Well-Architected SaaS on Cloud Foundry
Victor Ionescu
Lead IT Consultant | Technical Guidance Unit @ msg systems Romania

Software-as-a-Service
the WHAT && the WHY

ivictor88


Customer
("subscriber")
Customer
("subscriber")
"Software-as-a-Service"

Vendor
("provider")
subscribes to
subscribes to
manages

ivictor88

Customer
("subscriber")
"Software-as-a-Service"
subscribes to
The "WHY" for Subscribers
- No upfront investments
- Predictable costs using pay-per-use model
- No lengthy implementation project
- Fast on- (and off-)boarding



ivictor88
"Software-as-a-Service"
The "WHY" for Providers
- all customers on the same software version
- 1 single active release to maintain
- Ship features fast, directly to production



Vendor
("provider")
manages

ivictor88
Building a multitenant SaaS
Challanges and how to address them

ivictor88
Choosing a Platform

ivictor88
CaaS, PaaS, FaaS. K8s, CF and others..

Infrastructure
App
Cloud Native Application Blueprint
Container Orchestration
Container
Security
Runtime

App
Container
Runtime
Network
Services

ivictor88

Infrastructure
App
Container Orchestration
Container
Security
Runtime

App
Container
Runtime
Network
Services

ivictor88
Compute, Storage
Subnets,
Public/Private Network
Configure Routing
Database
Configure
Monitoring, Tracing, Logging
Run, Check, Scale
Messaging


"Overhead"
App
Container
Runtime
Value
Authentication & Authorization
Day 2 Operations

Monitor,
Patch,
Upgrade

ivictor88
-- Commoditization of Containers

Infrastructure
App
Container Orchestration
Container
Security
Runtime

CaaS

Network
Services
Dev/Ops


Overhead
Value

ivictor88

Infrastructure
Container Orchestration
Container
Security
Runtime

PaaS
Network
Container
Runtime
Security
Network
Services

App
Dev/Ops


Overhead
Value
adds:
- Services
- Networking
- Container from Code (opt.)

ivictor88

Infrastructure
Container Orchestration
Container
Runtime

FaaS

Container
Runtime
Security
Network
Services
Eventing
Func
Func
Func
Func
Func
Func
Func
Func
Dev/Ops

Eventing

Overhead
Value
- Eventing (native)
- Focus on pure Value
- Ecosystem maturity!
!!
simple,
but opinionated
flexible,
but complex



cf push nodeapp --hostname webapi
cf bind-service nodeapp postgres_db

Node.JS sources
Node.JS sources
App Container

Pod



Postgres

PersistentVolume

ConfigMap

Pod

Service

Ingress

kubectl apply -f ...

ivictor88
- Container Management Platform and much more
- Hides the complexities of the underlying infrastructure
- Deploys applications to containers and manages their operation throughout the entire application lifecycle



app.
CloudFoundry
deploy


ivictor88
CF Buildpacks & Routing


Detecting buildpack:
staticfile_buildpack..
java_buildpack..
nodejs_buildpack..
ruby_buildpack.. MATCHED!

app.

Buildpack detection
Router
CF Service Brokers




Service Brokers
Distributed Cache
Database
Messaging
...
iRE Cloud on SAP Cloud Foundry
- Architecting for Scale and Resilience -

ivictor88


12factor microservices
- decoupled lifecycle
- independently scalable


event based comm.
circuit breakers
- resilience
- eventual consistency
Handling Multitenancy

ivictor88


Tenant 1
Tenant 2
"Software-as-a-Service"
Multitenancy
Tenant isolation levels:
- Security
- Persistence
- Connectivity





ivictor88


"Software-as-a-Service"
subscribes to
subscribes to
Customer account
- SaaS runtime environment
- Platform services (DB, messaging, ..)
- Users and Roles, IdP
- On-Premise Connectivity
Customer account
- Users and Roles, IdP
- On-Premise Connectivity

Provider account

Multitenancy on SAP Cloud Platform
Handling multitenancy on application level

GET https://ire-prod-<tenant identifier>.cfapps.....

ivictor88
Thank You for your attention!
ionescuv.github.io
@ivictor88

Victor Ionescu
msg systems, Technical Guidance Unit


Well-architected SaaS on Cloud Foundry
By Victor Ionescu
Well-architected SaaS on Cloud Foundry
Transylvania Cloud Meetup
- 412