Beyond multitenancy 
container-based application factory

 

Damien Metzler

dmetzler@nuxeo.com

https://github.com/dmetzler/

Thierry Delprat
tdelprat@nuxeo.com

https://github.com/tiry/

About This talK

This is our technical adventure

  • multi-tenancy with advanced per-tenant customization 
  • build a Software factory using VMs, Docker and now CaaS
     

This is our story but, hopefully, this should also make sense for

  • applications that are modular and configurable
  • applications moving to the cloud / SaaS model

a long road

2012/2013 
 

2014
 

now 

initial idea and first tentative
 

first viable version


current development
and future architecture 

2012/13 - IdeA & first try

Multi-Tenants, Cloud & Application Factory

Some Context

Nuxeo









 

 

we provide a Platform that developers can use to
build highly customized Content Applications

we provide components, and the tools to assemble 
everything we do is open source

our customers are people building software
 in-house - software vendors - SaaS

Nuxeo Platform

Repository









 

Services

Workflows, Conversions, Diff, Notifications, Activity  ...

Building ON TOP of a Platform

Building ON TOP of a Platform

Building ON TOP of a Platform

Building ON TOP of a Platform

Building ON TOP of a Platform

Project Management

Building ON TOP of a Platform

Digital Assets Management

Building ON TOP of a Platform

Case Management

Building ON TOP of a Platform

Collaboration

Building ON TOP of a Platform

Customer

1 Customer

Custom deployment

More Customers

Industrialization

Customers

PLM Solution 

Customer/Tenant 1

Customer/Tenant 2

Styles
Screen Layouts
Meta-Data
Workflows
Business Logics

Connectors
 

Styles
Screen Layouts
Meta-Data
Workflows
Business Logics

Connectors
 

APPLICATION LEVEL MULTI-TENANTS 

Document Store 
Security
Life Cycle
Indexing
Versioning

all clients share the same application

application manages data and configuration partitionning

Application Level Multi-Tenants 

Shallow isolation

  • quota management is not efficient 
  • customization options are limited
     

Monolithic 

  • same version, same component set
  • same upgrade and maintenance policy
     

Not even simple

  • scale out is not that easy (i.e. move a tenant)
  • per-tenant Backup/Restore is not easy
  • Heterogeneous deployment units
    ​          
    VM level / JVM level / App level 

Can not leverage OSGi / Extension Point model
 

Not "Cloud Native approach"
 

Container Level Multi-tenants

rely on infrastructure to provide tenants isolation

application does not need to be impacted
 

Flexible
Unlimited Customization
Full Isolation & Quotas

Application Factory

Create "on demand" application for each customer

  • use Container level isolation
  • provision infrastructure from the Cloud 
  • custom assembly for each customer

Application Factory

Create "on demand" application for each customer

  • use Container level isolation
  • provision infrastructure from the Cloud 
  • custom assembly for each customer

Application Factory

Create "on demand" application for each customer

  • use Container level isolation
  • provision infrastructure from the Cloud 
  • custom assembly for each customer

Application Factory

Create "on demand" application for each customer

  • use Container level isolation
  • provision infrastructure from the Cloud 
  • custom assembly for each customer

Application Factory

Create "on demand" application for each customer

  • use Container level isolation
  • provision infrastructure from the Cloud 
  • custom assembly for each customer

Let's do this ...

... for our own use cases !

Nuxeo Trials Use Case

We build a platform and customization tools
 

We want people to be able to taste the full experience

  • choose their components
  • configure business rules
  • run the app they build

​ Online demo site
                          with full per-tenant customization

PaaS vs Automation

Early testing with CloudFoundry / OpenShift

  • Fast moving ground
  • Very opinionated
  • Our app does not fit in Java PaaS

​Go with Deployment Automation on IaaS

  • ​Seems easier
  • Better match for sys-admin / devops

Some Challenges

Prospects do not pay

Prospects want to access all features

We want them to have a great experience​​  

free customers with high expectations !

Cost is a major concern   

Optimize hosting infrastructure

Cutting Costs

EC2 Spot instances

 

 

​Start/Stop instances when needed


 

 

​Leverage AWS Services

Early Results

 

A lot of moving parts

  • no clear deployment unit
  • lot of scripting

     

​Slow

  • provisioning is slow
  • start/stop too slow to be usable  

works but ...

DEAD END ?

We need lighter foot print

We need faster startup

Hope Comes from 

Some developers have started playing
with lightweight containers because
VMs are too fat & slow !

and Docker !

the developers 

[dev] Cool new stuff on cloud related techs

...

http://www.docker.io/ :

a command line tool for launching and managing
arbitrary processes using LXC.
Open Source project contributed by the dotcloud guys.

...

03/2013

2014 - Nuxeo.io v1

Build the Application Factory on Docker

Arken

First target is to power Nuxeo Trials

need a smooth UX
 

but also build a generic infrastructure

publish work as opensource
 

Assign a team of java developers

not system-administrators
 

Expect results in 3 months !

rebuild / refactor every 3 months 

Build Your Own Application  

Build Your Own Application  

Select
target Platform

Build Your Own Application  

Pick additional components

Build Your Own Application  

Build Your Own Application  

Build new components

Build Your Own Application  

Select custom Components

Build Your Own Application  

Define Application Model

Build Your Own Application  

Build Your Own Application  

Choose deployment

environment

Build Your Own Application  

Deploy & Run !

Make your own container recipe

  • choose your ingredients
  • assemble
  • run 

 

Available to the web user

 

Build Your Own Application  

Nuxeo.io Factory

Principles

Docker containers !

