KEMBAR78
Identity Server on Azure: A Reference Architecture | PDF
WSO2, profile picture
Uploaded byWSO2
PDF, PPTX437 views

Identity Server on Azure: A Reference Architecture

The document outlines a reference architecture for deploying WSO2 Identity Server on Azure, detailing its features and capabilities in identity and access management. It covers deployment options, architectural considerations, capacity planning, monitoring, and best practices for ensuring reliability and scalability. The document serves as a guide for organizations looking to implement WSO2 Identity Server in cloud environments while maintaining performance and security.

Technology
Related topics:
Microsoft Azure
Download as PDF, PPTX
Identity Server on Azure: A Reference Architecture May 27th, 2020
Hello! Supun Perera Ajanthan Balachandran Senior Software Engineer ajanthan@wso2.com supunpe@wso2.com Senior Lead Solution Engineer
Identity Server on Azure: A Reference Architecture ● WSO2 Identity Server ⦿ Introduction ⦿ Deployment options ⦿ Deployment architecture ● Azure ⦿ Reference Architecture ⦿ Capacity Planning ⦿ Monitoring and alerting ⦿ Reliability and availability ⦿ Best practises ⦿ Demo Agenda 3
WSO2 Identity Server
5 WSO2 Identity and Access Management Server WSO2 Identity Server is a uniquely extensible, API driven, cloud native open source IAM product, designed for developers that build Customer IAM solutions. It helps federate, authenticate, and manage identities, bridge identity protocols across environments, and secure access to web, mobile apps, and API-based endpoints.
6 Product Capabilities Identity Federation and SSO Identity Bridging Strong and Adaptive Authentication Fine Grained Access Control API and Microservices Privacy Regulations and Compliances Identity Provisioning and Administration
Deployment Options
● Multi-tenanted, shared everything ● On-premise userstore or Cloud userstore with IdP in the Cloud ● WSO2 Hosted and managed ● Pay as you go ● Guaranteed uptime ● Limited options in customizing ● Privately hosted ● WSO2 managed ● Upgrades, patches installation ● Guaranteed uptime ● Full flexibility in customization ● Better control ● Self hosted ● Self managed ● Full flexibility ● Dev-ops learning curve ● Self managed upgrades 8 Cloud First or Start with Self-hosted and Self-managed Software as Service WSO2 Managed Service Self-hosted and self -managed
Deployment Architecture
Deployment Ecosystem
Required Subsystems ● Bare Metal/VM/Container ⦿ 4 or 2 core CPU/VPU ⦾ 2 cores are only for low end use cases ⦿ 4 GB Memory ⦿ 10 GB HD ● Database ⦿ Configuration and meta data store ⦿ Runtime data store ⦿ Users store ● Directory server ⦿ Needed only if the user profiles are in directory server ● Optional ⦿ WSO2 Identity Analytics ⦿ Other DevOps/CICD tools
Required Softwares ● Operating system ⦿ Supporting all major OSs ⦿ Tested against WIN,Linux and Unix flavours ● JAVA ⦿ Supporting all the JDK distributions ⦿ Thoroughly tested on Openjdk ● JDBC Drivers ⦿ Relevant JDBC drivers are needed according to RDBMS used
