Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments

28
Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments

Transcript of Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments

Extending Cloud FoundryUAA for Authorizations and Multi-Data Center Deployments

Hello, I’m Brian.

Brian McClainLead of Infrastructure Engineering, WMG

@BrianMMcClain

WMG comprises an array of businesses aimed at helping artists achieve long-term creative and financial success while providing consumers with the highest-quality music content available.

Jonathan MurrayCTO, WMG @adamalthus

Michael MichaelidesVP of Engineering, WMG

www.wmg.com // @WMGEngineering

✓ Involved with Cloud Foundry since 2011 (Aug 8th)

✓ Involved with BOSH since 2012 (April 11th)

✓ At WMG for 2 years (since start of new org)

I’VE BEEN…

globally distributed enterprise100% of development is on Cloud Foundry

WHY WMG

We’ve been busy…we want to share!

UAA MODIFICATIONS

✓ Two deployments

✓ SSO across all WMG apps/services✓ Authorization—not Authentication

UAA USAGE

Application/Service OAuth UAAInternal CF UAA

ACTIVE DIRECTORY INTEGRATION

✓ Active Directory for SSO across all WMG apps ✓ Users expect this to be the case

CASSANDRA INTEGRATION

✓ Cassandra is our main datastore✓ Globally distributed cluster✓ Allows multiple instances to run and serve requests

PUBLIC / PRIVATE DECOMPOSITION

✓ Frontend SSO Application✓ Backend Identity Service✓ Frontend is a subset of the backend✓ Allows full network separation between public-facing

backend

MULTI-DATA CENTERARCHITECTURE

Data Persistance

Messaging Bus

Caching Layer

Front-End Apps

Local Load Balancer

Data Persistance

Messaging Bus

Caching Layer

Local Load Balancer

Global Load Balancer

Front-End Apps Front-End AppsFront-End Apps

ServiceApps

ServiceApps

ServiceApps

ServiceApps

ServiceApps

ServiceApps

MULTI-DATA CENTER ARCHITECTURE

✓ Allows for failover on networking failure

FUNCTIONAL AS ONE—BETTER AS MANY

✓ Each datacenter can run independently

Spread load for long-running batch processing Send users to local datacenters

✓ Everything functions better as one-of-many

CASSANDRA

Local reads and global writesStays up after network partition between DCs

✓ Multi-datacenter as a core concept

✓ Improved functionality with one-of-many:

✓ Multiple Cassandra clusters✓ Started with placing large app in its own cluster✓ Moving to one cluster per app

CASSANDRA

✓ Recently migrated from CFv1 to CFv2✓ Little code change to apps✓ Removed minor app complexity (Logging)✓ Managed by BOSH

CLOUD FOUNDRY

✓ Apps and Services get separate CFs✓ Network separation from front-end apps and data✓ Backend services present data via REST

CLOUD FOUNDRY

✓ Multiple app/servicer layer CFs

✓ Spun up as needed

CLOUD FOUNDRY

Network separationPublic vs. Internal vs. Private (apps used by devs)

TIRED OF TYPING?

NO MORE

TERM

INAL

QUESTIONS?

@BrianMMcClain

THANK YOU.

Brian McClainLead of Infrastructure Engineering, WMG

@BrianMMcClain