JupyterHub traffic flows + how they are secured

Heya! I’ve been doodling a lot recently, and spent this morning making a diagram of:

1. The primary components of JupyterHub
2. How they communicate with each other
3. How various security components - authentication, authorization & integrity/encryption - are handled.

I’ve this PDF (with color coding!) to show you for it! http://words.yuvi.in/doodles/jupyterhub-1.0-traffic-flows.pdf

Be warned that my handwriting is probably terrible (thank you, carpel tunnel syndrome), and you might not be able to read anything. I figured I’d share this earlier than later. I hope this doesn’t become too embarassing.

A lot of these terms and what not absolutely require links, descriptions and rewording. I’ll try add them as replies here

I’ll try work on this a little more, and then make a typed version with links that people can actually read.

Please provide feedback on wether things like this are useful! Maybe we can turn this into a blog post too, to help people understand their options when it comes to ‘securing’ network flows in a JupyterHub installation. There are still lots of other aspects of security of course, but this is an important component of it!

I love it! I think this is tremendously useful. I would love to see more diagrams like this and I think hand sketches are a great start.

Hi Yuvi

This is great. Thanks for putting this together.

For the sake of completeness, I’d also be interested in (this comes up a lot in the security context) seeing the channels that are potentially not encrypted / secured. For example, some of the communication happening over 0mq between the notebook server and kernel.

@yuvipanda I got a 404 trying to view http://words.yuvi.in/doodles/jupyterhub-1.0-traffic-flows.pdf , is it around still someplace?

Ah, looks like I broke the link! Fun.

https://github.com/yuvipanda/words/blob/1ecb21d4ea909e8e5d91a926bc940fcd408befc6/doodles/jupyterhub-1.0-traffic-flows.pdf is the source! Hope that’s useful