Network Architecture ● WSO2 Identity Server should be deployed inside the private network ● Deploying on public network or DMZ is not recommended ● Expose public facing endpoints through a Load Balancer or Reverse Proxy ● Only expose functional web endpoint to public ● Block management endpoint(Management console and APIs) unless needed
Clustering ● Minimum HA requires 2 nodes ● Clustering enables grouping nodes and horizontal scaling ● Uses Hazelcast for passing messages between nodes ● Nodes have local Caches ● Cache invalidated through message passing ● LB/RP route traffic among nodes ● Shared file system is for sharing secondary userstore configurations
Determining the Number of Nodes ● Single node(4 cores) can handle ⦿ 150 concurrent users ⦿ 175 Login per second ● Latency in both cases is less than 1s ● Horizontal scaling yields ⦿ Near linear performance increase ⦿ Supporting systems should also be scaled to avoid bottlenecks ⦾ Database ⦾ Directory Server
Deployment Patterns
Deployment Pattern 1 ● Highly available deployment of WSO2 Identity Server ● Deployment for scalability
Deployment Pattern 1 ● TPS based scaling ● Horizontal auto-scaling via AWS/Azure/Google App Engine or container platforms such as K8S or OpenShift Number of nodes(Cores) Traffic Pattern High* Medium** Low*** Number of users < 1 Million 2(2) 2(2) 2(2) <2 Million 2(2) 2(2) 2(2) <3 Million 3(2) 2(2) 2(2) <4 Million 2(4) 2(2) 2(2) <5 Million 5(2) 2(2) 2(2) 7-10 Million 10(2) 5(2) 3(2) ● Low traffic ⦿ 50% users are login in 10 times a day ⦿ 25% users are login in 6 times a day ⦿ 25% users are login in 3 time a day ● Medium traffic ⦿ 50% users are login in 5 times a day ⦿ 25% users are login in 3 times a day ⦿ 25% users are login in 2 times a day ● High traffic ⦿ 50% users are login in 3 times a day ⦿ 25% users are login in 2 times a day ⦿ 25% users are login in 1 time a day
Deployment Pattern 2 ● Highly available deployment of WSO2 IS and WSO2 IS Analytics ● Minimum recommendation is 2 active/active IS nodes and 2 active/passive IS Analytics nodes ● Deployment for scalability ● IS Analytics doesn’t support horizontal dynamic scaling
Azure
Azure Datacenters
Azure Security and Compliance
WSO2 Reference Architecture
Capacity Planning ● Virtual Machine ⦿ CPU ⦿ Memory ⦿ Disk ● Database ⦿ CPU ⦿ Memory ⦿ IOPS
Capacity Planning - Azure DTU Metrix
Capacity Planning - Azure vCore Metrix
Capacity Planning - Azure vCore General Purpose
Monitoring and Alerts Monitoring and alerts can be easily configure with Azure Monitor. ● VM Resource Monitoring ● Network Level Monitoring ● Log4j Monitoring ● JMX monitoring ● Customized Alerts
Reliability and Availability Automated backup and DR solution ● Backup service ⦿ Virtual Machines ⦿ Database Servers ● Site Recovery service ⦿ Complete DR solution
Best Practices ● Shared Mount only for <IS_HOME>/../userstores directory. ● Choose the correct VM and Database type. ● Create backup and recovery sites in prior and verify them. ● Do not explored VMs to public. ● Have separate resource groups for different environments. ● Keep strict firewall and Network security groups (NSG) rules. ● Schedule the cleanup Tasks.
Demo
Question Time! 32
wso2.com Thanks!

