1. Making Tomcat Multi-tenant, Elastic, Billed and Metered Paul Fremantle CTO and Co-Founder, WSO2 VP, Apache Synapse ASF Member @pzfreo http://pzf.fremantle.org Afhkam Azeez Lead Architect, Stratos Axis2, Synapse PMC ASF Member And also big thanks to Shankar, Amila, Srinath, Isuru, Senaka and the whole team

2. Paul Fremantle Working in Apache since 2002 Apache Member CTO and Co-Founder of WSO2 VP, Apache Synapse I play the Tin Whistle (in case you hadn’t noticed yet) @tedleung

3. Ok I lied a bit This is about “Using Tomcat to run multi- tenanted, metered, elastic webapps” We didn’t embed this into Tomcat code If you want to leave now, I won’t be offended!

4. “Cloud Native” Self-service Distributed and Elastic Multi-tenant Metered and Billed Dynamically wired Versionable, incrementally deployable and testable

5. http://www.flickr.com/photos/ladymaggic/

6. http://www.flickr.com/photos/jurvetson/

7. Can I run Tomcat on the Cloud? Yes of course There is at least one company selling supported AMI images of Tomcat What does that get me? –Saves me creating an AMI Can we do better? Yes!

8. Cloud computing in one page The Big Picture Infrastructure as a Service –Servers, storage & networking –For infrastructure specialists Platform as a Service –Middleware and Core Services –For developers, integrators, architects Software as a Service –Applications –For end-users

9. © WSO2 2010 Enterprise IT in 2010 9

10. © WSO2 2010 Enterprise IT in 2015+ 10

11. Stratos Application Server

12. What can I do with Stratos App Server? Deploy WAR files Manage sessions –Monitor –Expire Reload / Stop

13. A webapp, running in the cloud

14. Quick demo

15. Not just webapps – services too Supports deploying code as services –JAX-WS –Axis2 services –POJO –Spring-based POJO services

16. Uses Tomcat Running on Tomcat under OSGi Multi-tenant Metered Elastic

17. How? How do we multi-tenant? How do we meter? How do we scale (elasticity)?

18. What Multi-tenancy ? Many Parties shared same set of resources, while giving each an his own space

19. Challenges of Multi-tenancy Security and Data Isolation Allocation of resources Configuration, Management Programming Model

20. Multi-tenanting Tomcat http://appserver.cloud.wso2.com/t/fremantle.org/webapp s/sample/http://appserver.cloud.wso2.com/t/fremantle.org/webapp s/sample/ Uses a valve to direct the request to the right tenant WAR files already have separate classloaders –And session isolation Each tenant can only load code from their tenants deployed WARs For services we also restrict classloading using Java Security We apply security policies to stop webapps opening ports, modifying local files, calling OSGi Services –We intend to enhance this to support limited access to services

21. Multi-tenanting Axis2

22. Every tenant has access to an Identity Service

23. Identity Every domain/tenant has its own single-sign on and identity manager Based on LDAP – which is inherently multi- tenant –Each tenant has their own LDAP partition Supporting SAML2, OpenId, OAuth, XACML, Infocard, WS-Trust

24. Simply enabling security Example Security Constraint FORM Example Form-Based Authentication Area /login.jsp /login-error.jsp admin

25. Single sign-on We already support SAML2 based single-sign on for Administration –So if you want, you can use a SAML2 Relying Party in your webapp, that works –We can recommend one too OpenSAML2 https://spaces.internet2.edu/display/OpenSAML/Home/ Not yet automatically supported for webapps –We plan to add this

26. Elasticity Elastic Load Balancer –Apache Synapse Always done load balancing Now has full transparent HTTP support Has “Autoscale” mediators –Based on Azeez’s Master’s thesis Priority Execution support and throttling (Business Class) –Underlying Cloud API We have based on Amazon/Eucalyptus/Ubuntu API Adding support for vmWare underneath

27. Overall plan

28. Apache Tribes

29. Distributed Our distribution/clustering model is based on Apache Tribes Adjusted Tribes to support WKA model In a large cloud (e.g. Amazon) you cannot rely on subnet communications between nodes Nominate two Well Known Addresses –Tribes contacts the WKA and uses that the bootstrap the fabric

30. Performance Overhead of Multi-tenancy

31. Metering

32. Super tenant metering

33. Billing and Metering A generic multi-tenanted metering and billing module Written as OSGi Uses Drools to implement service levels –E.g. 10 users, 100Mb transfer/month, 15 deployed services for free level of subscription Can be used to meter real business events –How many sales transactions / month

34. Programming Model Sub-tenant programming model –“Normal” –Suited to fit within a tenant Super-tenant model –How to write one app for all tenants –i.e. how to write multi-tenant apps –Different but similar Neither is complete yet

35. Data Is a pain Most webapps use JDBC-based data sources –Very hard to “multi-tenant” We are looking at two options: –Multi-tenanted JBDC driver –Multi-tenant NoSQL (e.g. Cassandra) In Amazon environment you can start up RDS –But you pay for time not usage

36. Cache Uses JSR107 cache = CarbonContext.getCurrentContext().getCache(); cache.put(key, value); value = cache.get(key); CarbonContext is our general model for building a sub-tenant multi-tenant programming model –A set of standard stuff that works in an MT environment –Isolation and security

37. What else do you need? Multi-tenant enabled: –Log –Cache (done) –Billing –Identity –Authorization –JMS/Queue/Topics –Registry/Repository/Config access –Managed Service Requester (HTTP, SOAP) JAXWS/JAXRS/Commons HTTPClient

38. Summary Cloud Native attributes distinguish code that just floats on top of the cloud from applications that live in the cloud Stratos is an example of a making Tomcat Cloud Native Not complete…. But that would be boring anyway!