Stackato & Lessons Learned with Cloud Foundry (Cloud Foundry Summit 2014)
Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry...
28
Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments
-
Upload
pivotal -
Category
Technology
-
view
109 -
download
2
description
Technical Track presented by Brian McClain, Lead of Infrastructure Engineering at Warner Music Group. erving a global audience of enterprise users requires a global architecture of enterprise-grade software. This talk will cover the changes to UAA that WMG has made, as well as give an overview of our infrastructure architecture, specifically how we serve requests to a globally distributed user base and manage deployments amongst multiple data centers.
Transcript of Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry...
Extending Cloud FoundryUAA for Authorizations and Multi-Data Center Deployments
Hello, I’m Brian.
Brian McClainLead of Infrastructure Engineering, WMG
@BrianMMcClain
WMG comprises an array of businesses aimed at helping artists achieve long-term creative and financial success while providing consumers with the highest-quality music content available.
”
”
Jonathan MurrayCTO, WMG @adamalthus
Michael MichaelidesVP of Engineering, WMG
www.wmg.com // @WMGEngineering
✓ Involved with Cloud Foundry since 2011 (Aug 8th)
✓ Involved with BOSH since 2012 (April 11th)
✓ At WMG for 2 years (since start of new org)
I’VE BEEN…
globally distributed enterprise100% of development is on Cloud Foundry
WHY WMG
We’ve been busy…we want to share!
UAA MODIFICATIONS
✓ Two deployments
✓ SSO across all WMG apps/services✓ Authorization—not Authentication
UAA USAGE
Application/Service OAuth UAAInternal CF UAA
ACTIVE DIRECTORY INTEGRATION
✓ Active Directory for SSO across all WMG apps ✓ Users expect this to be the case
CASSANDRA INTEGRATION
✓ Cassandra is our main datastore✓ Globally distributed cluster✓ Allows multiple instances to run and serve requests
PUBLIC / PRIVATE DECOMPOSITION
✓ Frontend SSO Application✓ Backend Identity Service✓ Frontend is a subset of the backend✓ Allows full network separation between public-facing
backend
MULTI-DATA CENTERARCHITECTURE
Data Persistance
Messaging Bus
Caching Layer
Front-End Apps
Local Load Balancer
Data Persistance
Messaging Bus
Caching Layer
Local Load Balancer
Global Load Balancer
Front-End Apps Front-End AppsFront-End Apps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
MULTI-DATA CENTER ARCHITECTURE
✓ Allows for failover on networking failure
FUNCTIONAL AS ONE—BETTER AS MANY
✓ Each datacenter can run independently
Spread load for long-running batch processing Send users to local datacenters
✓ Everything functions better as one-of-many
CASSANDRA
Local reads and global writesStays up after network partition between DCs
✓ Multi-datacenter as a core concept
✓ Improved functionality with one-of-many:
✓ Multiple Cassandra clusters✓ Started with placing large app in its own cluster✓ Moving to one cluster per app
CASSANDRA
✓ Recently migrated from CFv1 to CFv2✓ Little code change to apps✓ Removed minor app complexity (Logging)✓ Managed by BOSH
CLOUD FOUNDRY
✓ Apps and Services get separate CFs✓ Network separation from front-end apps and data✓ Backend services present data via REST
CLOUD FOUNDRY
✓ Multiple app/servicer layer CFs
✓ Spun up as needed
CLOUD FOUNDRY
Network separationPublic vs. Internal vs. Private (apps used by devs)
TIRED OF TYPING?
NO MORE
TERM
INAL
QUESTIONS?
@BrianMMcClain
THANK YOU.
Brian McClainLead of Infrastructure Engineering, WMG
@BrianMMcClain