More Related Content

PDF
Introduction to Kubernetes Workshop
byBob Killen
 
PPTX
Helm - Package manager in K8S
byPiotr Perzyna
 
PDF
OpenShift 4 installation
byRobert Bohne
 
PDF
Rancher 2.0 Technical Deep Dive
byLINE Corporation
 
PPTX
Kubernetes-Fundamentals.pptx
bysatish642065
 
PPT
Docker introduction
byPhuc Nguyen
 
PDF
AWS Fargate on EKS 실전 사용하기
byAWSKRUG - AWS한국사용자모임
 
PPTX
Kubernetes Introduction
byEric Gustafson
 
Introduction to Kubernetes Workshop
byBob Killen
 
Helm - Package manager in K8S
byPiotr Perzyna
 
OpenShift 4 installation
byRobert Bohne
 
Rancher 2.0 Technical Deep Dive
byLINE Corporation
 
Kubernetes-Fundamentals.pptx
bysatish642065
 
Docker introduction
byPhuc Nguyen
 
AWS Fargate on EKS 실전 사용하기
byAWSKRUG - AWS한국사용자모임
 
Kubernetes Introduction
byEric Gustafson
 

What's hot

PPTX
Flink history, roadmap and vision
byStephan Ewen
 
PDF
Prometheus - basics
byJuraj Hantak
 
PPTX
Kubernetes #1 intro
byTerry Cho
 
PPTX
Managing enterprise users in Hadoop ecosystem
byDataWorks Summit
 
PPTX
Apache tomcat
byShashwat Shriparv
 
PDF
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
bySONG INSEOB
 
PDF
OpenShift Virtualization- Technical Overview.pdf
byssuser1490e8
 
PPTX
Kafka 101
byClement Demonchy
 
PDF
Introduction to kubernetes
byGabriel Carro
 
PDF
How we can do Multi-Tenancy on Kubernetes
byOpsta
 
PDF
OpenStack Architecture
byMirantis
 
PDF
Deep dive into Kubernetes Networking
bySreenivas Makam
 
PDF
OpenStack Architecture
byMirantis
 
PDF
톰캣 운영 노하우
byjieunsys
 
PDF
Kubernetes or OpenShift - choosing your container platform for Dev and Ops
byTomasz Cholewa
 
PDF
Kubernetes
byerialc_w
 
PDF
[오픈소스컨설팅] 아파치톰캣 운영가이드 v1.3
byJi-Woong Choi
 
PDF
Introduction to Red Hat OpenShift 4
byHngNguyn748044
 
PPTX
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
byAkhmadZakiAlsafi
 
PPTX
Introduction to helm
byJeeva Chelladhurai
 
Flink history, roadmap and vision
byStephan Ewen
 
Prometheus - basics
byJuraj Hantak
 
Kubernetes #1 intro
byTerry Cho
 
Managing enterprise users in Hadoop ecosystem
byDataWorks Summit
 
Apache tomcat
byShashwat Shriparv
 
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
bySONG INSEOB
 
OpenShift Virtualization- Technical Overview.pdf
byssuser1490e8
 
Kafka 101
byClement Demonchy
 
Introduction to kubernetes
byGabriel Carro
 
How we can do Multi-Tenancy on Kubernetes
byOpsta
 
OpenStack Architecture
byMirantis
 
Deep dive into Kubernetes Networking
bySreenivas Makam
 
OpenStack Architecture
byMirantis
 
톰캣 운영 노하우
byjieunsys
 
Kubernetes or OpenShift - choosing your container platform for Dev and Ops
byTomasz Cholewa
 
Kubernetes
byerialc_w
 
[오픈소스컨설팅] 아파치톰캣 운영가이드 v1.3
byJi-Woong Choi
 
Introduction to Red Hat OpenShift 4
byHngNguyn748044
 
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
byAkhmadZakiAlsafi
 
Introduction to helm
byJeeva Chelladhurai
 

Similar to Identity Server on Azure: A Reference Architecture

PPTX
Introduction to the WSO2 Identity Server &Contributing to an OS Project
byMichael J Geiser
 
PPTX
Windows Azure
byJohn Alioto
 
PDF
Beyond Economics - Cloud as a Business Enabler
byPaul Fremantle
 
PDF
WSO2 Stratos 2010 September Workshop
byAfkham Azeez
 
PPTX
War stories from building a public cloud
byWSO2
 
PDF
Agile Infrastructure with Windows Azure
byHARMAN Services
 
PDF
Evolution of PaaS
byPaul Fremantle
 
PDF
Identity Federation Patterns with WSO2 Identity Server​
byWSO2
 
PPTX
Hybrid cloud sample architectures
byJarek Sokolnicki
 
PDF
Microsoft Azure Cloud Services
byDavid J Rosenthal
 
PPTX
Azure platform for customers
byRateb Abu Hawieleh
 
PPTX
The Microsoft Cloud Partner
byNeethu Kuruvilla
 
PDF
Borderless Federated-Identity
byWSO2
 
PPTX
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
byWSO2
 
PPTX
Understanding the WSO2 Platform
byWSO2
 
PDF
Introduction to Azure IaaS
byRobert Crane
 
PPTX
windows server 2012 R2
byGol D Roger
 
PPTX
Windows Azure Platform
byDavid Chou
 
PDF
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
byProfesia Srl, Lynx Group
 
