2. What we do:
WSO2 can help any business wherever they are
and take them where they want to go.
Business Business with APIs Connected Business
(WSO2 Carbon middleware) (WSO2 API Manager) (WSO2 App Factory)
Business = {People, Processes,
Data}
3rd
Party
Apps
API
PaaS for
Managed 3rd
Party Apps
API
A
p
p
A
p
p
A
p
p
Business = {People, Processes, Data}
3rd Party
Apps
API
Business = {People, Processes, Data}
3. - Providing the only complete open source componentized cloud platform
- Dedicated to removing all the stumbling blocks to enterprise agility
- Enabling you to focus on business logic and business value
- Recognized by leading analyst firms as visionaries and leaders
- Gartner cites WSO2 as visionaries in all 3 categories of application
infrastructure
- Forrester places WSO2 in top 2 for API Management
- Global corporation with offices in USA, UK & Sri Lanka
- 200+ employees and growing
- Business model of selling comprehensive support & maintenance for our
products
About WSO2
5. SaaS (Software as a Service)
“On-demand software provided by a
application service provider.”
“A software delivery model in which software and
associated data are centrally hosted in the cloud.”
- Wikipedia
6. SaaS (Software as a Service)
“Software that is owned, delivered and
managed remotely by one or more providers. The
provider delivers software based on one set of
common code and data definitions that is
consumed in a one-to-many model by all
contracted customers at anytime on a pay-for-use
basis or as a subscription based on use metrics.”
- Gartner
11. SaaS Technical Requirements
Elastic (Uses the cloud efficiently)
Scales up and down as needed
Works with the underlying IaaS
Self-service (in the hands of users)
De-centralized creation and management of tenants
Automated Governance across tenants
Multi-tenant (Only costs when you use it)
Virtual isolated instances with near zero incremental cost
Implies you have a proper identity model
Granularly Billed and Metered (pay for just what you use)
Allocate costs to exactly who uses them
Distributed/Dynamically Wired (works properly in the cloud)
Supports deploying in a dynamically sized cluster
Finds services across applications even when they move
Incrementally Deployed and Tested (seamless live upgrades)
Supports continuous update, side-by-side operation, in-place testing and incremental production
16. Stratos Architecture
jClouds
API
Stratos
PaaS
Founda2on
(Tenancy
model,
Shared
Services,
Security,
Self-‐Service,
Elas2city)
WSO2
ESB
Server
WSO2
AppServer
Applica2ons
EC2
OpenStack
VMware
Eucalyptus
…
…
WSO2
ESB
Cartridge
AppServer
Cartridge
PHP
App
PHP
Cartridge
Other
Carbon
Server
Carbon
Cartridge
Other
Servers
Pluggable
Cartridge
IaaS
PaaS
SaaS
17. Understanding Cartridges
• A cartridge is a package of code/configuration that plugs into Stratos to offer a new PaaS
Service
• e.g. Carbon ESB cartridge plugs in to provide a Stratos ESB-as-a-Service
• PHP Cartridge plugs in to provide PHP-as-a-Service
• A cartridge is a runtime that may (or may not) be optimized to use Stratos Core Services
• e.g. Logging, Authn/Authz, Billing and Metering, Registry, Messaging
• Plus a simple script to deploy code or artifacts
• A cartridge is a VM image plus config
• In Stratos 2.0 you need a VM per IaaS
• e.g. need to create both EC2 and VMware image to use on both IaaS
• Stratos takes care of:
• Spawning instances, Managing IPs
• Load-balancing and URL Mapping
• Autoscaling
18. Stratos PaaS Foundation
• Stratos Controller
• set of components that deploy, scale, monitor, and manage an elastic middleware
Cloud
• Stratos Core Services
• provide essential capabilities to Cartridges and applications running in Stratos
• Logging-as-a-Service
• Data-as-a-Service (MySQL and Cassandra)
• Identity-as-a-Service
• Registry/Repository (for metadata and config)
• Billing and Metering
19. SaaS Reference Architecture
Stratos Foundation
Services
Messaging
Logging
Identity & Security
Registry Services
Billing & Metering
Theming &
Personalization
