Con8833 access at scale for hundreds of millions of users final

746 views

Published on

Venugopal Shastri and Selva Neelamegam's OOW2013 presentation

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Con8833 access at scale for hundreds of millions of users final

  1. 1. 1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  2. 2. Access at Scale for Hundreds of Millions of Users Venugopal Shastri Senior Principal Product Manager, IDM Selva Neelamegam PMTS, IDM Performance
  3. 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  4. 4. Program Agenda  Overview & Key Capabilities  Architecture & Deployment  Best Practices  250 Million User Benchmark  Customer Panel 4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  5. 5. Overview & Key Capabilities 5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  6. 6. Why Is Scalability So Crucial For Access?  Large enterprises with global work-force.  Massive Internet deployments – E-Commerce, Government Services etc  Access is mission-critical. Authentication is often the first, critical step.  Device Multiplier Effect. Hit the same access infrastructure.  Enabling social media further increases traffic. 6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  7. 7. Oracle Access Management ORACLE ACCESS MANAGEMENT 11G IS THE MOST COMPREHENSIVE AND SCALABLE ACCESS MANAGEMENT SOLUTION IN THE MARKET TODAY 7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  8. 8. Access for NextGen Extranet Federation & Social Identity  Scales to hundreds of millions of external users  Ability to secure mobile access for Mobile Security Extranet User Mgmt external users  Support for federated users as well as leading social providers  Real-time risk analytics & fraud prevention  Light weight user management and self service 8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Internet Scalability Self Service FOCUS
  9. 9. Architecture & Deployment 9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  10. 10. Architecture & Deployment  Server infrastructure – 100 % Java Solution  Deployed on a J2EE Container like Oracle WebLogic Cluster  Coherence provides distributed caching within a cluster  Horizontal Scalability achieved via – Addition of Nodes to the Cluster within a data center – Multi-data center Deployment  Tuned and benchmarked on Oracle Exa platform 10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  11. 11. Deployment Overview Resource Tries to access User Webgates on webservers (acting as PEP) Access Mgmt cluster Allow Or Deny Stores Audit Info Audit Logs Intercepts & Enforces Policies Authenticates against OAP User Store Access Manager Runtime Servers (acting as PDP) Reads Policies Manages Policies Administrator 11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Stores Policies Access Mgmt Admin Server (acting as PAP) Policy Store
  12. 12. Deployment Overview – With Mobile Client Layer Web Gates Access Mgmt cluster Stores Audit Info Audit Logs Authenticates against User Store Access Manager Runtime Servers (acting as PDP) Reads Policies OWSM Mobile SDK Stores Policies Mobile clients accessing same server infrastructure 12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Access Mgmt Admin Server (acting as PAP) Policy Store
  13. 13. Scaling up within a Data Center Webgate 1 Webgate 2 SDK Client 1 SDK Client 2 ... Client N Clients Primary Server Secondary Server Access Mgmt deployed on a WebLogic Cluster Access Mgmt -Node 1 Admin Console on Admin Server Access Mgmt -Node 2 Read Policies ... Access Mgmt -Node N Authenticate against Stores Policies Policy Store 13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. User Store
  14. 14. Scaling up within a Data Center Webgate 1 Webgate 2 SDK Client 1 SDK Client 2 ... Client N Clients Load Balancer Access Mgmt deployed on a WebLogic Cluster Access Mgmt -Node 1 Admin Console on Admin Server Access Mgmt -Node 2 Read Policies ... Access Mgmt -Node N Authenticate against Stores Policies Policy Store 14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. User Store
  15. 15. Coherence for Distributed Caching Coherence  Completely integrated with Access Management  Provides high-performance distributed caching  Keeps user session data in sync across cluster nodes 15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  16. 16. Session Management & Performance Server Session Management Client Session Management  Advanced Session Management across nodes via Coherence-based caching.  Essentially stateless. Session managed via browser cookies.  Excellent Reliable performance  Higher performance compared to Coherencebased approach. Lightweight.  Recommended for most deployments, especially internal ones where rich session management features are desirable. 16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.  May be appropriate for very large internet deployments where advanced server-side session management may not be required.
