Embed Size (px)
DESCRIPTION
My presentation on PaaS and Stratos at JAX San Jose
Citation preview
Understanding Platform as a Service
Paul FremantleJAXConf 2011 SanJose
Paul Fremantle
• Working in Apache since 2002
• Apache Member• CTO and Co-Founder of
WSO2• VP, Apache Synapse
• I play the Tin Whistle
@tedleung
Moore’s Law for Data
• The amount of data online went from– 5 exabytes in 2002– 281 exabytes in 2009
• Doubled every 15 months
• You cannot deal with this data growth with the same applications– A reasonable conclusion is that the number of
applications will double every 15 months too
Key Enablers for effective development• Robust and scalable applications• Components at multiple levels (e.g. OSGi and SOA)• Standards
– Internal Standards• (e.g. Schema patterns, Security policies)
– External Standards• (SOAP, REST/HTTP, AMQP)
• Tooling to create cloud-deployable artifacts• Low cost of provisioning a platform• The right platform services• Automated Governance
– Re-use– Consistency– lifecycle management– Monitoring and SLA managemen
4
© WSO2 2010
Enterprise IT in 2010
5
© WSO2 2010
Enterprise IT in 2015+
6
Cloud Native Attributes
• http://bit.ly/CloudNative• Core Attributes
– Self-service– Multi-tenant– Distributed / Scalable– Elastically / Dynamically Scaled– Metered
• Extended attributes– Incrementally Deployable and testable– Billed– Dynamically wired
7
http://www.flickr.com/photos/ladymaggic/
http://www.flickr.com/photos/jurvetson/
Shared what?
• Shared Nothing • Shared Hardware• Shared Database • Shared OS• Shared Container• Shared Everything
10
What kind of PaaS is it?
• Google App Engine, Heroku– “Web App” PaaS
• “Integration PaaS”• “BPM PaaS”• Messaging PaaS• etc etc
11
Cloud Middleware Platform and PaaS
• A PaaS requires an underlying software base– Cloud Middleware Platform (CMP), or – Cloud Enabled Application Platform (CEAP – Gartner)– “Private PaaS” / On Premise PaaS
• Not all PaaS have redistributable CMPs• The benefit of having a CMP is choice:
– Run your own PaaS in a private cloud– More than one PaaS provider
• Open PaaS / Open CMP fights lock-in
12
Cloud Economies
• Public Cloud economy is based on the Central Limit Theorem
• For private clouds, the CLT sucks– Multi-tenancy is the economy of scale for
private clouds
13
• Lean – All the same benefits are magnified in a cloud– Efficiency that is valuable in fixed deployments is invaluable in large dynamic
deployments!• Available on private, public, on-premise
– Getting locked into a specific public PaaS will have long term repercussions– Open Source is a huge protection against this
• The correct set of core “services”– Not just App Server, but Identity, Registry, Data, Cache, ESB, BPMS, Billing, Logging,
etc• Open Standard interfaces to common services
– Enables modular usage • Self-service, multi-tenancy, elasticity, metering, incremental deployment and
testing• Offers a basis for both single-tenant and multi-tenant models
– Lots of tenants each with their own stuff, and/or– One application that is offered to all or many tenants
What to look for in a PaaS/CMP
Who are the players in the PaaS market?• Those without a Private PaaS
– Force.com– Heroku– Google App Engine– Amazon Elastic Beanstalk
• Those with a Private / Public PaaS– Tibco– Microsoft (nearly)
• Those with an Open Private / Public PaaS– SpringSource CloudFoundry– WSO2 Stratos
15
Stratos Overview
• A full middleware platform available as a service, with self service– Fast provisioning
• Based on OSGi– Modular, componentized, standard
• Multi-tenant, Elastic, Metered and Billed– Effective and powerful
• Available under the Apache License– Open Source, Open License, Open Development
Stratos resources
• Stratos SVN– http://svn.wso2.org/repos/wso2/trunk/stratos/
• Stratos-dev list– https://mail.wso2.org/cgi-bin/mailman/listinfo/s
tratos-dev• Stratos 1.5.1 builds
– (currently) freo.me/stratos151pack– http://builder.wso2.org/~carbon/releases/strato
s/
17
Installation options• 1. Full installation
