Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. Join us on Dec 8, 2022, between 7 am & 7 pm EST, in the DOTS Dev Blitz Day 2022 - Q&A forum, Discord, and Unity3D Subreddit to learn more about DOTS directly from the Unity Developers.
    Dismiss Notice
  3. Have a look at our Games Focus blog post series which will show what Unity is doing for all game developers – now, next year, and in the future.
    Dismiss Notice

Distributed Teams?

Discussion in 'Unity Accelerator' started by joeld42, Feb 13, 2022.

  1. joeld42

    joeld42

    Joined:
    Oct 3, 2016
    Posts:
    19
    Hello, I've used Asset Cache server before but haven't tried Accelerator yet.

    As more and more teams are distributed and fully remote these days, I'm wondering if Accelerator would help for a distributed team (not on the local network), if it would be secure, and if not, what would be a good option for a fully remote team as projects get larger?

    If I set up Accelerator "in the cloud" would that save me any time or would the bandwidth/transfer time make it not worth doing? Would it be secure or would I have to put it behind a VPN? Is there something like accelerator or asset cache that's backed by a cloud bucket?

    Any other distributed teams with experience with speeding up large projects?

    Thanks
     
  2. nickfourtimes

    nickfourtimes

    Joined:
    Oct 13, 2010
    Posts:
    212
    Just here to say that I'm asking myself these exact same questions, & haven't found too many answers...
     
  3. mehran_unity

    mehran_unity

    Unity Technologies

    Joined:
    Oct 7, 2022
    Posts:
    12
    Hi there,

    Unity Accelerator is build with local networks in mind, so if hosted on the cloud, performance will be affected by the Internet connection quality. I received the following response from my colleague:

    "What we’ve seen in the past, is that it very much depends on the internet connections of each member of the distributed team. If they have a stable high bandwidth connection, then yes, they’ll benefit. But if it’s unstable and/or low bandwidth, then it’s unlikely to provide benefit."

    About the security, Unity Accelerator supports TLS, so nothing will flow in plain text. Using or not using the VPN will be your choice based on your company policies and value of the intellectual property at stake.
     
  4. nickfourtimes

    nickfourtimes

    Joined:
    Oct 13, 2010
    Posts:
    212
    Yeah, partially we want to evaluate what kinds of tradeoff we might get, in terms of bandwidth vs. CPU time. Our current project can sometimes require 1-2 hours of asset imports depending on different scenarios, & at that scale we're wondering if a system of distributed Accelerator servers & mirrors might make more sense.

    In terms of security, there's obviously the TLS encryption in traffic, which is good, but I've also been wondering if & how to restrict access to an Accelerator server. For instance, I currently have Accelerator running at a known URL on my computer, A. In the idealised setup, a colleague could be working on computer B, say on projects X & Y. Their global Unity Editor settings point to my URL as cache server, & so they get the benefit of pulling assets from A instead of processing them locally (ignoring bandwidth completely for the moment). Can I guarantee that a malicious actor cannot connect to my cache server on A? If they create a new project, Z, can they also point their cache server to my computer? Could they theoretically devise a way to pull content from my Accelerator server, essentially leaking the game?
     
  5. mehran_unity

    mehran_unity

    Unity Technologies

    Joined:
    Oct 7, 2022
    Posts:
    12
    Unfortunately Unity Accelerator doesn't provide any built-in access control, but probably part of the security concerns you mentioned can be addressed and implemented at network level by an extra layer on top of Unity Accelerator through Firewalls, Ingress controllers or Proxies.
     
    nickfourtimes likes this.
  6. mehran_unity

    mehran_unity

    Unity Technologies

    Joined:
    Oct 7, 2022
    Posts:
    12
    Hi Nick,

    Looks like I missed something in my previous response. Actually Downloading/Uploading files in Unity Accelerator is controlled based on the access granted in Unity Identity Service:

    "When Unity Editors discover and connect to an Accelerator, instead of passing a normal Unity user token, they receive a special token from the Unity Identity service. These tokens verify the user’s identity and access to a single project within your Organization, thereby protecting access to any other Organizations and projects while using an Accelerator."

    See "Source Asset Security" in https://docs.unity3d.com/Manual/UnityAccelerator.html
     
    nickfourtimes likes this.
  7. nickfourtimes

    nickfourtimes

    Joined:
    Oct 13, 2010
    Posts:
    212
    Ah yeah, I'd read that section but wasn't 100% clear on the implications. So as I understand it: we have our approved users listed in the "Project Members" section of the Unity project dashboard (on the web); and anyone who wants to connect to the Accelerator server has to be logged into their Unity editor as one of those accounts? And if they're not logged in to their editor as one of the listed accounts, the connection to the Accelerator will fail?

    I'll try connecting myself from a logged-out Unity editor, but if that's indeed the case then this might be all the security we need (we're also hoping to enforce 2FA for all our employee Unity accounts, but that's a separate discussion).
     
    mehran_unity likes this.
  8. mehran_unity

    mehran_unity

    Unity Technologies

    Joined:
    Oct 7, 2022
    Posts:
    12
    Hi Nick, I was waiting for clarification on the subject and looks like we are back to the original answer about implementing security at network level:

    "That feature [Source Asset Security] does not apply anymore since it was mainly used for Collaborate and Unity Teams Advanced, which don’t exist anymore...Usually you can add an extra layer of security on the network side to allow only certain IPs to access the Accelerator."

    Sorry for the misleading answer about the feature!
     
  9. nickfourtimes

    nickfourtimes

    Joined:
    Oct 13, 2010
    Posts:
    212
    Ah okay. So as I understand it now, there's no strict identity verification, at least on Accelerator's side, and so someone without a valid Unity login (attached to the project) could log in & access the cache server?

    Just in terms of diligence – how might that work? I guess I'm struggling to understand how a malicious actor could go from having an empty Unity project (not connected to any Services) and no developer login, to being able to download the contents of an Accelerator cache. Admittedly, they'd only end up with a copy of the processed assets, and not the whole Unity project per se... anyway, I'm going to ask our DRM about this question as well, but I'd be happy to hear any input you might add.