Extending Cloud Foundry
UAA for Authorizations and
Multi-Data Center Deployments
Hello, I’m Brian.
Brian McClain
Lead of Infrastructure Engineering, WMG
@BrianMMcClain
WMG comprises an array of
businesses aimed at helping artists
achieve long-term creative and
financial success while provid...
Jonathan Murray
CTO, WMG @adamalthus
Michael Michaelides
VP of Engineering, WMG
www.wmg.com // @WMGEngineering
✓ Involved with Cloud Foundry since 2011 (Aug 8th)
✓ Involved with BOSH since 2012 (April 11th)
✓ At WMG for 2 years (sinc...
globally distributed enterprise
100% of development is on Cloud Foundry
WHY WMG
We’ve been busy…we want to share!
UAA MODIFICATIONS
✓ Two deployments
✓ SSO across all WMG apps/services
✓ Authorization—not Authentication
UAA USAGE
Application/Service
OAut...
ACTIVE DIRECTORY INTEGRATION
✓ Active Directory for SSO across all WMG apps
✓ Users expect this to be the case
CASSANDRA INTEGRATION
✓ Cassandra is our main datastore
✓ Globally distributed cluster
✓ Allows multiple instances to run ...
PUBLIC / PRIVATE DECOMPOSITION
✓ Frontend SSO Application
✓ Backend Identity Service
✓ Frontend is a subset of the backend...
MULTI-DATA CENTER
ARCHITECTURE
Data Persistance
Messaging Bus
Caching Layer
Front-End Apps
Local Load Balancer
Data Persistance
Messaging Bus
Caching Lay...
✓ Allows for failover on networking failure
FUNCTIONAL AS ONE—BETTER AS MANY
✓ Each datacenter can run independently
Sprea...
CASSANDRA
Local reads and global writes
Stays up after network partition between DCs
✓ Multi-datacenter as a core concept
...
✓ Multiple Cassandra clusters
✓ Started with placing large app in its own cluster
✓ Moving to one cluster per app
CASSANDRA
✓ Recently migrated from CFv1 to CFv2
✓ Little code change to apps
✓ Removed minor app complexity (Logging)
✓ Managed by B...
✓ Apps and Services get separate CFs
✓ Network separation from front-end apps and data
✓ Backend services present data via...
✓ Multiple app/servicer layer CFs
✓ Spun up as needed
CLOUD FOUNDRY
Network separation
Public vs. Internal vs. Private (ap...
TIRED OFTYPING?
N
O
M
O
RETERM
IN
AL
QUESTIONS?
@BrianMMcClain
THANK YOU.
Brian McClain
Lead of Infrastructure Engineering, WMG
@BrianMMcClain
Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)
Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)
Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)
Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)
Upcoming SlideShare
Loading in …5
×

Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)

6,161 views

Published on

Technical Track presented by Brian McClain, Lead of Infrastructure Engineering at Warner Music Group.

erving a global audience of enterprise users requires a global architecture of enterprise-grade software. This talk will cover the changes to UAA that WMG has made, as well as give an overview of our infrastructure architecture, specifically how we serve requests to a globally distributed user base and manage deployments amongst multiple data centers.

Published in: Technology, Business
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
6,161
On SlideShare
0
From Embeds
0
Number of Embeds
4,176
Actions
Shares
0
Downloads
68
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments (Cloud Foundry Summit 2014)

  1. 1. Extending Cloud Foundry UAA for Authorizations and Multi-Data Center Deployments
  2. 2. Hello, I’m Brian. Brian McClain Lead of Infrastructure Engineering, WMG @BrianMMcClain
  3. 3. WMG comprises an array of businesses aimed at helping artists achieve long-term creative and financial success while providing consumers with the highest-quality music content available. ” ”
  4. 4. Jonathan Murray CTO, WMG @adamalthus Michael Michaelides VP of Engineering, WMG www.wmg.com // @WMGEngineering
  5. 5. ✓ Involved with Cloud Foundry since 2011 (Aug 8th) ✓ Involved with BOSH since 2012 (April 11th) ✓ At WMG for 2 years (since start of new org) I’VE BEEN…
  6. 6. globally distributed enterprise 100% of development is on Cloud Foundry WHY WMG
  7. 7. We’ve been busy…we want to share!
  8. 8. UAA MODIFICATIONS
  9. 9. ✓ Two deployments ✓ SSO across all WMG apps/services ✓ Authorization—not Authentication UAA USAGE Application/Service OAuth UAA Internal CF UAA
  10. 10. ACTIVE DIRECTORY INTEGRATION ✓ Active Directory for SSO across all WMG apps ✓ Users expect this to be the case
  11. 11. CASSANDRA INTEGRATION ✓ Cassandra is our main datastore ✓ Globally distributed cluster ✓ Allows multiple instances to run and serve requests
  12. 12. PUBLIC / PRIVATE DECOMPOSITION ✓ Frontend SSO Application ✓ Backend Identity Service ✓ Frontend is a subset of the backend ✓ Allows full network separation between public-facing backend
  13. 13. MULTI-DATA CENTER ARCHITECTURE
  14. 14. Data Persistance Messaging Bus Caching Layer Front-End Apps Local Load Balancer Data Persistance Messaging Bus Caching Layer Local Load Balancer Global Load Balancer Front-End Apps Front-End AppsFront-End Apps Service Apps Service Apps Service Apps Service Apps Service Apps Service Apps MULTI-DATA CENTER ARCHITECTURE
  15. 15. ✓ Allows for failover on networking failure FUNCTIONAL AS ONE—BETTER AS MANY ✓ Each datacenter can run independently Spread load for long-running batch processing Send users to local datacenters ✓ Everything functions better as one-of-many
  16. 16. CASSANDRA Local reads and global writes Stays up after network partition between DCs ✓ Multi-datacenter as a core concept ✓ Improved functionality with one-of-many:
  17. 17. ✓ Multiple Cassandra clusters ✓ Started with placing large app in its own cluster ✓ Moving to one cluster per app CASSANDRA
  18. 18. ✓ Recently migrated from CFv1 to CFv2 ✓ Little code change to apps ✓ Removed minor app complexity (Logging) ✓ Managed by BOSH CLOUD FOUNDRY
  19. 19. ✓ Apps and Services get separate CFs ✓ Network separation from front-end apps and data ✓ Backend services present data via REST CLOUD FOUNDRY
  20. 20. ✓ Multiple app/servicer layer CFs ✓ Spun up as needed CLOUD FOUNDRY Network separation Public vs. Internal vs. Private (apps used by devs)
  21. 21. TIRED OFTYPING?
  22. 22. N O M O RETERM IN AL
  23. 23. QUESTIONS? @BrianMMcClain
  24. 24. THANK YOU. Brian McClain Lead of Infrastructure Engineering, WMG @BrianMMcClain

×