– Pre-reqs• IaaS – Eucalyptus, vmWare, Ubuntu or Amazon• MySQL & Perl & JVM• Ability to run a number of VMs (one per service)
• 2. Laptop/Simple install– Pre-reqs
• A machine with lots of memory (4Gb min, 8GB preferred)
• JVM• MySQL & Perl
18
Installation of Stratos 1.5.1 pack
• Config mysql– max_allowed_packet = 16M
• ulimit –n 65000• Unzip the distro• cd stratos• ./stratos-setup.pl• export STRATOS_DIR=`pwd`/deploy• cd deploy• ./stratos.sh start all
19
Complete PaaS
• Gartner is forecasting that it will be 2015 before vendors have true, integrated, complete PaaS frameworks
• We believe Stratos is that today
21
Available Services (low level)• Multi-tenancy• Deployment synchronizer• Elastic Load Balancer
– tenant-aware• Tenant-aware identity manager
– SAML2, OpenId, Oauth, XACML• Tenant Metering and Billing• Discovery• Logging• Configuration & Repository• Data-as-a-Service• Queueing-as-a-Service• Health Monitor• Private / Public Cloud bridging
22
Every Service has a network API
• All admin functions and all the low level services are available as SOAP APIs– Full SOAP support, REST in some cases– Always possible to bridge into REST using the ESB
• Why?– Clear SOA design
• Allow mashups, BPEL and ESB integration– Automated provisioning– Support hybrid multi-tenancy models for legacy
software
23
Available Services (mid-level)• Application Server
– Webapp deployment • Multi-tenant deployment of Tomcat 7
– Service Deployment • Axis2, JAXWS, POJO, Spring
– Transaction Manager– SaaS deployment model
• Portal Server– Based on the OpenSocial/Google Gadget spec– Gadget repository and strong personalization features– SAML2 and OpenId Single Sign-on
• Data Services• Enterprise Service Bus
– Full multi-tenant deployment of Apache Synapse• Governance Registry
– Governance-as-a-Service model
24
Available Services (high-level)
• Business Process Manager– Full BPEL runtime in the cloud– Human Task support
• Business Rules Server• Complex Event Processing• Business Activity Monitoring
25
Services available in 1.0
Stratos and StratosLive Timeline
• Stratos is the code• StratosLive is the public cloud service
– Stratos hosted and managed by WSO2 at http://cloud.wso2.com
• April 2010– Stratos alpha release– StratosLive alpha
• November 2010– Stratos 1.0 Gold– StratosLive 1.0 beta
• July 2011– Stratos 1.5– StratosLive GA
© WSO2 2011
What is Multi-tenancy?
Many Parties shared same set of resources, while giving each an his own space
Building SaaS webapps
• Allows a tenant to deploy an app in “multi-tenant” mode
• All tenants login’s are accepted• The tenant ID is available to the code• The “owning” tenant must manage the data
© WSO2 2011
Google Apps Integration
• Two way integration– A Google Apps domain can use the WSO2 StratosLive Identity
Server as the identity store• Uses SAML2 single sign on
– A StratosLive domain can choose to use Google Apps as the identity store
• Uses OpenId and OAuth
• Allows integration of Stratos into Google Apps marketplace– StratosLive domain is the same as the Google App domain– All Google App users are automatically defined as StratosLive users
© WSO2 2011
Login with Google Apps Domain
Multi-tenant datastore• In Stratos 1.5 / StratosLive we are offering two different database
models
• SQL/JDBC based on MySQL– Running in a multi-tenant model– Each tenant has their own protected set of database connections
• Cassandra / NoSQL– Running in a multi-tenant model
• Adding HDFS support in the future
• Eventually we aim to support JPA as an API over both– Currently only for JDBC
© WSO2 2011
Adding RDS Instances
Creating Databases
Using Database Explorer
Apache Cassandra as a Service & Carbonized Cassandra
• Users can log in to the Web Console (both in Stratos and in WSO Data Server) and create Cassandra key spaces.
Apache Cassandra as a Service & Carbonized Cassandra (Contd.) • Key spaces
– will be allocated from a Cassandra clusters– they are isolated from other tenants in Stratos– it is integrated with WSO2 Security model.