Data
Storage
Relational Data Column Storage File
Storage
Application
PlatformServices
Application
Server Data Services Enterprise
Service Bus
Business Process Business Rules Mashup Services
User Engagement Business Activity
Monitoring
Complex Event
Processing
SaaS
Application Business Logic
Presentation API
20. Multi-tenancy
A cartridge can operate in two modes:
• Single tenant
• Stratos will run and manage a separate instance for each tenant
• The PHP Cartridge runs this way
• Multi-tenant
• Stratos will run multiple instances partitioned so that sets of tenants run on sets of
instances
• Each instance of a Cartridge may run more than one tenant
• Carbon Cartridges run this way
22. Achieving Tenant Isolation
• Each Tenant is given a Security Domain
• Each domain may have its own User Store and Permissions, thus have a
set of users and permissions enabling users to access resources
• Each domain is isolated and do not have access to other domains
27. Metering
• Each SaaS Application can collect
• Number of service calls
• bandwidth (upload, download)
• Send above to WSO2 BAM
• WSO2 BAM summarizes periodically
• Summarized data will be accessible by Stratos Manager / SaaS
applications
30. Throttling
• Control people to not using more than allowed resources
• Number of users per tenant
• Registry Space
• Batch mode at the moment
• Stratos Manager validates each tenant periodically using metering information
• Evaluation is based on rules configured using Drools
• Update the status of each tenant to registry
• Other services read from registry
31. Stratos Billing
• Scheduled invoice generation
• Ability to view past invoices and the current(interim) invoice
• Securely pay the invoice via Paypal
• Notifies the customer via email on received payments
• Notifies the super-admin on customers exceeding the credit limit
• Presents a summary view to the super-admin
36. Super Tenant SaaS Applications Vs Tenant SaaS Applications
• Tenant SaaS applications
• do not have certain permissions
• E.g: Write/Read from local file system, Open a socket and listen
• Will not be able to access or modify other tenant’s data
• Super tenant applications have full control and permissions
37. Tenant SaaS Web Applications
• Configure security in web.xml
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/jsp/security/protected/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
38. Tenant SaaS Web Applications
• Enable SaaS for the webapp
• VALUE can be
• Empty – all tenants are allowed to access the webapp
• Allowing some tenants
• Restricting some tenants
• Allowing only some users of a tenant
• Restricting some users of a tenant
• Allow/Restrict only some roles of a tenant
• Can combine multiple scenarios
<context-param>
<param-name>carbon.saas.tenants</param-name>
<param-value>[VALUE]</param-value>
</context-param>
<param-value></param-value>
<param-value>foo.com;bar.com</param-value>
<param-value>!foo.com;!bar.com</param-value>
<param-value>foo.com:users=test,admin;bar.com</param-value>
<param-value>foo.com:users=!test1,admin;bar.com:users=,!bob</param-value>
<param-value>foo.com:roles=developers;bar.com:roles=!devops</param-value>
<param-value>foo.com:roles=devops:users=user1,user2;bar.com:roles=!devops</param-value>
39. Super Tenant SaaS Application
• Can access tenant’s user level information
• Use org.wso2.carbon.context.PrivilegedCarbonContext to access
tenant’s information
• Registry
• Cache
• Tenant Manager
• Queue
42. More Info
§ Corporate website: http://wso2.com
§ Solution Architecture Blog: http://wso2.com/blogs/architecture/
§ Business development team: bizdev@wso2.com
§ Asanka Abeysinghe
§ Blog : http://asanka.abeysinghe.org
§ Twitter : @asankama
§ Selvaratnam Uthaiyashankar
§ Blog : http://uthaiyashankar.blogspot.com
§ Twitter : @uthaiyashankar
43. Engage with WSO2
- Helping you get the most out of your deployments
- From project evaluation and inception to development and
going into production, WSO2 is your partner in ensuring
100% project success