build-test-deploy cycles and continuous communication. Your SCM, whether it’s Subversion or any other, is the key enabler for communication about the most important aspect of any software development project: the current state of your code.

The biggest challenge to effective agile development in a distributed environment lies in maintaining the same level of communication, the same level of continuous integration and the same level of Subversion repository access that’s possible when everyone works from a single location. While you can partially overcome the effects of distance by putting certain practices into place, the implementation architecture and tools you choose can either help or hurt your efforts to be agile.

Central Subversion server and proxy server solutions like svnsync often can’t address requirements for high levels of communication and continuous build integration in large distributed organizations because:

• Network latency causes remote developers to check out source code and commit changes infrequently. Merge conflicts and other problems aren’t uncovered until later in the development cycle, resulting in broken builds, extra QA and rework.

• The latest changes aren’t available from remote sites, making continuous build integration impossible.

• Proxy server solutions such as svnsync have the same network latency issues for write transactions that central server implementations have. In addition, if the replication of a write transaction from the master to a read-only slave fails, with svnsync there’s no built-in capability for catching the error and retrying the failed transaction.

• If an IT organization wants the flexibility to allow all of its sites to run builds in parallel so that remote developers aren't dependent on a central build team's schedule and time zone differences, this won't be practical with a proxy server solution if build scripts include write steps that can only take place on the master server.

• Agile development requires a high level of availability. Central server and proxy server implementations have a single point of failure inherent in their architectures. This limits availability when the central or master server crashes, the network connection is lost, or the server has to be taken offline for maintenance

• If development takes place at only one location, with a large enough team, the combination of development activity and continuous build cycles on a central Subversion server can turn it into a performance bottleneck as well as a single point of failure, slowing down both developers and the build team.

In contrast to central server or proxy server solutions, with Subversion MultiSite’s peer-to-peer architecture there is no single point of failure, or performance bottleneck. Distributed Subversion servers are fully readable and writable at LAN-speed at every location and kept continuously in sync by WANdisco’s unique active-active replication capability. Each site can perform builds and test locally with the latest source code, regardless of where it originates. In a distributed environment, this provides the support necessary for continuous build integration that detects problems early and keeps software development projects from going over-budget. Delays caused by broken builds and scheduling conflicts with a centralized build team go away.

In addition, because WANdisco’s replication technology turns distributed Subversion repositories into mirrors of each other, continuous hot backup is achieved by default. Subversion MultiSite leverages this with automated recovery features that allow one site to recover from any other after a network outage or server crash. These capabilities can also be used to take servers offline for routine maintenance without interrupting user access, making 24-by-7 operation possible. As a result, Subversion MulitiSite delivers a higher level of availability in a globally distributed environment than a central server can with everyone at the same location. Downtime is eliminated and business continuity is insured.

Subversion Clustering is built on the same replication technology as Subversion MultiSite and delivers the same automated recovery capabilities that enable full 24-by-7 operation, with immediate and transparent failover. It allows Subversion to be deployed in an active-active cluster over a LAN and removes the single point of failure and performance bottleneck of a central Subversion server. It provides truly shared nothing clustering. There is no sharing of disk, CPU or memory between servers in a cluster. Intelligent load balancing capabilities optimize performance even further by taking each server’s current load into account before routing requests, rather than relying on simplistic round-robin approaches. Subversion Clustering is often used to improve Subversion’s performance by spreading the load created by continuous builds across a cluster of servers at large sites.

Subversion Clustering can be implemented standalone, or in combination with Subversion MultiSite to combine local clusters into an active-active WAN cluster that can be monitored and administered from one location. Remote users are routed to the closest site where Subversion servers are available.

Distributed software development reduces labor costs and provides access to wider talent pools and global markets. Agile development delivers cost-savings by catching problems before unplanned rework and QA leads to missed deadlines, and being flexible enough to allow software to change as fast as user requirements. In order to achieve this, the right processes have to be combined with the right technology to overcome the impact of distance on communication between developers. The bottom line is that when agile development is implemented successfully in a distributed environment, the greatest cost-savings and productivity improvements possible can result.