• Users can manage and share his key spaces through Stratos Web Console and use those key spaces through Hector Client (Java Client for Cassandra)
• In essence we provide – Cassandra as a part of Stratos as a Service– Multi-tenancy support– Security integration with WSO2 security model
Elastic Load Balancer
• A lightweight deployment of Apache Synapse running in message relay mode– Currently overhead of around 2ms – New Relay Transport is expected to reduce this by 30-
50%• Load balancing based on load averages in VMs• Tenant-awareness
– Makes it possible to partition clusters by tenant• Underlying IaaS support for Eucalyptus,
Ubuntu, Amazon– Coming soon: vmWare and OpenStack
© WSO2 2011
Distributed Logging
• Every service and custom applications logs are captured by the log4j/commons loggings settings
• Logs are partitioned by tenant• Logs are sent to the manager service via
syslog• Logs are then viewable / downloadable by
tenant admins
MT-Logging Deployment Architecture
Log Viewer – Stratos Manager {Super-Tenant}
Log Viewer – Stratos Data Services Server {Tenant User}
Every tenant has access to an Identity Service
Identity Server / Service
• Each tenant is identified by the @tenant-domain• Each tenant admin can choose to manage their tenants user
store either within the Stratos-internal LDAP store or using an external LDAP
• Bulk import • Each tenant user has a OpenId/Infocard as well as SAML2
tokens– Single-signon– Single-Signoff is also supported
• SAML2 is used across the Stratos deployment to ensure a smooth transition between components– SAML2 is also available as sign-on for webapps, gadgets and other
user-deployed content
web.xml – Integrating Identity into WebApps
<login-config><auth-method>BASIC</auth-method><realm-name>Basic Auth</realm-
name></login-config>
Automatically ties into Stratos Identity
Identity Service continued
• As well as a full distributed authentication server, Stratos Identity Server also supports distributed Authorization– OAuth– XACML
Security Management
• Tenants are isolated at the core:– Identity server provides the security model– Registry/Repository implements an isolated data-store for
configuration and meta-data– Services are Isolated at the Axis2 level
• For services we also restrict classloading using Java Security– Webapps are isolated using standard Tomcat techniques
• Each tenant can only load code from their tenants deployed WARs– We apply security policies to stop webapps opening ports,
modifying local files, calling OSGi Services• These security policies can be changed based on need
• Sharing is possible across tenants using standard models – e.g. federated security and web/network access
Performance Overhead of Multi-tenancy
Billing and Metering
• A generic multi-tenanted metering and billing module
• Written as OSGi• Uses Drools to implement service levels
– E.g. 10 users, 100Mb transfer/month, 15 deployed services for free level of subscription
• Can be used to meter real business events– How many sales transactions / month
Usage Data Metering/Throttling
Usage Metering• Currently available01. Registry Resource Volume02.Number of users• Planned for next release01.Appserver Service Bandwidths/Request Response count02.ESB Mediation Data(Bandwidths Data)
ThrottlingCurrently Available01.Number of users02.Registry Resource Volume• Planned for next release01.Number of Request and Response counts02.Service incoming and outgoing bandwidths
Stratos Billing
• Scheduled invoice generation• Notifies the customers via email after invoices are
generated• Ability to view past invoices and the current(interim)
invoice• Securely pay the invoice via Paypal• Notifies the customer via email on received payments• Notifies the super-admin on customers exceeding the
credit limit• Presents a summary view to the super-admin
Case Studies (in progress)
• System Integrator– Currently running Stratos for internal projects– Examining the use of Stratos for customer projects and SaaS
• Home Loan Bank– WSO2 runs a private deployment of Stratos– Developer sandbox and test environment– Currently apps are then deployed internally in Carbon
• Betting/Gaming PaaS– Provide an environment (Mashups, WebApps, Gadgets) for sports teams to
write their own betting applications– In the context of betting legislation/regulation
• Mobile PaaS– Building a PaaS environment for a mobile telco
• SaaS-enablement of legacy applications
Futures
• SLA management and Priority Execution• Better thread/CPU management and
instrumentation• HDFS support• VM deployment• End-to-end development lifecycle
integration (Maven, SVN, Hudson/Jenkins, Junit)
Summary
56
Questions?
57
http://www.flickr.com/photos/oberazzi/
