A Single Global Database
Identity & Access Management
A European electronic lock manufacturer was looking to modernize its identity access management system by migrating from Microsoft SQL Server to a scalable database that did not require manual sharding. The manufacturer has customers across the globe that need always-available, low-latency reads.
As a European company, they also require a database that complies with the EU’s General Data Protection Regulation (GDPR). They turned to Cockroach Labs’ database-as-a-service (DBaaS) offering, CockroachDB Dedicated, for its strong resiliency, scalability, and regulatory compliance. Cockroach Labs deployed a global cluster, which the manufacturer configured to pin data in specific locations. This geo-partitioning allowed the team to meet their performance and regulatory-compliance goals. CockroachDB Dedicated is now a critical part of the application’s infrastructure, and the manufacturer’s small engineering team has more free time to handle development.
A European electronic lock manufacturer wanted to modernize the infrastructure of its identity access management system, which oversees admission to hospitals, airports, retail locations, and high-security facilities. The application relies on storing sensitive data from customers around the globe in a transactional database. Many use cases are time-sensitive (e.g., hospital room access) and require always-available records (e.g., military base access), making both low-latency reads and database resiliency important.
At the time the team decided to modernize the app, it was built on an on-premise deployment of Microsoft SQL Server. In the past they had also used MySQL. Both legacy databases required manual sharding, a practice the team found painstaking and labor-intensive. They wanted to move away from sharding and evolve the app’s architecture from monolithic to microservices. Since they didn’t have a site reliability team, and they didn’t want to sink time into cloud operations, they decided to explore database-as-a-service (DBaaS) solutions.
The team had multiple requirements for their new DBaaS. First, they needed a resilient solution that could survive datacenter or regional failures. In the event of a regional failure, they needed their database to remain available so customers could access important facilities. The team also wanted to scale globally to reach its widespread customer base, but they needed low-latency reads for their time-sensitive use cases. In addition, they wanted to achieve this global scale without manual sharding.
Another requirement was compliance with data domiciling laws, such as GDPR. The manufacturer has customers across the European, Asia, and North America, and they needed to ensure European customer data remained in Europe. If possible, they wanted to pin row-level data to individual countries. Finally, they needed the ability to stream a log of their transactional updates into their Elasticsearch, Logstash, and Kibana stack as an event bus for microservices.
The manufacturer evaluated various solutions, including Google Spanner and Amazon Aurora, and they decided CockroachDB Dedicated best met their requirements. The team is also a proponent of Golang and open source projects, and they were impressed by the quality of review processes and code they found on the CockroachDB repository.
CockroachDB Dedicated is a single-tenant, secure, fully managed and hosted service that runs Enterprise CockroachDB in Amazon Web Services (AWS) or Google Cloud Platform (GCP). The CockroachDB Dedicated team removes the operational complexity of setting up and maintaining a distributed database, so that application teams can focus on building their business applications. Since removing operational burden was a key criteria for the manufacturer’s team, using the hosted solution of CockroachDB was a no-brainer option.
Cockroach Labs created a global CockroachDB Dedicated deployment to meet the manufacturer’s goals. The Cockroach Labs team set up a total of nine nodes, spread across three regions: US-East, Europe-West, and Asia-East. Within each region, there are three different availability zones that each house one node. The manufacturer’s team then used a feature called geo-partitioned replicas to pin row-level data to specific regions; for example, European customer data is pinned to Europe-West. No additional work or manual sharding was required to create this global deployment, since CockroachDB Dedicated automatically scales and breaks data into sections called ranges. If the manufacturer decides to expand into new regions, scaling will be as simple as spinning up new nodes and pointing them at the cluster.
The manufacturer’s CockroachDB Dedicated cluster uses the geo-partitioned replicas configuration, where all replicas for a set of data are constrained to a region, and each replica is pinned to a separate data center.
This deployment, combined with CockroachDB’s inherent resiliency, allowed the manufacturer to meet their requirement of an always-available database. By default, CockroachDB Dedicated replicates data three times and stores the replicas on machines that maximize geographic diversity. For the electronics manufacturer, all three replicas of data are pinned to the same geographic region (depending on where the customer is located), and then the replicas are distributed among the three availability zones in that region. This means that even if one zone fails, two additional copies of data remain accessible in the other zones.
With their scale and resiliency goals met, the manufacturer wanted to ensure it could achieve local read performance and comply with GDPR. The geo-partitioned replica feature allowed the team to meet both goals. By placing data in the nearest region to the customer, CockroachDB Dedicated achieves low latencies and remains within the regional jurisdiction.
Finally, the team used CockroachDB’s change data capture to stream their transactional data from CockroachDB Dedicated to their search system (ElasticSearch) thus completing this stack.
CockroachDB Dedicated is now a critical part of the manufacturer’s user access control system around the world. With their global deployment, the team has achieved the availability, scale, and read performance they needed. CockroachDB Dedicated is also a key part of their regulatory compliance story. If the team identifies the need to expand in the future, their database can scale out easily to handle the demand. Most importantly, Cockroach Labs handles the database’s day-to-day operational tasks, meaning that the company’s small engineering team is now free to develop applications.