PPTX
ciplaasfqewfefewtwegndkvndsgjbsdz-dfafd.pptx
bykreshenka
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
byMichael J Geiser
 
Windows Azure
byJohn Alioto
 
Beyond Economics - Cloud as a Business Enabler
byPaul Fremantle
 
WSO2 Stratos 2010 September Workshop
byAfkham Azeez
 
War stories from building a public cloud
byWSO2
 
Agile Infrastructure with Windows Azure
byHARMAN Services
 
Evolution of PaaS
byPaul Fremantle
 
Identity Federation Patterns with WSO2 Identity Server​
byWSO2
 
Hybrid cloud sample architectures
byJarek Sokolnicki
 
Microsoft Azure Cloud Services
byDavid J Rosenthal
 
Azure platform for customers
byRateb Abu Hawieleh
 
The Microsoft Cloud Partner
byNeethu Kuruvilla
 
Borderless Federated-Identity
byWSO2
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
byWSO2
 
Understanding the WSO2 Platform
byWSO2
 
Introduction to Azure IaaS
byRobert Crane
 
windows server 2012 R2
byGol D Roger
 
Windows Azure Platform
byDavid Chou
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
byProfesia Srl, Lynx Group
 
ciplaasfqewfefewtwegndkvndsgjbsdz-dfafd.pptx
bykreshenka
 

More from WSO2

PDF
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
byWSO2
 
PDF
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
byWSO2
 
PDF
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
byWSO2
 
PDF
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
byWSO2
 
PDF
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
byWSO2
 
PDF
Platformless Modernization with Choreo.pdf
byWSO2
 
PDF
Application Modernization with Choreo for the BFSI Sector
byWSO2
 
PDF
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
byWSO2
 
PDF
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
byWSO2
 
PPTX
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
byWSO2
 
PPTX
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
byWSO2
 
PPTX
WSO2Con 2025 - Building Secure Customer Experience Apps
byWSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
PPTX
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
PPTX
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
byWSO2
 
PPTX
WSO2Con 2025 - Architecting Cloud-Native Applications
byWSO2
 
PDF
Mastering Intelligent Digital Experiences with Platformless Modernization
byWSO2
 
PDF
Accelerate Enterprise Software Engineering with Platformless
byWSO2
 
PDF
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
byWSO2
 
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
byWSO2
 
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
byWSO2
 
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
byWSO2
 
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
byWSO2
 
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
byWSO2
 
Platformless Modernization with Choreo.pdf
byWSO2
 
Application Modernization with Choreo for the BFSI Sector
byWSO2
 
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
byWSO2
 
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
byWSO2
 
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
byWSO2
 
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
byWSO2
 
WSO2Con 2025 - Building Secure Customer Experience Apps
byWSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
byWSO2
 
WSO2Con 2025 - Architecting Cloud-Native Applications
byWSO2
 
Mastering Intelligent Digital Experiences with Platformless Modernization
byWSO2
 
Accelerate Enterprise Software Engineering with Platformless
byWSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
byWSO2
 

Recently uploaded

PPTX
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
PDF
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
PDF
Netflix's Scalable Page Construction with Real-Time Impression History by Sau...
byScyllaDB
 
PPTX
Session 6 Specialized AI Associate Series: The GenAI Experience in UiPath Doc...
byDianaGray10
 
PDF
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
BSides NYC 2025: Inside Cloud Attack Paths End-to-End Adversary Simulation
byMauricio Velazco
 
PDF
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
PDF
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
PDF
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
PDF
A 4-Terminal Approach to Validating Charge Conservation in MOSFET Compact Models
byEalwan Lee
 
