For some time now, the French national research and education network (NREN) RENATER is testing Nextcloud. Together with our team they have deployed it in testing for over 40 organizations already.
Those organizations who would like to provide this to their employees and students will be able to use the service from RENATER. You can read our press release announcement here.
While Nextcloud has of course signed hundreds of customers this year, including the French Ministry of Interior, RENATER is special because their Nextcloud Global Scale deployment would be the first in the world to connect a single on-premises cloud instance to the identity providers (IDP’s) of hundreds of organizations.
Our mission at RENATER is enabling seamless collaboration between over a thousand research and education institutions in France in order to protect the security and confidentiality of data. We study and experiment deeply Nextcloud Global Scale for its highly scalability capacities and its reliability that fit the needs of our project.
— Alexandre Salvat, Drive Project Manager – Pôle Projets Transverses et Innovation (P2TI)
Global Scale and identity providers
Let’s step back for a second, what are Global Scale and how does it fit with identity providers?
Global Scale
In late 2016, Nextcloud recognized that, to deliver the most scalable solution in the file sync and share world, work was needed on the ‘top end’ of the scale. Nextcloud runs on Raspberry Pi devices up to large clusters at universities and companies. The largest Nextcloud cluster node has 250.000 users on a single instance – but this customer already has far more users, delivering file sync and collaboration to tens of millions of users across several continents today! This single installation, thus, is part of a larger architecture we devised for the multi-million-user scale: Global Scale.
limits to scalability: database, storage, data center!
Global Scale removes the major limitations a Nextcloud instance has at large scale: database and storage. As a PHP application, Nextcloud handles each ‘request’ to the server as an independent process, scaling essentially without limitations: if you need to handle twice the number of users logging in simultaneously, you just double your processing power by adding, for example, a second server. Double again? Go to four, ten, how many you need.
However, each of these Nextcloud application servers will have to talk to the same database and storage, and that is where the problems begin. At large scale, these become expensive, as scaling databases and storage isn’t anywhere near as easy as scaling Nextcloud. At even larger scale, even a data center can become a limitation: the connection to the internet backbone can only handle so much, after all!
Global Scale solves these issues in an elegant way by distributing users and data over separate, independent Nextcloud nodes. These are then ‘wired together’ with a number of mediating services, to facilitate authentication, sharing and more. The benefits go beyond scalability: it can also allow you to keep data closer to users to improve performance or keep data in specific countries to comply with local regulations.
Watch this youtube video to get a graphical overview of how Global Scale works.
As said, the largest of such nodes in action currently has 250.000 users, but of course the organization which has deployed this has many more nodes! After all, they have to deliver Nextcloud to customers in more than a dozen countries spread over several continents. Each country can run its own node, keeping data local and secure, yet users can log in from one portal, irrespective of where their data is and can share with everyone.
Identity providers (IDP’s) and something new!
Large organizations use ‘identity providers’ to handle authentication for the many services they provide. Using a technology like SAML
they can ensure that a single user can log in once and then access all their services, including Nextcloud. Universities and government organizations often use these and it simplifies their user management a lot.
RENATER wants to provide a solution to the hundreds of organizations in France to which it currently already serves various other IT solutions. These organizations all handle their own accounts for their researchers and students. If RENATER would set up their own user management, users would have to log in twice, or RENATER would have to synchronize the users from the individual organizations into its central user management, something not only difficult and prone to errors, but also always outdated.
Would it not be better if Nextcloud could just use the identity providers from all these organizations directly? Well, yes, it would! But there are many hundreds of them, and nobody has ever tried to provide a single, large self-hosted content collaboration and file storage solution that connects the hundreds of separate organizations into a single service.
Until now.
In collaboration with RENATER, we have improved Global Scale to be able to handle this, and more! No process of syncing and centrally managing users will be required. Universities and research organizations will stay fully in control over their user management, while RENATER would be able to administer the Nextcloud instance independently of the user management.
We are proud to be advancing technological barriers together with RENATER, enabling cross-organizational collaboration and productivity for so many organizations in France. This is another case where our Global Scale architecture provides unique benefits to customers
— Frank Karlitschek, CEO of Nextcloud GmbH.
Federation in action
This certainly makes RENATER a special case, something we’re proud to talk about. And there is more! Another ‘feature’ of this large instance will be the use of federation with existing Nextcloud installations. As you can imagine, many French universities and research organizations already have one or even several Nextcloud installations internally, like the University of Nantes. With RENATER, Nextcloud is working to make sure that all these other Nextcloud instances would be able to seamlessly connect to, integrate with and share files to users on the large service! For this, we use our federation features.
Learn more
Want to learn more about what RENATER is up to? You can! They will present their case at the upcoming JRES 2019, December 3-6 in Dijon, France, where several other Nextcloud customers will present their installations as well. RENATER already presented its use case at the Nextcloud Enterprise day last September in Berlin. We will organize another Enterprise day in early 2020, watch our blog to be the first to read about it!