All posts by Hasina Abusaly

Nutanix: How WSO2’s Identity Server Enhanced Customer Experience

Nutanix is a leader in hyper converged systems with a mission to make infrastructure invisible by delivering an enterprise cloud platform that enables you to focus on the applications and services that power your business. At WSO2Con USA 2017, Director of SaaS and Tools Engineering at Nutanix Manoj Thirutheri explored how WSO2 Identity Server helped them enhance their customer experience to stay competitive against large vendors like HP, Microsoft and Cisco.

Nutanix provides over 4450 customers across the globe with a hyperconvergence appliance that has storage, virtualization and network components overlaid by an intelligent software layer in order to minimize the need for infrastructure. “Customer experience is the last mile of digital transformation,” Manoj said while stressing on the importance of creating an integrated ecosystem of customers and partners to be successful. They currently maintain multiple web portals for customer support, partner support, and the community. One of their top priorities is to make customer experiences as simple and seamless as possible. They needed to create a more seamless sign-on experience for their portals and mobile apps to maintain growth.

Because of the speed at which Nutanix was growing, many identity silos existed, which meant the same customer was identified in multiple ways. They had non-standard and insecure authentication and authorization mechanisms in place which made them vulnerable and hindered their user experience. Furthermore, their ability to be agile and innovate fast was deterred by the proprietary technology they used, which was not open or extendable. “The bottom line is, we didn’t know what our customers or partners were doing. We were lost,” notes Manoj. Having a 360 view of their customers’ activities and keeping track of them across the different portals were key requirements of their solution to these challenges.

As shown in the diagram below, Nutanix used WSO2 Identity Server to overcome their major identity and access management challenges. Manoj then explained the architecture from the bottom up. The highly available WSO2 Identity Server cluster is load balanced across multiple regions for high redundancy. Next, they built an intelligent API layer, which exposed all the APIs including user management, tenant management, service provider and identity provider APIs. By doing so they avoided vendor lock-in and didn’t couple their functionality to any technology, be it open source or proprietary. The third layer consisted of their own entitlement system called My Nutanix where customers and partners register and access the service providers. The green boxes at the top depict the service providers including the following:

  • The customer portal enables customers to access the services offered in My Nutanix.
  • The partner portal allows partners to perform deal registrations among other things.
  • The community portal is open source and can be used by anyone. Here, they use WSO2 Identity Server to authenticate the users through basic OAuth over Transport Layer Security (TLS), which allows them to track the users and gain new customer prospects.
  • They also have the educational and training portal in addition to many other service providers that are still in development.

Nutanix currently uses many industry standards for authentication including OAuth 2.0, OpenID Connect, and SAML 2.0, which are all supported out-of-the-box by WSO2 Identity Server. They also use WSO2 Identity Server for Just-in-Time (JIT) provisioning of users. Nutanix performs SMS-based multi-factor authentication (MFA) by using WSO2 Identity Server connectors to integrate with Twilio, which allows you to programmatically send and receive text messages using its web service APIs. In addition, they integrate with their partners through the Active Directory Federation Services (ADFS) provided by WSO2 Identity Server.

Apart from these implemented features, Nutanix is working on leveraging more capabilities of WSO2 Identity Server. They will soon bring in multi-tenancy because every customer has their own tenant with their own isolated roles. They will also experiment with a service-based authentication, a fairly new concept to them, which uses certificates to authenticate the user and creates the service accounts within WSO2 Identity Server. As Manoj states, “Two services, no human interaction”.

Having a product that is open source, supported multiple security protocols, and can scale was key. WSO2 Identity Server met all these requirements. WSO2 Identity Server helped create a seamless single sign-on experience for their customers, partners and prospects, while keeping track of all their actions. A key advantage that helped sustain Nutanix’s rapid growth was WSO2 Identity Server’s high scalability and availability and its ability to support a rapid increase in the number of users from 1000 to 100,000 in just two years. It met all of Nutanix’s requirements including out-of-the-box support for many standard protocols, multi-factor authentication (both SMS-based and Google authenticator), identity federation, multi-tenancy and tenant management. Furthermore, Nutanix also used WSO2 Managed Cloud, which provides excellent support.