PDF
The Gory Details of a Full-Featured Userspace CPU Scheduler by Avi Kivity
byScyllaDB
 
PDF
“Depth Estimation from Monocular Images Using Geometric Foundation Models,” a...
byEdge AI and Vision Alliance
 
PDF
Morgenbooster: Navigating Ai Criticism with Systems Thinking
by1508 A/S
 
PDF
The End of the Missed Call - How AI Recaptures Lost Leads and Secures ROI
byiovox
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PDF
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
PDF
Airtable Building Semantic Search with Milvus
byZilliz
 
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
Netflix's Scalable Page Construction with Real-Time Impression History by Sau...
byScyllaDB
 
Session 6 Specialized AI Associate Series: The GenAI Experience in UiPath Doc...
byDianaGray10
 
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
BSides NYC 2025: Inside Cloud Attack Paths End-to-End Adversary Simulation
byMauricio Velazco
 
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
A 4-Terminal Approach to Validating Charge Conservation in MOSFET Compact Models
byEalwan Lee
 
The Gory Details of a Full-Featured Userspace CPU Scheduler by Avi Kivity
byScyllaDB
 
“Depth Estimation from Monocular Images Using Geometric Foundation Models,” a...
byEdge AI and Vision Alliance
 
Morgenbooster: Navigating Ai Criticism with Systems Thinking
by1508 A/S
 
The End of the Missed Call - How AI Recaptures Lost Leads and Secures ROI
byiovox
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
Airtable Building Semantic Search with Milvus
byZilliz
 

