extending cloud foundry uaa for authorizations and multi-data center deployments
TRANSCRIPT
WMG comprises an array of businesses aimed at helping artists achieve long-term creative and financial success while providing consumers with the highest-quality music content available.
”
”
Jonathan MurrayCTO, WMG @adamalthus
Michael MichaelidesVP of Engineering, WMG
www.wmg.com // @WMGEngineering
✓ Involved with Cloud Foundry since 2011 (Aug 8th)
✓ Involved with BOSH since 2012 (April 11th)
✓ At WMG for 2 years (since start of new org)
I’VE BEEN…
✓ Two deployments
✓ SSO across all WMG apps/services✓ Authorization—not Authentication
UAA USAGE
Application/Service OAuth UAAInternal CF UAA
ACTIVE DIRECTORY INTEGRATION
✓ Active Directory for SSO across all WMG apps ✓ Users expect this to be the case
CASSANDRA INTEGRATION
✓ Cassandra is our main datastore✓ Globally distributed cluster✓ Allows multiple instances to run and serve requests
PUBLIC / PRIVATE DECOMPOSITION
✓ Frontend SSO Application✓ Backend Identity Service✓ Frontend is a subset of the backend✓ Allows full network separation between public-facing
backend
Data Persistance
Messaging Bus
Caching Layer
Front-End Apps
Local Load Balancer
Data Persistance
Messaging Bus
Caching Layer
Local Load Balancer
Global Load Balancer
Front-End Apps Front-End AppsFront-End Apps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
MULTI-DATA CENTER ARCHITECTURE
✓ Allows for failover on networking failure
FUNCTIONAL AS ONE—BETTER AS MANY
✓ Each datacenter can run independently
Spread load for long-running batch processing Send users to local datacenters
✓ Everything functions better as one-of-many
CASSANDRA
Local reads and global writesStays up after network partition between DCs
✓ Multi-datacenter as a core concept
✓ Improved functionality with one-of-many:
✓ Multiple Cassandra clusters✓ Started with placing large app in its own cluster✓ Moving to one cluster per app
CASSANDRA
✓ Recently migrated from CFv1 to CFv2✓ Little code change to apps✓ Removed minor app complexity (Logging)✓ Managed by BOSH
CLOUD FOUNDRY
✓ Apps and Services get separate CFs✓ Network separation from front-end apps and data✓ Backend services present data via REST
CLOUD FOUNDRY
✓ Multiple app/servicer layer CFs
✓ Spun up as needed
CLOUD FOUNDRY
Network separationPublic vs. Internal vs. Private (apps used by devs)