“We now have a bunch of happy customers and partners. We ourselves are also very happy with WSO2 Identity Server,” Manoj added.To learn more about how Nutanix leveraged WSO2 watch Manoj’s talk at WSO2Con USA 2017.

Motorola Mobility: Using WSO2 Integration Platform to Increase Business Agility

Companies all over the globe are realizing the power of lean technology on the cloud and Motorola Mobility is one of them that’s taking action towards wielding this power. In February 2017, Sri Harsha Pulleti, an integration architect at Motorola Mobility and Richard Striedl, an advisory IT architect at Motorola Mobility, spoke at WSO2Con USA 2017 about their move to a hybrid cloud and container architecture with zero-touch automation.

A few years ago, on the day after thanksgiving, Motorola’s website crashed, resulting in the loss of many transactions from buyers who were flooding in to get their discounts. That’s when they started questioning how it happened, why it happened, and what they could do about it, explained Sri. All their web services were running through heavy-weight enterprise service buses (ESBs) in their data centers that didn’t have any other technical capability. They needed to move away from this to a lightweight platform in the cloud.

After evaluating many vendors they found WSO2 and its lightweight ESB – just what they had been looking for. Sri explained that they could quickly spin up instances of it and even set auto-healing and auto-scaling capabilities. WSO2 ESB (now extended as WSO2 Enterprise Integrator, which includes all the other key products and technologies from the WSO2 Integration Platform) also supports Amazon Web Services (AWS), which was their first option for cloud computing services. After choosing their vendor, Motorola began to make the necessary changes in their environment by re-architecting the system, setting up multiple ESBs and moving to a micro-platform architecture.

A year later, thanksgiving came along and this time everything went smoothly. “It was perfect, there were no issues and everything was absolutely fine”, explained Sri. However, a few months later, they realized that this was costly. Sri was given the challenge of finding something with the same capabilities as AWS, but at a lower cost. That’s when they started looking at OpenStack: an open source software for creating private and public clouds. It created an environment with similar capabilities to AWS and allowed them to set up their own data centers. After discussing further, they decided to run both environments (AWS and OpenStack) parallely and scale them up or down as needed.

This time, they decided to use containers, which allowed them to package their software into standardized units for development, shipment and deployment. But why? It’s lightweight, flexible and easy to scale. Sri then went on to discuss the importance of emphasizing collaboration and communication between developers as well as IT through DevOps: “It’s something everybody wants to achieve”. Instead of having just a DevOps team to achieve this, they made a zero touch automation DevOps platform. This homegrown application called Debug 360 built on open source products allows their developers to focus on developing the code and checking it into a repository while the end-to-end automation takes care of the rest. It now takes less than a week to complete any new development in an integration model.

Motorola now has WSO2 ESB on AWS and OpenStack, one without containers and one with. The next step will be to integrate these instances to achieve their ultimate goal of spinning up instances in both environments, Sri noted.

Motorola Mobility Advisory IT Architect Richard Striedl further explained the concept of cloud elasticity. He stated that they have learnt a lot especially in terms of enhancing DevOps while working with WSO2 the last few of years. The requirements for cloud elasticity included having the same DevOps procedures, cloud capabilities and application code and auto-scaling.

“We’re evaluating WSO2 API Manager,” said Richard while explaining their need for APIs to manage the environment, build the framework and have more control over it. At present, they have 35 applications with 90% of traffic going through OpenStack and 10% going through AWS. Richard concluded by exploring their future plans of dockerizing with data services and message brokering capabilities available in the new WSO2 Enterprise Integrator. “We might even take that step towards Ballerina as we all learned today,” he added.

To learn more about how Motorola Mobility is moving to the cloud through zero touch automation listen to Sri’s and Richard’s talk at WSO2Con USA 2017.