Identity Server on Azure: A Reference Architecture

  • 1.
    Identity Server onAzure: A Reference Architecture May 27th, 2020
  • 2.
    Hello! Supun Perera Ajanthan Balachandran SeniorSoftware Engineer ajanthan@wso2.com supunpe@wso2.com Senior Lead Solution Engineer
  • 3.
    Identity Server onAzure: A Reference Architecture ● WSO2 Identity Server ⦿ Introduction ⦿ Deployment options ⦿ Deployment architecture ● Azure ⦿ Reference Architecture ⦿ Capacity Planning ⦿ Monitoring and alerting ⦿ Reliability and availability ⦿ Best practises ⦿ Demo Agenda 3
  • 4.
  • 5.
    5 WSO2 Identity andAccess Management Server WSO2 Identity Server is a uniquely extensible, API driven, cloud native open source IAM product, designed for developers that build Customer IAM solutions. It helps federate, authenticate, and manage identities, bridge identity protocols across environments, and secure access to web, mobile apps, and API-based endpoints.
  • 6.
    6 Product Capabilities Identity Federationand SSO Identity Bridging Strong and Adaptive Authentication Fine Grained Access Control API and Microservices Privacy Regulations and Compliances Identity Provisioning and Administration
  • 7.
  • 8.
    ● Multi-tenanted, shared everything ●On-premise userstore or Cloud userstore with IdP in the Cloud ● WSO2 Hosted and managed ● Pay as you go ● Guaranteed uptime ● Limited options in customizing ● Privately hosted ● WSO2 managed ● Upgrades, patches installation ● Guaranteed uptime ● Full flexibility in customization ● Better control ● Self hosted ● Self managed ● Full flexibility ● Dev-ops learning curve ● Self managed upgrades 8 Cloud First or Start with Self-hosted and Self-managed Software as Service WSO2 Managed Service Self-hosted and self -managed
  • 9.
  • 10.
  • 11.
    Required Subsystems ●Bare Metal/VM/Container ⦿ 4 or 2 core CPU/VPU ⦾ 2 cores are only for low end use cases ⦿ 4 GB Memory ⦿ 10 GB HD ● Database ⦿ Configuration and meta data store ⦿ Runtime data store ⦿ Users store ● Directory server ⦿ Needed only if the user profiles are in directory server ● Optional ⦿ WSO2 Identity Analytics ⦿ Other DevOps/CICD tools
  • 12.
    Required Softwares ● Operatingsystem ⦿ Supporting all major OSs ⦿ Tested against WIN,Linux and Unix flavours ● JAVA ⦿ Supporting all the JDK distributions ⦿ Thoroughly tested on Openjdk ● JDBC Drivers ⦿ Relevant JDBC drivers are needed according to RDBMS used
  • 13.
    Network Architecture ● WSO2Identity Server should be deployed inside the private network ● Deploying on public network or DMZ is not recommended ● Expose public facing endpoints through a Load Balancer or Reverse Proxy ● Only expose functional web endpoint to public ● Block management endpoint(Management console and APIs) unless needed
  • 14.
    Clustering ● Minimum HArequires 2 nodes ● Clustering enables grouping nodes and horizontal scaling ● Uses Hazelcast for passing messages between nodes ● Nodes have local Caches ● Cache invalidated through message passing ● LB/RP route traffic among nodes ● Shared file system is for sharing secondary userstore configurations
  • 15.
    Determining the Numberof Nodes ● Single node(4 cores) can handle ⦿ 150 concurrent users ⦿ 175 Login per second ● Latency in both cases is less than 1s ● Horizontal scaling yields ⦿ Near linear performance increase ⦿ Supporting systems should also be scaled to avoid bottlenecks ⦾ Database ⦾ Directory Server
  • 16.
  • 17.
    Deployment Pattern 1 ●Highly available deployment of WSO2 Identity Server ● Deployment for scalability
  • 18.
    Deployment Pattern 1 ●TPS based scaling ● Horizontal auto-scaling via AWS/Azure/Google App Engine or container platforms such as K8S or OpenShift Number of nodes(Cores) Traffic Pattern High* Medium** Low*** Number of users < 1 Million 2(2) 2(2) 2(2) <2 Million 2(2) 2(2) 2(2) <3 Million 3(2) 2(2) 2(2) <4 Million 2(4) 2(2) 2(2) <5 Million 5(2) 2(2) 2(2) 7-10 Million 10(2) 5(2) 3(2) ● Low traffic ⦿ 50% users are login in 10 times a day ⦿ 25% users are login in 6 times a day ⦿ 25% users are login in 3 time a day ● Medium traffic ⦿ 50% users are login in 5 times a day ⦿ 25% users are login in 3 times a day ⦿ 25% users are login in 2 times a day ● High traffic ⦿ 50% users are login in 3 times a day ⦿ 25% users are login in 2 times a day ⦿ 25% users are login in 1 time a day
  • 19.
    Deployment Pattern 2 ●Highly available deployment of WSO2 IS and WSO2 IS Analytics ● Minimum recommendation is 2 active/active IS nodes and 2 active/passive IS Analytics nodes ● Deployment for scalability ● IS Analytics doesn’t support horizontal dynamic scaling
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
    Capacity Planning ● VirtualMachine ⦿ CPU ⦿ Memory ⦿ Disk ● Database ⦿ CPU ⦿ Memory ⦿ IOPS
  • 25.
    Capacity Planning -Azure DTU Metrix
  • 26.
    Capacity Planning -Azure vCore Metrix
  • 27.
    Capacity Planning -Azure vCore General Purpose
  • 28.
    Monitoring and Alerts Monitoringand alerts can be easily configure with Azure Monitor. ● VM Resource Monitoring ● Network Level Monitoring ● Log4j Monitoring ● JMX monitoring ● Customized Alerts
  • 29.
    Reliability and Availability Automatedbackup and DR solution ● Backup service ⦿ Virtual Machines ⦿ Database Servers ● Site Recovery service ⦿ Complete DR solution
  • 30.
    Best Practices ● SharedMount only for <IS_HOME>/../userstores directory. ● Choose the correct VM and Database type. ● Create backup and recovery sites in prior and verify them. ● Do not explored VMs to public. ● Have separate resource groups for different environments. ● Keep strict firewall and Network security groups (NSG) rules. ● Schedule the cleanup Tasks.
  • 31.
  • 32.
  • 33.