README
¶
Splice
Splice is an infrastructure service which allows Windows instances to join a Microsoft Active Directory domain without direct line of sight to a domain controller. It also supports flexible user auth and complex join request validation.
Overview
In a traditional Windows domain, all clients must be "domain joined" during (or after) imaging. The join establishes trust between the client and the domain controllers, and can be used as the basis for long term remote management of the device via a VPN, Microsoft DirectAccess, etc.
The join introduces a potential circular dependency for remote devices:
- Trust must preceed remote access.
- Access is required to establish trust.
The most basic solution is to always join clients on a network segment with direct connectivity to the business domain, but this introduces limitations. It's normally undesirable to expose domain controllers beyond the network perimeter, and it may be logistically or functionally difficult to physically connect every client to the domain network.
Splice addresses this dilemma by providing an intermediary broker for the domain join operation. The Splice infrastructure spans the network perimeter, enabling join requests to enter the network externally, and permits establishing domain trust without ever requiring the client to directly contact a domain controller. Once the join is complete, a management VPN can take over responsibility for the device's lifecycle.
Documentation
See the Project Documentation for more information.
Disclaimer
This is not an official Google product.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package appengine is an web-application that provides a public API for cloud based offline Active Directory domain joins for Windows clients.
|
Package appengine is an web-application that provides a public API for cloud based offline Active Directory domain joins for Windows clients. |
|
endpoints
Package endpoints contains all request handler functions for Splice.
|
Package endpoints contains all request handler functions for Splice. |
|
server
Package server contains shared data and structures used across splice packages
|
Package server contains shared data and structures used across splice packages |
|
validators
Package validators provides basic validation for splice requests and exposes an interface for additional validators.
|
Package validators provides basic validation for splice requests and exposes an interface for additional validators. |
|
The cli application implements the end-user client for the Splice service.
|
The cli application implements the end-user client for the Splice service. |
|
appclient
Package appclient provides a TLS enabled HTTP client for use with splice requests.
|
Package appclient provides a TLS enabled HTTP client for use with splice requests. |
|
gce
Package gce provides functionality for reading GCE instance metadata.
|
Package gce provides functionality for reading GCE instance metadata. |
|
Package models provides models for data storage and transfer.
|
Package models provides models for data storage and transfer. |
|
shared
|
|
|
certs
Package certs provides splice provisioning support for certificate generation, lookup and verification during the provisioning process.
|
Package certs provides splice provisioning support for certificate generation, lookup and verification during the provisioning process. |
|
crypto
Package crypto provides cryptographic functionality to SpliceD and CLI.
|
Package crypto provides cryptographic functionality to SpliceD and CLI. |
|
provisioning
Package provisioning provides Windows-specific functionality for joining hosts to a domain.
|
Package provisioning provides Windows-specific functionality for joining hosts to a domain. |
|
metric
Package metric implements a very simple internal metric with Set and Increment abilities.
|
Package metric implements a very simple internal metric with Set and Increment abilities. |
|
metric/tracker
Package tracker manages all internal state metrics for the SpliceD application.
|
Package tracker manages all internal state metrics for the SpliceD application. |
|
pubsub
Package pubsub abstracts the pubsub client calls out of the main SpliceD code.
|
Package pubsub abstracts the pubsub client calls out of the main SpliceD code. |