Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IDaaS at Scale - From 0 to 2.5B+ logins/month (Auth0 Webinar)

IDaaS at Scale - From 0 to 2.5B+ logins/month (Auth0 Webinar)

In recent years, we're seeing the emergence of a new form of technology scale. Today's emerging technologies - which rapidly grow to millions of users, do not sell a product or service. Instead, they build a platform on which others can create value. Yet, new platforms often fail because the design and growth strategies involved in building them are complex, resource intensive and expensive to scale. Yet, in the IAM/CIAM space, many companies are still building their own internal IDaaS platform internally, facing this massive challenge, and oftentimes failing to achieve their goals. This talk discusses the complexities, resources, and scalability challenges Auth0 has faced in creating an IDaaS platform that securely manages more than 2.5 billion logins per month. He will take a deep dive into specific scenarios including: scaling password hashing, user search and designing across multiple cloud regions among others.

Damian Schenkelman

September 16, 2019
Tweet

More Decks by Damian Schenkelman

Other Decks in Programming

Transcript

  1. IDaaS at Scale
    From 0 to 2.5B+ logins/month
    @dschenkelman

    View full-size slide

  2. Let's create an
    IDaaS.
    Yeah. How hard
    can it be?

    View full-size slide

  3. Era muy dificil
    It'd be very
    hard...
    Narrator

    View full-size slide

  4. Agenda
    ● Surface
    ● Scale & Reliability
    ● Hosting
    ● Extensibility
    ● Wrap-up
    ● Questions

    View full-size slide

  5. Compliance
    Trust
    Scale
    Reliability
    Security

    View full-size slide

  6. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing

    View full-size slide

  7. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Dashboard SDKs APIs
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing
    Docs
    Support Experience

    View full-size slide

  8. Compliance
    Features
    Trust
    Protocols
    User Management
    Search
    Dashboard SDKs APIs
    Scale
    Reliability
    Security
    AuthZ
    Session Management
    Identity Providers
    Anomaly Detection
    Auditing
    Docs
    Support Experience
    Extensible

    View full-size slide

  9. SCALE &
    RELIABILITY

    View full-size slide

  10. ®
    From 2014 to Now

    View full-size slide

  11. ®
    • Automated deployments
    • Rollout, blue/green
    • Feature flags
    • Rate limits
    • Autoscaling
    General Techniques

    View full-size slide

  12. Architecture

    View full-size slide

  13. PASSWORD HASHING

    View full-size slide

  14. ®
    PASSWORD HASHING
    • Hash: one way, no ability to revert
    • Resource intensive
    • bcrypt: configure number of rounds
    • 2^10: ~80ms -> 12.5/sec per CPU
    • 2^12: ~320ms -> 3.125/sec per CPU

    View full-size slide

  15. Expected Response Times

    View full-size slide

  16. Actual Response Times

    View full-size slide

  17. PASSWORD HASHING SERVICE
    AUTH NODE LB
    BaaS
    BaaS
    BaaS
    BaaS

    View full-size slide

  18. email.domain:auth0.com
    AND logins_count:[0 TO 10}

    View full-size slide

  19. 2013
    Mongo as
    a database
    Expose search

    View full-size slide

  20. 2015
    Problems with case
    insensitive search
    No ability to search on
    metadata fields
    Move to
    Elastic Search

    View full-size slide

  21. 2017
    Objects
    with many
    fields
    affected ES
    Overly
    permissive
    query syntax
    Moved to
    Postgres
    Support for
    customer
    partitions
    Remove
    ability to
    perform some
    queries
    Search
    v3

    View full-size slide

  22. Tap Compare
    https://saucelabs.com/blog/the-why-and-how-of-tap-compare-testing

    View full-size slide

  23. WHERE TO HOST?

    View full-size slide

  24. 2014: PROVIDE OPTIONS
    ON-PREM AWS SINGLE
    TENANT
    AZURE SINGLE
    TENANT
    AWS + AZURE
    MULTI-TENANT
    MULTI-REGION

    View full-size slide

  25. 2017
    High cost to maintain
    another cloud provider
    Low probability
    of risk
    Decision: No
    longer Azure on
    multi tenant
    environment

    View full-size slide

  26. 2017: PUBLIC CLOUD AWS ONLY
    ON-PREM AWS SINGLE
    TENANT
    (Auth0 or
    Customer)
    AZURE SINGLE
    TENANT
    (Customer Only)
    AWS
    MULTI-TENANT
    MULTI-REGION

    View full-size slide

  27. On-Prem
    Hard to sync on updates
    Different hardware
    ● Stateful scaling
    ● Stateless scaling
    Different levels of
    access/permissions

    View full-size slide

  28. 2019: AWS ONLY
    AWS SINGLE
    TENANT
    (Customer Account)
    AWS
    MULTI-TENANT
    MULTI-REGION
    AWS SINGLE
    TENANT
    (Auth0 Account)

    View full-size slide

  29. MULTIPLE
    ENVIRONMENTS
    ● Data Sovereignty
    ● Scale
    ● Latency
    ● Failure domains
    ● Price

    View full-size slide

  30. Environments

    View full-size slide

  31. EXTENSIBILITY

    View full-size slide

  32. WHY?
    ● Useful for product discovery
    ● Does not require changing
    core product
    ● Empowers developers to do
    integration/customization

    View full-size slide

  33. WHAT?
    ● Custom email providers
    ● New OAuth compliant
    identity providers
    ● Able to treat any
    database as an identity
    provider
    ● Custom actions on every
    event: login/signup/etc.

    View full-size slide

  34. HOW?
    ● Custom serverless
    platform
    ● Low latency
    ● No cold startup
    ● Sandbox/Isolation
    ● Limited permission set

    View full-size slide

  35. and
    Finally...

    View full-size slide

  36. Build
    Learn Measure
    The Feedback
    Loop
    Baseline
    Hypothesis
    Analyze

    View full-size slide

  37. Thanks!
    Questions?
    @dschenkelman

    View full-size slide