RIP “Cloud LDAP”: Moving digital identity persistence to a Cloud Native Database
All digital identity platforms need some kind of database. Traditionally, that database was a Berkeley DB key/value store, front-ended by an LDAP interface. Becoming a “Directory Manager”, i.e. a competent LDAP administrator, requires specialized training and experience. In the past, most companies had a Directory Manager on the team. But today, we are in the midst of a seismic shift towards cloud native computing. The cloud enables us to focus on our business objectives by building only what we need to create our product, and consuming non-value add infrastructure services from other providers. Thus we no longer need expertise in operating every service our applications require–including LDAP. The Directory Manager is becoming an endangered species on the cloud native infrastructure team.
Of course we could try to force the square peg into the round hole–containerize LDAP servers, and move them to the cloud! However, if we do this, we are building a service, not consuming a service. We will need to replicate, backup, monitor, upgrade, and otherwise care for this LDAP service. What business value does building this LDAP service deliver? Great, we can store data on a disk! Do customers care?
For organizations who want to self-host, Directory Manager is still needed. But if you want to build a self-hosted cloud native infrastructure, which is easier than ever these days with tools like Suse Rancher, you might want to consider a more cloud native friendly persistence technology like Couchbase. Sorry Directory Manager!
The message Gluu receives from customers is loud and clear: we don’t want to manage databases anymore. So for the last six months or so, we’ve been working on new persistence implementations to support what we see as two of the most popular cloud databases: Amazon Aurora and Google Spanner. Aurora is a cloud database service based on MySQL. Spanner is a truly horizontally scalable database service that is SQL-like. So your organization’s existing DBA’s will find these two databases familiar.
The good news is that the performance on these cloud databases has been excellent. With Google Spanner, we’ve already broken 10k OpenID Connect authorization code flow transactions/second. Aurora benchmarking is underway, but promising.
Support for cloud databases is now available in Gluu Server Cloud Native edition 4.3.0-beta. The feature will be present, but not officially supported in Gluu Server Community Edition until version 4.3.1.
Many organizations want to consume digital identity itself as a cloud service. But for those who still see control of digital identity as strategic to their digital transformation, there is now one less thing to worry about. It’s a happy new day for everyone… except Cloud Directory Manager.