cis 2015 to infinity and beyond: web scale session management - lukasz jaromin
TRANSCRIPT
§ Borderless growth of identity and related data§ 7 billion people in the world, 40% Internet penetration§ Number of consumption devices much higher than active users§ IoT - even more devices treated as resources§ User consolidation around mainstream IDPs§ More sophisticated users’ and customers’ expectations§ Evolving IAM standards§ Change in the operational approach
IAM Scalability:THE CONTEXT
IAM Key Scalability Aspects
§ Long-lived data datastore scalability§ Short-lived data datastore scalability§ Application and presentation layer scalability§ Protocols and connectivity§ On demand capacity adjustments§ TCO optimization
Identity Store Scalability
§ IAM data types evolution§ User account data scalability is not the biggest challenge§ Devices as the most numerous data type§ OpenID Connect, FIDO, UMA, GSMA Impact§ Data model complexity§ Appropriate datastore and data layer architecture
q Horizontally Scalable
q Commodity hardware support
q Proprietary yet efficient wire protocol
q Key-value datastore
q Well-suited for devices data
q Capacity increase simplicity
q No need for load balancer in front
Web Scale:DEVICES STORE
§ Horizontally Scalable§ Commodity hardware support§ Proprietary yet efficient wire protocol § Key-value datastore§ Well-suited for devices data§ Capacity increase simplicity§ No need for load balancer in front
Web Scale:USERS STORE
§ Horizontally scalable§ Commodity hardware support§ Likely LDAP support§ Relatively easy to scale
Session and Token Store Scalability
§ Stateless vs. Stateful user sessions§ The typical stateful approach§ What about the HA and scalability?§ Session data characteristics§ Distributed In-Memory Session Store
Session and Token Store Scalability
§ Stateless vs. Stateful user sessions§ The typical stateful approach§ What about the HA and scalability?§ Session data characteristics§ Distributed In-Memory Session Store
Session and Token Store Scalability
§ Stateless vs. Stateful user sessions§ The typical stateful approach
§ What about the HA and scalability?§ Session data characteristics§ Distributed In-Memory Session Store
Session and Token Store Scalability
§ Stateless vs. Stateful user sessions§ The typical stateful approach
§ What about the HA and scalability?§ Session data characteristics§ Distributed In-Memory Session Store
Session and Token Store Scalability
§ Stateless vs. Stateful user sessions§ The typical stateful approach§ What about the HA and scalability?
§ Session data characteristics§ Distributed In-Memory Session Store
Session and Token Store Scalability
§ Stateless vs. Stateful user sessions§ The typical stateful approach§ What about the HA and scalability?§ Session data characteristics
§ Distributed In-Memory Session Store
In-Memory Grid Session Store Strategy
§ Storage of data in memory§ Ultimate write performance§ Commodity hardware
support§ Efficient wire-protocol§ Seamless scalability§ Key-value store ideal to store
session data
Application Layer Scalability
§ Reactive§ Microservices based§ Small to medium size components§ Stateless components§ Asynchronous and non-blocking§ Near cache and distributed cache§ Features under control
Application Layer Scalability
§ Reactive§ Microservices based§ Small to medium size components§ Stateless components§ Asynchronous and non-blocking§ Near cache and distributed cache§ Features under control
Application Layer Scalability
§ Reactive§ Microservices based
§ Small to medium size components§ Stateless components§ Asynchronous and non-blocking§ Near cache and distributed cache§ Features under control
Application Layer Scalability
§ Reactive§ Microservices based§ Small to medium size components
§ Stateless components§ Asynchronous and non-blocking§ Near cache and distributed cache§ Features under control
Application Layer Scalability
§ Reactive§ Microservices based§ Small to medium size components§ Stateless components
§ Asynchronous and non-blocking§ Near cache and distributed cache§ Features under control
Application Layer Scalability
§ Reactive§ Microservices based§ Small to medium size components§ Stateless components§ Asynchronous and non-blocking
§ Near cache and distributed cache§ Features under control
Application Layer Scalability
§ Reactive§ Microservices based§ Small to medium size components§ Stateless components§ Asynchronous and non-blocking§ Near cache and distributed cache§ Features under control
So.. I have the Perfect Design:WHAT’S NEXT?
§ Initial sizing calculations§ Initial empirical usage data collection§ Scalability testing§ Target setup capacity calculations
§ How to ascertain target capacity and keep costs low?§ How do I adjust capacity later if needed?§ Can a tool help with that?
Q&A: Questions and Answers
We encourage you to visit Syntegrity.com and InstantIAM.com
Search “Syntegrity” on YouTube
for more IIAM scalability and CDP Videos.