Hello everyone, welcome to may talk about the platform. Please welcome on stage three people. Victoria is the VP product of a very successful sales company. Alice is the principal software engineer there and John is a customer. John uses the backup and recovery product. He has five employees and he serves customers from the US. That's why he signed app to the app one region in the US. Nice to meet you Amila. I'm a software engineer and a scrum master. For more than eight years. I work at on ownbackup. We at on ownbackup solve these problem of managing users in multiple geographical regions with the platform. Like all of you, I'm a backend developer and I know how to write code. But after building the platform I'm more client facing developer. Now I understand the business and the client and that's why I'm so passionate about these platform. Let's go back to John. So John's company has been growing, so he has more employees and he serves customers from all over the world. That's why he has to sign up to the Emir region in Europe and to the australian region. Moreover, our imaginary SaaS company also growing so it buys a new security product. John wants this product. Isn't it amazing? No. This is exactly the challenge. John has to sign up again to the new regions and add all his employees. This is only for one product. He also wants the security product with a completely different UI. If he wants to add a user or remove a user, he has to repeat the process. What a mess. How can we help John? The solution is the platform. If you also struggle with managing users in multiple geographical regions, this talk is for you. I will share with you my experience from building these platform best practices, principles and guidelines that can fit each and every one of you in your organization. Back to our Victoria. Victoria is a really good manager so she always asks the right questions. She asks why? Why does it happen? Why does a user have to repeat these process again and again on each and every one of the regions? Alice, the developer immediately knew the answer. She said due to regulations, the sales company can take out the user's data outside of its geographical regions. They ended up with a very complex setup. Each region is a web server hosted in an EC two machine with completely different database and distinct URL. It's like islands. Me and a user in this island know anything about me as a user in that island, even though I have the same mail and the same username. Moreover, Alex added that the developers are frustrated. The different products were written in different times with different technologies. So when a developer has to use another product ability. It's very complicated and in most of the times he finds himself writing the same code again and again. No, it's not a good practice. Right. Victoria understood that something has to be done. She needs a solution. So she thought really long and really hard and came up with a vision. The platform. She handled an urgent meeting with all of the stakeholders and shared a vision. She wants one single login with one username and password to access all the regions, product and SaaS providers that we support. These user will enjoy centralized account and user management. All of it will be wrapped up in modern and unified user experience. Obviously the solution has to be secured. Alice was really excited about a new project, so she went to the window, started to draw rectangles, circles, arrows, cloud, you know, a developer and came up with a plan. She understood that her main problem are the distinct database. Says that each user has different identity on each and every one of the databases. She has to merge all the regions together so each user will have one identity across all the system. She needs one global service to be responsible for the user authentication authorization, managing the passwords, enforce central account configuration support, security settings like multi factor authentication, single sign on expiration works and more. Wow, sounds like a lot of work for Alice, right? Actually this is exactly what an IDP is for. IDP stands for identity provider. It's a service that is responsible for user authentication and authorization. It provides one single login to all the application depends on the user identity and permissions. We atone backup these okta as our IDP. Let's have a brief with the user authentication flow. When the users wants to log into the system, he is being redirected to okta login page. There he enters his username and password and click on the sign in. He is being redirected again with the authorization code there. These service attached the authorization code to the client secret and client id of the Okta app. We use OpenID connect protocol. It's an and other identity layer on top of Oauth two protocol to provide user authentication. These the Okta OpenID connect app responds with the JWT Jason web token aka Jawat. These gear region validates this jawat and when it is approved he can start the session. Wow. So now we have one globally user management service. He is serving all the geographical regions. Actually we created another problem. The communication between them has to be secure and encrypted. In order to achieve that we used mtls and HTTPs. You probably ask yourself, what is mtls? MTLS stands for mutual tls transport layer security. In TLS the client validates the identity of the server together with the certificate authority. It's a public and trusted entity aka ca. So the flow the clients do a request to the server. The server responds with the certificate and the name of the certificate authority. The client validates this certificate together with the certificate authority. He is checking the common name of the server. When it is approved he can start a communication mtls. As we said, it's mutual TLS. So both the client and these server validating each other. We also have to make sure that the service is authorized to perform the action that he is requesting. In order to achieve that, we use machine to machine tokens. When a service in the sales region wants to communicate with a service from the global cluster, he is requesting the authorization server in Okta. Like hello, I'm the backup and recoverer service from app one. I want to go to the user service from the global cluster. I'm asking for read permissions. The authorization server responds with the Jawat again JSon Web token the service in the gear region forward this jawat in the headers to the service in the global cluster. The service then validates this jawat and when it is approved he responds with the requested resource. Okay, so now Alice has one entity to manage all her users. It's a global and secure entity, but our imaginary SaaS company serves thousands of clients. So this service has to be scalable, support high performance and high availability for all the users in all the products in all the regions. Moreover, the platform is the entry point to the system, so it has to be resilient. We don't want our poor customer John to get this error while he tries to log into the system right. In order to achieve that in on ownbackup, we decided to keep up with the technology and split the monolith into microservice architecture. We also used the managed solution of Kubernetes. This helped us to achieve high availability, scalability, self healing, rolling updates, scaling up and scaling down according to demand and much more. Let's have a look on the tech stack from high level. So the first layer is Kubernetes. As we said. The next layer are the docker containers. We have base image that is built once in a while. From it we build the service image and the test image when needed. We store the images in the ECR. Each docker container runs a process of G unicorn together with Fastapi. Fast API is a Python web framework that is designed for high performance speed. Among the many advantages of FastAPi, we'll average a few. Fast API supports many plugins, for example, pedantic for data validation, serialization, SQL alchemy for database integrations, middleware mechanism and much. Moreover, Fastapi has the ability to support auto generation of open API documentation. We can take this documentation and forward to the other streams in our company for better and streamlined communication and integration. So now we finish with our tech part. Do you remember what I told you about myself? No, it's fine. But I hope you still remember John, our client the platform has many advantages for the customers. Single login with one password and one username to access all the regions, products and SaaS providers that we support with one click, with one set of credentials, the user will enjoy central account and user management. We support consistent security settings and account configurations from one place to all the system. We now provide cross product abilities as you probably don't remember, John used both the backup and recovery solution and the security product. We can now scan his data from the backup and alert for potential security risks to the security product. Yes, I know it's smart. All of it will be wrapped up in a modern and unified UI and user experience. John is really happy now. Do you want to hear a secret? A successful product is a product that generates new revenue streams. Thanks to the platform, we improved our business. We enhance the cross selling processes. When the user is already logged into the system, he can navigate and see all the other product that we provide him. He can click on them, see the information and even click and start a free trial. Without a salesperson, he is more likely to buy more products. We also enhance the app sellings thanks to the simple onboarding and easy navigation. It's easier now for a user to sign up to new regions and add all his existing users. On top of that, these release of new products is easier. Now the R D team can be focused on the business logic of the service without all the infrastructure that the platform is handling for him. John, the customer is really happy now the developers are more productive it and we make more money. We solve the user management in multiple geographical regions problem here my story ends and these is exactly the right time for you to go and implement your next generation platform. Good luck. Thank you.