Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IDaaS at Scale - Nardoz BA

Damian Schenkelman
August 15, 2019
Programming
0
130

IDaaS at Scale - Nardoz BA

In recent years, we're seeing the emergence of a new form of technology scale. Today's emerging technologies - which rapidly grow to millions of users, do not sell a product or service. Instead, they build a platform on which others can create value. Yet, new platforms often fail because the design and growth strategies involved in building them are complex, resource intensive and expensive to scale. Yet, in the IAM/CIAM space, many companies are still building their own internal IDaaS platform internally, facing this massive challenge, and oftentimes failing to achieve their goals. This talk discusses the complexities, resources, and scalability challenges Auth0 has faced in creating an IDaaS platform that securely manages more than 2.5 billion logins per month. He will take a deep dive into specific scenarios including: scaling password hashing, user search and designing across multiple cloud regions among others.

Damian Schenkelman

August 15, 2019
Tweet

More Decks by Damian Schenkelman

See All by Damian Schenkelman
Identidad en Web3
dschenkelman
0
200
Demo Identidad en Web3
dschenkelman
1
89
Deep Dive Into Google Zanzibar and its Concepts for Authorization Scenarios
dschenkelman
1
890
Authorization is on the rise. What if there was an API for it?
dschenkelman
0
94
All About AuthZ
dschenkelman
1
340
Evolving Auth0's architecture: From 0 to 2.5+ billion logins per month in 5 years
dschenkelman
1
670
Remote work at Auth0
dschenkelman
0
110
El camino a SRE
dschenkelman
0
140
IDaaS at Scale - From 0 to 2.5B+ logins/month (Auth0 Webinar)
dschenkelman
0
50

Other Decks in Programming

See All in Programming
Compose で Android/iOS アプリを作る
m_coder
0
1.3k
Building Shared UIs across Platforms with Compose
heyitsmohit
1
140
Kotlinハイパフォーマンスプログラミング
ohmae
4
2.4k
HelidonとMicroProfile JWT Auth
ogiwarat
1
120
第3回 AWSとGitHub勉強会 - GitHub Actionsを使ったCI環境の構築 -
ogiwarat
0
120
Lrama へのコントリビューションを通して学ぶ Ruby のパーサジェネレータ事情
junk0612
1
450
技術選定の審美眼(2023年版) / Understanding the Spiral of Technologies 2023 edition
twada
PRO
16
2.9k
Precondition with schema directives
quramy
0
260
iOSエンジニアに求められる役割について
teamlab
PRO
0
140
Value and Record Types
hschwentner
0
720
作って学ぶadbプロトコル / Create and learn adb protocols
ntsk
0
830
Decoding Code Review - Elixir Conf US
elainenaomi
3
200

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
49
15k
Rails Girls Zürich Keynote
gr2m
90
12k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
A Tale of Four Properties
chriscoyier
150
21k
Building Adaptive Systems
keathley
29
1.6k
The Cost Of JavaScript in 2023
addyosmani
8
1.5k
How STYLIGHT went responsive
nonsquared
89
4.4k
The Mythical Team-Month
searls
212
41k
A Philosophy of Restraint
colly
195
15k
The Language of Interfaces
destraynor
149
22k
Raft: Consensus for Rubyists
vanstee
130
5.9k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
36
22k

Transcript

  1. IDaaS at Scale
    From 0 to 2.5B+ logins/month
    @dschenkelman

    View Slide

  2. Let's create an
    IDaaS.
    Yeah. How hard
    can it be?

    View Slide

  3. Era muy dificil
    It'd be very
    hard...
    Narrator

    View Slide

  4. Agenda
    ● Surface
    ● Scale & Reliability
    ● Hosting
    ● Extensibility
    ● Wrap-up
    ● Questions

    View Slide

  5. Compliance
    Trust
    Scale
    Reliability
    Security

    View Slide

  6. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing

    View Slide

  7. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Dashboard SDKs APIs
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing
    Docs
    Support Experience

    View Slide

  8. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Dashboard SDKs APIs
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing
    Docs
    Support Experience
    Extensible

