Design philosophy?

Is there a document that details the design philosophy behind ood and why it was set up using multiple web servers? This is something we will need to go over with our security team.


One of the original articles about OnDemand back when it was OSC OnDemand discusses the purpose behind the Per User Web Server (now Per User Nginx). An up to date but less verbose poster shows the current architecture.

In general there is a wealth of information available in the Where to Learn More section of

To give some historical context, our group was developing a number of individual web applications that accessed the clusters here at OSC. These applications, like many XSEDE science gateways, were built as standalone web applications that provide user separation at the application level and are deployed in community accounts, i.e., a single HPC account holding all gateway users’ data. We found it difficult to effectively support use cases in which a user required both gateway functionality as well as system-level access to their data (e.g., access at the command line), as each such data-sharing capability required a privilege escalation. In OnDemand, there is only one privilege escalation, when the user’s Nginx instance is spawned. After that, the Nginx process, running as the user, has that user’s permissions to access system-level resources like the file system and batch system.

Hope this helps.