$30 off During Our Annual Pro Sale. View Details »

IDaaS at Scale - From 0 to 2.5B+ logins/month

Damian Schenkelman
June 27, 2019
Technology
0
87

IDaaS at Scale - From 0 to 2.5B+ logins/month

In recent years, we're seeing the emergence of a new form of technology scale. Today's emerging technologies - which rapidly grow to millions of users, do not sell a product or service. Instead, they build a platform on which others can create value. Yet, new platforms often fail because the design and growth strategies involved in building them are complex, resource intensive and expensive to scale. Yet, in the IAM/CIAM space, many companies are still building their own internal IDaaS platform internally, facing this massive challenge, and oftentimes failing to achieve their goals. This talk discusses the complexities, resources, and scalability challenges Auth0 has faced in creating an IDaaS platform that securely manages more than 2.5 billion logins per month. We will take a deep dive into specific scenarios including: scaling password hashing, user search and designing across multiple cloud regions among others.

Damian Schenkelman

June 27, 2019
Tweet

More Decks by Damian Schenkelman

See All by Damian Schenkelman
Identidad en Web3
dschenkelman
0
230
Demo Identidad en Web3
dschenkelman
1
110
Deep Dive Into Google Zanzibar and its Concepts for Authorization Scenarios
dschenkelman
1
950
Authorization is on the rise. What if there was an API for it?
dschenkelman
0
97
All About AuthZ
dschenkelman
1
350
Evolving Auth0's architecture: From 0 to 2.5+ billion logins per month in 5 years
dschenkelman
1
710
Remote work at Auth0
dschenkelman
0
110
El camino a SRE
dschenkelman
0
140
IDaaS at Scale - From 0 to 2.5B+ logins/month (Auth0 Webinar)
dschenkelman
0
55

Other Decks in Technology

See All in Technology
CSSパフォーマンスに関する計測結果
poteboy
3
1.4k
ココナラでエンジニアマネージャーをやってみた!
coconala_engineer
1
140
SRE推進における失敗と成功 〜く"し"け"な"い"〜 - NIFTY Tech Day 2023
niftycorp
0
130
VRの世界でLTしていく (LT) - NIFTY Tech Day 2023
niftycorp
0
120
LLMを活用した爆速アウトプットのすゝめ / bakusoku-outputs-with-llm
yuya4
8
4.2k
Japan.R2023_いろんな可視化ツールあるけどggplotて何がいいの?- 複数ツールで比較してみた!-
wakamatsu_takumu
1
580
Rest Clientユーザーの自分がPostman の VS Code拡張機能を扱ってみた感想
smt7174
0
150
Notionへのデータ移行を成功させる5つのポイント - NIFTY Tech Day 2023
niftycorp
0
140
uGUI の自動操作の考え方と操作方法
orgachem
PRO
0
850
トヨタの社内コミュニティについて色々聞いちゃおう ~たった4年の奇跡の軌跡~
taichinakamura
0
490
GPTsによるアシスタント業務の改善
neonankiti
2
300
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.7k

Featured

See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
GraphQLの誤解/rethinking-graphql
sonatard
45
8.7k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
Docker and Python
trallard
32
2.4k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
A Tale of Four Properties
chriscoyier
150
22k
Pencils Down: Stop Designing & Start Developing
hursman
115
11k
YesSQL, Process and Tooling at Scale
rocio
160
13k
Gamification - CAS2011
davidbonilla
75
4.4k
The Cost Of JavaScript in 2023
addyosmani
10
3.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.5k

Transcript

  1. IDaaS at Scale
    From 0 to 2.5B+ logins/month
    Damian Schenkelman - Director of Engineering

    View Slide

  2. Armemos un
    IDaaS.
    Dale. Cuán dificil
    puede ser??

    View Slide

  3. Era muy dificil
    Iba a ser muy
    dificil...
    Narrator

    View Slide

  4. Agenda
    ● Surface
    ● Scale & Reliability
    ● Hosting
    ● Security & Compliance
    ● Wrap-up
    ● Questions

