extending cloud foundry uaa for authorizations and multi-data center deployments (cloud foundry...
DESCRIPTION
Technical Track presented by Brian McClain, Lead of Infrastructure Engineering at Warner Music Group. erving a global audience of enterprise users requires a global architecture of enterprise-grade software. This talk will cover the changes to UAA that WMG has made, as well as give an overview of our infrastructure architecture, specifically how we serve requests to a globally distributed user base and manage deployments amongst multiple data centers.TRANSCRIPT
![Page 1: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/1.jpg)
Extending Cloud FoundryUAA for Authorizations and Multi-Data Center Deployments
![Page 2: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/2.jpg)
Hello, I’m Brian.
Brian McClainLead of Infrastructure Engineering, WMG
@BrianMMcClain
![Page 3: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/3.jpg)
WMG comprises an array of businesses aimed at helping artists achieve long-term creative and financial success while providing consumers with the highest-quality music content available.
”
”
![Page 4: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/4.jpg)
Jonathan MurrayCTO, WMG @adamalthus
Michael MichaelidesVP of Engineering, WMG
www.wmg.com // @WMGEngineering
![Page 5: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/5.jpg)
✓ Involved with Cloud Foundry since 2011 (Aug 8th)
✓ Involved with BOSH since 2012 (April 11th)
✓ At WMG for 2 years (since start of new org)
I’VE BEEN…
![Page 6: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/6.jpg)
globally distributed enterprise100% of development is on Cloud Foundry
WHY WMG
![Page 7: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/7.jpg)
We’ve been busy…we want to share!
![Page 8: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/8.jpg)
UAA MODIFICATIONS
![Page 9: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/9.jpg)
✓ Two deployments
✓ SSO across all WMG apps/services✓ Authorization—not Authentication
UAA USAGE
Application/Service OAuth UAAInternal CF UAA
![Page 10: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/10.jpg)
ACTIVE DIRECTORY INTEGRATION
✓ Active Directory for SSO across all WMG apps ✓ Users expect this to be the case
![Page 11: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/11.jpg)
CASSANDRA INTEGRATION
✓ Cassandra is our main datastore✓ Globally distributed cluster✓ Allows multiple instances to run and serve requests
![Page 12: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/12.jpg)
PUBLIC / PRIVATE DECOMPOSITION
✓ Frontend SSO Application✓ Backend Identity Service✓ Frontend is a subset of the backend✓ Allows full network separation between public-facing
backend
![Page 13: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/13.jpg)
MULTI-DATA CENTERARCHITECTURE
![Page 14: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/14.jpg)
Data Persistance
Messaging Bus
Caching Layer
Front-End Apps
Local Load Balancer
Data Persistance
Messaging Bus
Caching Layer
Local Load Balancer
Global Load Balancer
Front-End Apps Front-End AppsFront-End Apps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
ServiceApps
MULTI-DATA CENTER ARCHITECTURE
![Page 15: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/15.jpg)
✓ Allows for failover on networking failure
FUNCTIONAL AS ONE—BETTER AS MANY
✓ Each datacenter can run independently
Spread load for long-running batch processing Send users to local datacenters
✓ Everything functions better as one-of-many
![Page 16: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/16.jpg)
CASSANDRA
Local reads and global writesStays up after network partition between DCs
✓ Multi-datacenter as a core concept
✓ Improved functionality with one-of-many:
![Page 17: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/17.jpg)
✓ Multiple Cassandra clusters✓ Started with placing large app in its own cluster✓ Moving to one cluster per app
CASSANDRA
![Page 18: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/18.jpg)
✓ Recently migrated from CFv1 to CFv2✓ Little code change to apps✓ Removed minor app complexity (Logging)✓ Managed by BOSH
CLOUD FOUNDRY
![Page 19: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/19.jpg)
✓ Apps and Services get separate CFs✓ Network separation from front-end apps and data✓ Backend services present data via REST
CLOUD FOUNDRY
![Page 20: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/20.jpg)
✓ Multiple app/servicer layer CFs
✓ Spun up as needed
CLOUD FOUNDRY
Network separationPublic vs. Internal vs. Private (apps used by devs)
![Page 21: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/21.jpg)
![Page 22: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/22.jpg)
TIRED OF TYPING?
![Page 23: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/23.jpg)
NO MORE
TERM
INAL
![Page 24: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/24.jpg)
![Page 25: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/25.jpg)
![Page 26: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/26.jpg)
![Page 27: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/27.jpg)
QUESTIONS?
@BrianMMcClain
![Page 28: Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)](https://reader034.vdocuments.site/reader034/viewer/2022051412/54c6dfab4a7959de3e8b456b/html5/thumbnails/28.jpg)
THANK YOU.
Brian McClainLead of Infrastructure Engineering, WMG
@BrianMMcClain