  17. 17. Multi Data Center Deployment - Conceptual  Supports Active - Active, Active - Passive or Active - Hot Standby deployments  Enables seamless User SSO across data centers with session continuity  Independent but identical WebLogic domains in each data center  Follows Master-Clone configuration. Policy and configuration changes synchronized from Master to Clones.  Behavior is configurable based on Session Adoption Policy – Re-authentication Required – Remote Session Invalidation – On-Demand Session Data Retrieval 17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  18. 18. Multi Data Center Deployment - Conceptual User 1 (Based in US) User 2 (Based in Europe) OAM ID Cookie Cluster=NYCluster OAM ID Cookie Cluster=LonCluster Global Load Balancer Active Active Access Mgmt Cluster in New York Data-Center (Master) 18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Stand-by Stand-by Synchronized Access Mgmt Cluster in London Data-Center (Clone)
  19. 19. Multi Data Center Deployment - Conceptual User 1 (Based in US) GLB routes to London Data-Center OAM ID Cookie Cluster=NYCluster Cluster=LonCluster User 2 (Based in Europe) OAM ID Cookie Cluster=LonCluster Global Load Balancer Re-authenticate User ? New York Data-Center is overloaded or down Access Mgmt Cluster in New York Data-Center (Master) Back-channel OAP call Retrieve Remote Session Data ? Continue if retrieval fails ? Invalidate Remote Session ? 19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Access Mgmt Cluster in London Data-Center (Clone)
  20. 20. Multi Data Center Deployment - Detailed 20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  21. 21. Multi Data Center Deployment - Detailed 21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  22. 22. Scaling across Data Centers 22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  23. 23. Best Practices for Large Deployments 23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  24. 24. Best Practices for Large Deployments  Modeling resources appropriately – Use Excluded over Anonymous, HTTP caching directives etc  Using Agent Caches to improve latency – 11g Agents significantly improve on 10g  Ensuring fast network connections between Web, Middleware and Data Tiers – Scale out requires matching Web Tier scale out and tuning  Tuning the default Agent and Server settings – OAP/LDAP Connection Mgmt, Caching 24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  25. 25. Best Practices for Large Deployments  Follow MAA Deployment Patterns  Use of Load Balancers for HTTP, OAP and LDAP – Leverage hardware acceleration of Crypto and SSL, if available  Leveraging metrics to proactively address issues – DMS Metrics, EM Grid Control Monitoring 25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  26. 26. 250 Million User Benchmark 26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  27. 27. Benchmark Summary  Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM) were tested to serve extreme loads with 250 million users seeded in the Oracle Internet Directory (OID) and Oracle Database  Mid-tiers were deployed on Oracle Exalogic hardware with Oracle Exalogic Elastic Cloud Software (EECS) and Database on Oracle Exadata hardware.  Demonstrated the ability of the IDM products to serve extreme loads when deployed on Exalogic(EL) and Exadata(ED) hardware.  Identified the scalability characteristics for OAM and OAAM on EL and ED. 27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  28. 28. OAM Test Cases & Topology Test Cases  To demonstrate the linear scale out, one, two and three server tests were run.  To demonstrate the linear scale up, controlled tests with 4, 8, 16 physical cores as well as 32 logical cores (16 physical cores with hyperthreading) were run on a single server. 28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  29. 29. OAM Scale Out Benchmark OAM Login Scale Test Results enhancements, OAM showed great performance and linear scaling on multi EL nodes.  3 EL nodes can support up to 16.4 Million Logins/Hour 16.4M 16 Logins/Hour in Millions  Besides the strong functional improvements and 18 14 12.5M 12 10 8 7.7M 6 4 2 0 One Server 29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Two Server Three Server
  30. 30. OAM Scale Up Benchmark Results 2200 2000 1800 available to the operating system on a single Exalogic server.  OAM shows a linear scale up in 4, 8,16 and 32* core testing. 1600 Logins/Seconds  This test was run by limiting the number of cores 1400 1200 32 Core* 1000 16 Core 800 8 Core 600 4 Core 400 200 0 0 20 40 60 CPU % * - 16 Physical cores with hyper-threading to 32 Logical cores 30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 80 100