Leverage AWS infrastructure 

Principles

Passivation 

  • Less than 5% of trials are active at a given time
  • Fast start/stop (no data)
  • High density hosting on AWS

Principles

Dual state orchestration

  • Expected vs Actual
  • Decoupling & Monitoring



     

Use a distributed registry 

 

CASTING

Containers infrastructure:
 Docker + CoreOS
 

Scheduler:
Fleet
 

Distributed registry: 
etcd

​Monitoring:

DataDog

CASTING

CASTING

CASTING

 

The Containers:
 

Nuxeo Servers

 

Manager.io (Nuxeo +AngularJS)

Passivator (Go Service)

ArkenCtl (Go Cmd)

Dynamic reverse proxy Gogeta

 

(1 per tenant)

Big Picture

Big Picture

Big Picture

Big Picture

Deploy new tenant

Big Picture

Register new tenant

Big Picture

Deploy more tenants

Big Picture

Route request to Customer X

Big Picture

Route request to Customer X

PASSIVATE

ACTIVATE

ACTIVATE

ACTIVATE

ACTIVATE

started

Monitoring

Some Good Results

 

1000+ instances/month managed on 4 EC2 VMs (m3.2xlarge)

Production hosting for some Nuxeo based applications

Eventually stable


Docker and Go are really great

The vision is good ! 

All Good ?

Almost !

Miseries

  • CoreOS updates
  • btrfs fragmentation and IO issues
  • etcd stability
  • fleet "shortest path" scheduling
  • ...

Lots of moving parts + Lots of young solutions

Experience a new type of failure every day !

Structural Issues

Lot of boring glue code

  • Networking, Port Mapping, provisionning ...
  • developers are sick of shell scripts
     

Storage management is an issue

  • asymmetrical model & scalability
  • Security concerns on shared infrastructure

CoMplexity

 

Troubleshooting is tricky

Command line tools
 

Still too scary for a customer 

the system is complex to setup

now - Nuxeo.io v2

Leverage our experience and Docker evolutions

Drivers

Docker ecosystem evolved

Kubernetes, ​Swarm, Compose, Rancher ...


 

We believe in the initial vision is good

Customers starts to like the idea of Containers


 

We have learned a lot from Nuxeo.io v1 

​Time for a reboot

Additional contraints

Cluster configurations

1 node, 2 nodes, 7 nodes ...


Production hosting

take over Nuxeo-Cloud
 

Customer compliant 

avoid or hide and package
the glue code 

X

Remove as much code as we can

Leverage Docker evolution

Networking in Docker / Rancher / Kubernetes

  • No more "manual" port & DNS mapping
  • Use Software Defined Network​
s/port-mapping/SDN/g
s/Ansible/Swarm/g
s/Scripting/Compose/g

Clustering in Docker-Swarm / Rancher / Kubernetes

  • No more scripting automation

Stack templating in Docker-Compose / Rancher / Kubernetes 

  • ​Manage an application as a set of containers

​Free from the Shell !

less glue code to write / debug

focus on application level

Leverage Docker evolution

Volumes in Docker

storage can now be provisionned as a container

containers can now be statefull

Can provision Storage nodes exactly as Processing nodes

Streamline architecture:     everything is container

                         all tenant resources are provisioned the same way 

CaaS ?

 

  • Avoid building a CaaS infrastructure
     
  • Focus on Application Customization & Templating
     
  • Keep some flexibility on Cluster Orchestration


RANCHER
 

Caas Choice

Nice high level REST API

abstraction on CaaS provider 
Swarm/Kubernetes/Cattle

 

Administration UI

  • Infrastructure vs Application view
  • Monitoring and SSH access
     

Close to Docker 

  • Built on top of Docker and Compose 
  • Contribute to Docker

CaaS Choice

 

Application Management 

  • Stack definition & templating
     

Provide additional features

  • Health Monitoring
  • ​Load Balancing and DNS
  • Rolling upgrades

Volume plugins :

convoy: NFS / GlusterFS

Nuxeo.io with Rancher

Nuxeo.io with Rancher

Nuxeo.io with Rancher

Nuxeo.io with Rancher

Nuxeo.io with Rancher

Nuxeo.io with Rancher

Nuxeo.io with Rancher - DEMO

Direct Gains

Rancher & Docker
do the heavy lifting

 


Deploying Arken is easy


 

One unique API
to deploy new tenants

Arken Contents

Application Templating

Package Selection : Wizard + Config + Docker File 

Deployment template :  Compose + Rancher

 

Passivation Management

Passivation aware Routing

State management

API & Adapter

Independent

Go Based

OpenSource

multi-tenants ?

Application Level Multi-Tenancy 

  • data only isolation

Container Level Multi-Tenancy - Nuxeo.io v1 

  • processing isolation - shared data sources         

Container Level Multi-Tenancy - Nuxeo.io v2

  • complete data and process isolation

multi-tenants ?

Tenants sharing an Application

Tenants sharing Infrastructure
+ dedicated applications

processing isolation : docker containers

  • reusable execution units

data isolation : docker and volumes 

  • stateful containers         

application configuration: Rancher + Arken + Nuxeo

  • software defined tenant

Application Factory: Rancher + Arken

Breaking the Monolith ?

Stack of OSGi Services     =   MicroServices

Break deployment by tenants

Break deployment by containers

Deploy different service stacks          Different containers

Converters, Async Processing, IDE , Account management ...

Leverage Arken architecture

Introduce new granularity level

Any Questions ?

Thank You !

http://www.nuxeo.com/careers/

We are hiring !

New York, Paris, Lisboa

Beyond Multitenancy

By Thierry Delprat

Beyond Multitenancy

O'Reilly Software Architecture 2016

  • 5,509