    View Slide

  5. Compliance
    Trust
    Scale
    Reliability
    Security

    View Slide

  6. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing

    View Slide

  7. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Dashboard SDKs APIs
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing
    Docs
    Support Experience

    View Slide

  8. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Dashboard SDKs APIs
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing
    Docs
    Support Experience
    Extensible

    View Slide

  9. SCALE &
    RELIABILITY

    View Slide

  10. ®
    From 2014 to Now

    View Slide

  11. ®
    • Automated deployments
    • Rollout, blue/green
    • Feature flags
    • Rate limits
    • Autoscaling
    General Techniques

    View Slide

  12. Architecture

    View Slide

  13. SCALING
    IAM

    View Slide

  14. PASSWORD HASHING

    View Slide

  15. ®
    PASSWORD HASHING
    • Hash: one way, no ability to revert
    • Resource intensive
    • bcrypt: configure number of rounds
    • 2^10: ~80ms -> 12.5/sec per CPU
    • 2^12: ~320ms -> 3.125/sec per CPU

    View Slide

  16. Expected Response Times

    View Slide

  17. Actual Response Times

    View Slide

  18. PASSWORD HASHING SERVICE
    AUTH NODE LB
    BaaS
    BaaS
    BaaS
    BaaS

    View Slide

  19. User Search

    View Slide

  20. View Slide

  21. 2013
    Mongo as
    a database
    Expose search

    View Slide

  22. 2015
    Problems with case
    insensitive search
    No ability to search on
    metadata fields
    Move to
    Elastic Search

    View Slide

  23. 2017
    Objects
    with many
    fields
    affected ES
    Overly
    permissive
    query syntax
    Moved to
    Postgres
    Support for
    customer
    partitions
    Remove
    ability to
    perform some
    queries
    Search
    v3

    View Slide

  24. Tap Compare
    https://saucelabs.com/blog/the-why-and-how-of-tap-compare-testing

    View Slide

  25. WHERE TO HOST?

    View Slide

  26. 2014: PROVIDE OPTIONS
    ON-PREM AWS SINGLE
    TENANT
    AZURE SINGLE
    TENANT
    AWS + AZURE
    MULTI-TENANT
    MULTI-REGION

    View Slide

  27. 2017
    High cost to maintain
    another cloud provider
    Low probability
    of risk
    Decision: No
    longer Azure on
    multi tenant
    environment

    View Slide

  28. 2017: PUBLIC CLOUD AWS ONLY
    ON-PREM AWS SINGLE
    TENANT
    (Auth0 or
    Customer)
    AZURE SINGLE
    TENANT
    (Customer Only)
    AWS
    MULTI-TENANT
    MULTI-REGION

    View Slide

  29. On-Prem
    Hard to sync on updates
    Different hardware
    ● Stateful scaling
    ● Stateless scaling
    Different levels of
    access/permissions

    View Slide

  30. 2019: AWS ONLY
    AWS SINGLE
    TENANT
    (Customer Account)
    AWS
    MULTI-TENANT
    MULTI-REGION
    AWS SINGLE
    TENANT
    (Auth0 Account)

    View Slide

  31. Security

    View Slide

  32. Brute Force
    Protection
    ● User Level
    ● Environment Level
    ● Two-factor

    View Slide

  33. Breached Password
    Detection
    ● Aggregate Sources
    ● Hash & Salt Passwords
    ● Compare on login
    ● IP Reputation Database

    View Slide

  34. Compliance

    View Slide

  35. Compliance

    View Slide

  36. and
    Finally...

    View Slide

  37. Build
    Learn Measure
    The Feedback
    Loop
    Baseline
    Hypothesis
    Analyze

    View Slide

  38. Gracias

    View Slide

  39. Preguntas

    View Slide