  31. 31. OAAM Test Cases & Topology Test Cases  To demonstrate the linear scale out, one and two server tests were run  Tests were also run with one OAAM server and two OAAM servers in the same EL node. 31 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  32. 32. OAAM Benchmark Results Results feature set to help organizations prevent fraud and misuse, OAAM shows very robust performance.  2 EL nodes can support up to 20.6 Million Transactions/Hour Transactions / Hour in Millions  Besides providing an innovative, comprehensive 20.6M 20 18.3M 15 12.3M 11M 10 5 0 1EL - 1OAAM 32 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1EL - 2OAAM 2EL - 2OAAM 2EL - 4OAAM
  33. 33. Software • OS: Oracle Linux Server release 5.8 (Tikanga) • Exalogic Elastic Cloud Software (EECS) 2.0.4.0.0 • Exalogic Optimized WebLogic Server 10.3.6.0 • JRockit jdk1.6.0_37-R28.2.5-4.1.0 • Oracle Traffic Director (OTD) 11.1.1.7.0 • Oracle Http Server (OHS) 11.1.1.7 • OAM 11.1.2.1 • OAAM 11.1.2.1 • Oracle Internet Directory (OID) 11.1.1.7 33 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  34. 34. Hardware Exalogic (X3-2) - ¼ Rack Exadata (X3-2) - ¼ Rack •Eight Compute Nodes (Intel® Xeon® CPU E52690; 2x8 core @ 2.90GHz; 256GB RAM) •Two Compute Nodes (Intel® Xeon® CPU E5-2690; 2x8 core @ 2.90GHz; 256GB RAM) •Total 512GB Memory •Disk Controller HBA with 512MB Battery Backed Write Cache •4 x 300 GB 10,000 RPM Disks •2 x QDR (40Gb/s) Ports •2 x 10 Gb Ethernet Ports based on the Intel 82599 10GbE Controller •3 x Exadata Storage Servers X 3-2 with 36 CPU cores for SQL processing, 12 x PCI •flash card with 4.8 TB Exadata Smart Flash Cache and, 36 x 600 GB 15,000 RPM •High Performance disks or 3 TB High Capacity disks •Total 128 Compute Cores •Total 2TB Compute Node Memory •One ZFS Storage 7320 Clustered Configuration •High-Speed InfiniBand Internal Network •42RU Rack Exposure 34 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  35. 35. Conclusion  The OAM & OAAM Scale Up & Scale Out benchmark tests showcased the extreme scalability and performance over a huge user base of over 250 million users.  Illustrated the linear scalability characteristics for OAM and OAAM on EL and ED hardware. 35 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  36. 36. Customer Panel Discussion 36 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  37. 37. Customer Panel  Nirmal Rahi – Solution Architect, College Board  Chirag Andani – Senior Director, Identity Management Services, Oracle IT 37 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  38. 38. Q&A 38 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  39. 39. Oracle Fusion Middleware Business Innovation Platform for the Enterprise and Cloud  Complete and Integrated Web Social Mobile  Best-in-class User Engagement Business Process Management  Open standards Content Management Service Integration Business Intelligence Data Integration Identity Management Development Tools 39 Cloud Application Foundation Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Enterprise Management  On-premise and Cloud  Foundation for Oracle Fusion Applications and Oracle Cloud
  40. 40. Innovation Awards 18 Winners Across Eight Categories Lam Research Theater (Next to Moscone North) Session ID: CON8082 Session Title: Oracle Fusion Middleware: Meet This Year’s Most Impressive Innovators Venue / Room: YBCA - Lam Research Theater Date and Time: Monday Sep 23, 4:45 - 5:45 p.m. 40 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  41. 41. Join the Oracle IDM Community Twitter twitter.com/OracleIDM Facebook facebook.com/OracleIDM Blog blogs.oracle.com/OracleIDM oracle.com/identity 41 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  42. 42. Don’t miss these IDM Sessions CON4535 Monday 09/23, 4:45PM CON8834 Tuesday, 09/24, 3:45PM CON8837 Wednesday 09/25, 11:45AM CON8836 Thursday 09/26, 11:00AM CON9024 Thursday 09/26, 2:00PM 42 Moscone West, Room 2012 Moscone West, Room 2018 Moscone West, Room 2018 Moscone West, Room 2018 Moscone West, Room 2018 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 200M: Real World Large Scale Access and Directory Deployment at Verizon Attract new customer and users by leveraging Bring Your Own Identity (BYOI) Leverage Authorization to Monetize Content and Media Subscriptions Leveraging the Cloud to simplify your Identity Management implementation Next Generation Optimized Directory - Oracle Unified Directory Verizon Wireless Forest Yin, Oracle Roger Wigenstam, Oracle Guru Shashikumar, Oracle Etienne Remillon, Oracle
  43. 43. 43 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  44. 44. 44 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.

×