Technical Track presented by Vinícius Carvalho, Senior Field Engineer at Pivotal.
Cloud Foundry provides the foundation for your PaaS infrastructure. It streamlines deployment and turns your developers and your ops into super heroes when it comes to time to market. But what about your architecture? How should you build your services (or microservices)? How can you guarantee security is being enforced on every layer of your architecture? How can you solve cross-service dependencies? How can services discover each other? How could developers leverage an API explorer to test your services and build apps on top of it? How could you leverage a data pipeline to solve polyglot persistence and cascading operations on diverse persistence technologies? How can you monetize on top of your public services? How could you use a service registry to boost your models with extended metadata?
This session presents a few recipes to demonstrate how to solve some of the problems found when applying cloud patterns to real business scenarios.
5. Challenges
• Large
distributed
Systems
:
Failure
becomes
the
norm
not
the
excepAon
• Enhance
developer
experience
of
your
API
• Enforce
security
and
access
control
of
endpoints
• Service
discovery
• Avoid
duplicaAon
9. Talking
about
services
Business
Value
Reusability
Biz
Services
Biz
Services
Biz
Services
Core
Services
Core
Services
Core
Services
Core
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
API
11. Service
Registry
• Stores
service
informaAon
– API
endpoints
– Security
metadata
(Access
Control
Lists,
Roles)
– Resource
relaAonships
– Quality
of
service
– Extended
Metadata
12. Service
Registry
Services
Instances
API
Endpoints
Security
UI
Metadata
QOS
Billing
/api/apidocs!
GET /users!
PUT /{id}!
GET /users!
- ClientId: myapp!
- roles: [USER,MANAGER]
!!
User : {!
SSN: {!
type: “string”,!
selectable: false,!
editable: false!
}!
}!
/search : {!
limit : {!
value : 300,!
time: 3600,!
unit: “seconds”!
} !
}!
/search : {!
rate : {!
currency : “USD”,!
value : 0.10,!
meterType: “UNIT”,!
meterValue: 1000!
}!
}!
13. Cloud
Controller
DEA
Registry
GET
/v2/events
GET
/api/apidocs
push
app
+
app
MD
Router
14. UAA
NeUy
Pipeline
GET /users!
Authentication: Bearer <token>!
Service
Proxy
User
Service
Registry
Obtain
metadata
Validate
CredenAals
QoS
Billing
15. UAA
NeUy
Pipeline
GET /users!
Authentication: Bearer <token>!
Service
Proxy
User
Service
Registry
Data
Filter
{!
“firstname” : “joe”,!
“lastname” : “doe”,!
“comp” : 135,000.00!
}!
Obtain
metadata
Validate
CredenAals
QoS
Billing
16. UAA
NeUy
Pipeline
GET /users!
Authentication: Bearer <token>!
Service
Proxy
User
Service
Outbound
handler
Registry
Data
Filter
Obtain
metadata
Validate
CredenAals
QoS
Billing
Outbound
handler
{!
“firstname” : “joe”,!
“lastname” : “doe”,!
}!
{!
“firstname” : “joe”,!
“lastname” : “doe”,!
“comp” : 135,000.00!
}!
17. Security
• Don’t
use
LDAP
for
authorizaAon
• Corporate
LDAPs
can
be
very
polluted,
move
away
from
role
mapping
and
don’t
add
more
noise
to
them
UAA
LDAP
AuthenAcate
{!
"jti":"4657c1a8-b2d0-4304-b1fe-7bdc203d944f",!
"aud":["openid","cloud_controller"],!
"scope":["read"],!
"email":"marissa@test.org",!
"exp":138943173,!
"user_id":"41750ae1-b2d0-4304-b1fe-7bdc24256387",!
"user_name":"marissa",!
"client_id":"vmc"!
}!
ACLS
18. Biz
Services
Data
Services
Core
Services
Make
sure
your
rest
client
propagates
the
token
for
the
next
service
19. The
Dark
side
of
microservices
architectures
• MulAple
remote
calls
• EnAty
relaAonships
• Great
arAcle
by
Chris
Richardson
:
hUp://
www.infoq.com/arAcles/microservices-‐intro
20. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
21. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
22. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
23. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
24.
25. TX
Manager
Hibernate
Session
TradiAonal
web
applicaAon
Controller
Service
Repo
EnAty
EnAty
Cascading operations
are managed by the
session factory
26. Ripple
effect
of
enAty
relaAonship
Product
Inventory
Orders
Users
28. HTTP
events
• High
efficient
server
sent
events
using
non
blocking
containers
(JeUy
9,
Tomcat
8,
Spray,
Play,
NeUy)
• Use
webhooks
when
comet/conAnuaAons
are
not
possible
• Pubsubhubbub?
Product
GET
/{id}
PUT
/{Id}
POST
/
GET
/events
à
SSE
POST
/hook/
à
callback
url
30. Polyglot
persistence
Data
Service
{!
"posts": [{!
"id": "1",!
"title": “The four levels of HA on pivotal
CF",!
"links": [{!
”author": {!
"href": "http://blog.gopivotal.com/author/
cdavis",!
"id":”ffd5b644-b220-4f7c-
efad-2dfee6768bb9” !
}]!
}!
}]!
}!
EnAty
RelaAonship
Data
Service
Data
Service
Data
Service
Data
Service