How to be successful on a PCF deployment into production. This deck shows lessons learned while pushing to production a revamped platform on a large media company. It shows a few things I've learned as chief architect while deploying apps using the microservices strategy
5. Challenges
• Large
distributed
Systems
:
Failure
becomes
the
norm
not
the
excepAon
• Enhance
developer
experience
of
your
API
• Enforce
security
and
access
control
of
endpoints
• Service
discovery
• Avoid
duplicaAon
9. Talking
about
services
Business
Value
Reusability
Biz
Services
Biz
Services
Biz
Services
Core
Services
Core
Services
Core
Services
Core
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
API
11. Service
Registry
• Stores
service
informaAon
– API
endpoints
– Security
metadata
(Access
Control
Lists,
Roles)
– Resource
relaAonships
– Quality
of
service
– Extended
Metadata
12. Service
Registry
Services
Instances
API
Endpoints
Security
UI
Metadata
QOS
Billing
/api/apidocs!
GET /users!
PUT /{id}!
GET /users!
- ClientId: myapp!
- roles: [USER,MANAGER]
!!
User : {!
SSN: {!
type: “string”,!
selectable: false,!
editable: false!
}!
}!
/search : {!
limit : {!
value : 300,!
time: 3600,!
unit: “seconds”!
} !
}!
/search : {!
rate : {!
currency : “USD”,!
value : 0.10,!
meterType: “UNIT”,!
meterValue: 1000!
}!
}!
13. Cloud
Controller
DEA
Registry
GET
/v2/events
GET
/api/apidocs
push
app
+
app
MD
Router
14. UAA
NeUy
Pipeline
GET /users!
Authentication: Bearer <token>!
Service
Proxy
User
Service
Registry
Obtain
metadata
Validate
CredenAals
QoS
Billing
15. UAA
NeUy
Pipeline
GET /users!
Authentication: Bearer <token>!
Service
Proxy
User
Service
Registry
Data
Filter
{!
“firstname” : “joe”,!
“lastname” : “doe”,!
“comp” : 135,000.00!
}!
Obtain
metadata
Validate
CredenAals
QoS
Billing
16. UAA
NeUy
Pipeline
GET /users!
Authentication: Bearer <token>!
Service
Proxy
User
Service
Outbound
handler
Registry
Data
Filter
Obtain
metadata
Validate
CredenAals
QoS
Billing
Outbound
handler
{!
“firstname” : “joe”,!
“lastname” : “doe”,!
}!
{!
“firstname” : “joe”,!
“lastname” : “doe”,!
“comp” : 135,000.00!
}!
17. Security
• Don’t
use
LDAP
for
authorizaAon
• Corporate
LDAPs
can
be
very
polluted,
move
away
from
role
mapping
and
don’t
add
more
noise
to
them
UAA
LDAP
AuthenAcate
{!
"jti":"4657c1a8-b2d0-4304-b1fe-7bdc203d944f",!
"aud":["openid","cloud_controller"],!
"scope":["read"],!
"email":"marissa@test.org",!
"exp":138943173,!
"user_id":"41750ae1-b2d0-4304-b1fe-7bdc24256387",!
"user_name":"marissa",!
"client_id":"vmc"!
}!
ACLS
18. Biz
Services
Data
Services
Core
Services
Make
sure
your
rest
client
propagates
the
token
for
the
next
service
19. The
Dark
side
of
microservices
architectures
• MulAple
remote
calls
• EnAty
relaAonships
• Great
arAcle
by
Chris
Richardson
:
hUp://
www.infoq.com/arAcles/microservices-‐intro
20. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
21. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
22. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
23. Biz
Services
Biz
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Data
Services
Apps
Core
Services
Core
Services
Core
Services
Core
Services
Response
Time
24.
25. TX
Manager
Hibernate
Session
TradiAonal
web
applicaAon
Controller
Service
Repo
EnAty
EnAty
Cascading operations
are managed by the
session factory
26. Ripple
effect
of
enAty
relaAonship
Product
Inventory
Orders
Users
28. HTTP
events
• High
efficient
server
sent
events
using
non
blocking
containers
(JeUy
9,
Tomcat
8,
Spray,
Play,
NeUy)
• Use
webhooks
when
comet/conAnuaAons
are
not
possible
• Pubsubhubbub?
Product
GET
/{id}
PUT
/{Id}
POST
/
GET
/events
à
SSE
POST
/hook/
à
callback
url
30. Polyglot
persistence
Data
Service
{!
"posts": [{!
"id": "1",!
"title": “The four levels of HA on pivotal
CF",!
"links": [{!
”author": {!
"href": "http://blog.gopivotal.com/author/
cdavis",!
"id":”ffd5b644-b220-4f7c-
efad-2dfee6768bb9” !
}]!
}!
}]!
}!
EnAty
RelaAonship
Data
Service
Data
Service
Data
Service
Data
Service