Well-Architected SaaS on Cloud Foundry
Victor Ionescu
Lead IT Consultant | Technical Guidance Unit @ msg systems Romania
Software-as-a-Service
the WHAT && the WHY
ivictor88
Customer
("subscriber")
Customer
("subscriber")
"Software-as-a-Service"
Vendor
("provider")
subscribes to
subscribes to
manages
ivictor88
Customer
("subscriber")
"Software-as-a-Service"
subscribes to
The "WHY" for Subscribers
- No upfront investments
- Predictable costs using pay-per-use model
- No lengthy implementation project
- Fast on- (and off-)boarding
ivictor88
"Software-as-a-Service"
The "WHY" for Providers
- all customers on the same software version
- 1 single active release to maintain
- Ship features fast, directly to production
Vendor
("provider")
manages
ivictor88
Building a multitenant SaaS
Challanges and how to address them
ivictor88
Choosing a Platform
ivictor88
CaaS, PaaS, FaaS. K8s, CF and others..
Infrastructure
App
Cloud Native Application Blueprint
Container Orchestration
Container
Security
Runtime
App
Container
Runtime
Network
Services
ivictor88
Infrastructure
App
Container Orchestration
Container
Security
Runtime
App
Container
Runtime
Network
Services
ivictor88
Compute, Storage
Subnets,
Public/Private Network
Configure Routing
Database
Configure
Monitoring, Tracing, Logging
Run, Check, Scale
Messaging
"Overhead"
App
Container
Runtime
Value
Authentication & Authorization
Day 2 Operations
Monitor,
Patch,
Upgrade
ivictor88
-- Commoditization of Containers
Infrastructure
App
Container Orchestration
Container
Security
Runtime
CaaS
Network
Services
Dev/Ops
Overhead
Value
ivictor88
Infrastructure
Container Orchestration
Container
Security
Runtime
PaaS
Network
Container
Runtime
Security
Network
Services
App
Dev/Ops
Overhead
Value
adds:
- Services
- Networking
- Container from Code (opt.)
ivictor88
Infrastructure
Container Orchestration
Container
Runtime
FaaS
Container
Runtime
Security
Network
Services
Eventing
Func
Func
Func
Func
Func
Func
Func
Func
Dev/Ops
Eventing
Overhead
Value
- Eventing (native)
- Focus on pure Value
- Ecosystem maturity!
!!
simple,
but opinionated
flexible,
but complex
cf push nodeapp --hostname webapi
cf bind-service nodeapp postgres_db
Node.JS sources
Node.JS sources
App Container
Pod
Postgres
PersistentVolume
ConfigMap
Pod
Service
Ingress
kubectl apply -f ...ivictor88
- Container Management Platform and much more
- Hides the complexities of the underlying infrastructure
- Deploys applications to containers and manages their operation throughout the entire application lifecycle
app.
CloudFoundry
deploy
ivictor88
CF Buildpacks & Routing
Detecting buildpack:
staticfile_buildpack..
java_buildpack..
nodejs_buildpack..
ruby_buildpack.. MATCHED!app.
Buildpack detection
Router
CF Service Brokers
Service Brokers
Distributed Cache
Database
Messaging
...
iRE Cloud on SAP Cloud Foundry
- Architecting for Scale and Resilience -
ivictor88
12factor microservices
- decoupled lifecycle
- independently scalable
event based comm.
circuit breakers
- resilience
- eventual consistency
Handling Multitenancy
ivictor88
Tenant 1
Tenant 2
"Software-as-a-Service"
Multitenancy
Tenant isolation levels:
- Security
- Persistence
- Connectivity
ivictor88
"Software-as-a-Service"
subscribes to
subscribes to
Customer account
- SaaS runtime environment
- Platform services (DB, messaging, ..)
- Users and Roles, IdP
- On-Premise Connectivity
Customer account
- Users and Roles, IdP
- On-Premise Connectivity
Provider account
Multitenancy on SAP Cloud Platform
Handling multitenancy on application level
GET https://ire-prod-<tenant identifier>.cfapps.....
ivictor88
Thank You for your attention!
ionescuv.github.io
@ivictor88
Victor Ionescu
msg systems, Technical Guidance Unit