    View Slide

  9. SCALE &
    RELIABILITY

    View Slide

  10. ®
    From 2014 to Now

    View Slide

  11. ®
    • Automated deployments
    • Rollout, blue/green
    • Feature flags
    • Rate limits
    • Autoscaling
    General Techniques

    View Slide

  12. Architecture

    View Slide

  13. SCALING
    IAM

    View Slide

  14. PASSWORD HASHING

    View Slide

  15. ®
    PASSWORD HASHING
    • Hash: one way, no ability to revert
    • Resource intensive
    • bcrypt: configure number of rounds
    • 2^10: ~80ms -> 12.5/sec per CPU
    • 2^12: ~320ms -> 3.125/sec per CPU

    View Slide

  16. Expected Response Times

    View Slide

  17. Actual Response Times

    View Slide

  18. Flamegraphs

    View Slide

  19. PASSWORD HASHING SERVICE
    AUTH NODE LB
    BaaS
    BaaS
    BaaS
    BaaS

    View Slide

  20. User Search

    View Slide

  21. email.domain:auth0.com
    AND logins_count:[0 TO 10}

    View Slide

  22. 2013
    Mongo as
    a database
    Expose search

    View Slide

  23. 2015
    Problems with case
    insensitive search
    No ability to search on
    metadata fields
    Move to
    Elastic Search

    View Slide

  24. 2017
    Objects
    with many
    fields
    affected ES
    Overly
    permissive
    query syntax
    Moved to
    Postgres
    Support for
    customer
    partitions
    Remove
    ability to
    perform some
    queries
    Search
    v3

    View Slide

  25. Tap Compare
    https://saucelabs.com/blog/the-why-and-how-of-tap-compare-testing

    View Slide

  26. WHERE TO HOST?

    View Slide

  27. 2014: PROVIDE OPTIONS
    ON-PREM AWS SINGLE
    TENANT
    AZURE SINGLE
    TENANT
    AWS + AZURE
    MULTI-TENANT
    MULTI-REGION

    View Slide

  28. 2017
    High cost to maintain
    another cloud provider
    Low probability
    of risk
    Decision: No
    longer Azure on
    multi tenant
    environment

    View Slide

  29. 2017: PUBLIC CLOUD AWS ONLY
    ON-PREM AWS SINGLE
    TENANT
    (Auth0 or
    Customer)
    AZURE SINGLE
    TENANT
    (Customer Only)
    AWS
    MULTI-TENANT
    MULTI-REGION

    View Slide

  30. On-Prem
    Hard to sync on updates
    Different hardware
    ● Stateful scaling
    ● Stateless scaling
    Different levels of
    access/permissions

    View Slide

  31. 2019: AWS ONLY
    AWS SINGLE
    TENANT
    (Customer Account)
    AWS
    MULTI-TENANT
    MULTI-REGION
    AWS SINGLE
    TENANT
    (Auth0 Account)

    View Slide

  32. LOCATION

    View Slide

  33. MULTIPLE
    ENVIRONMENTS
    ● Data Sovereignty
    ● Scale
    ● Latency
    ● Failure domains
    ● Price

    View Slide

  34. Environments

    View Slide

  35. EXTENSIBILITY

    View Slide

  36. WHY?
    ● Useful for product discovery
    ● Does not require changing
    core product
    ● Empowers developers to do
    integration/customization

    View Slide

  37. WHAT?
    ● Custom email providers
    ● New OAuth compliant
    identity providers
    ● Able to treat any
    database as an identity
    provider
    ● Custom actions on every
    event: login/signup/etc.

    View Slide

  38. HOW?
    ● Custom serverless
    platform
    ● Low latency
    ● No cold startup
    ● Sandbox/Isolation
    ● Limited permission set

    View Slide

  39. and
    Finally...

    View Slide

  40. Build
    Learn Measure
    The Feedback
    Loop
    Baseline
    Hypothesis
    Analyze

    View Slide

  41. Gracias
    @dschenkelman

    View Slide

  42. Te interesa?
    https://auth0.com/careers/positions?areas=Engineering

    View Slide

  43. Questions

    View Slide