@astonishing-gpu-93266 1. we run a globally distributed multi tenant network with edge optimization for low latency . Having all data in a specific region is an enterprise contract question 2. as a cloud customer you have dev and prod env in each project. Depending on the contract you can have many projects.

as a cloud customer you have dev and prod env in each project. Depending on the contract you can have many projects.

oh really? how do I enable that? 🤔

@swift-chef-97535 Thanks for clarifying! On your first note: as a German company it's important for us to keep all data GDPR compliant, so it'd make it'd make it difficult for us if you stored data outside the EU. I also don't think we'd start with an enterprise contract, so we would require something in a business or professional plan.

I‘d also like to know about dev and prod in one project

Can someone follow up and provide an answer to the questions in this thread? It would be essential in deciding if we would go with Ory Kratos or not.

@magnificent-energy-493 can you possibly help?

anyone?

@proud-plumber-24205 can you possibly ask someone to take a look on Monday? 😉

Hi @red-machine-69654 @thankful-dog-96817 @square-shampoo-58935 sure I will follow up on Monday with more concrete answers. Sorry for the delay, @magnificent-energy-493 is on holiday 🙂

@proud-plumber-24205 casual ping 😬

Hey I am also back 🙂

keep all data GDPR compliant

That is no problem as we currently only host in Frankfurt. More regions (e.g. US) are on the roadmap

dev and prod in one project

That is also on the roadmap, I can clarify what the status is, but essentially we want to add a “switch” that you can just trigger to change between prod and dev.

@swift-chef-97535 @magnificent-energy-493 sorry, but I need one clarification: Do you now have multi-region support or not? Thomas said that you have a globally distributed system and Vincent said that you have only one datacenter in Frankfurt...

Hey @purple-energy-75954, our cache infrastructure is already globalised (p95 of ~50ms), the core system is not yet multi-region but it’s on the roadmap for the next two quarters.

Thanks @magnificent-energy-493! Do you plan to do this via CockroachDB and the current software? Or do you plan on having a new (open-source) feature on software side for that as well?

You mean if we will open source the multi-region infrastructure?

Not directly. I was more asking whether you just want to change the infrastructure of Ory Cloud, or whether you would also implement some change in the software itself!

Tbh I am not sure, my guess is both… But this is a better question for @high-optician-2097 - or you drop in tomorrow at the Ory Summit and ask it directly in the Q&A session at the end or during the Keynote that outlines the future plans.

@purple-energy-75954 unfortunately, multi-regionality is not something that can be built using open source code only, because we use a combination of tools (GCP, CloudFlare, Gluu, Istio, …) to build this. Writing a bit of wiring code to get the last pieces in the software will probably happen too, but it will be only 1% of the complete effort. With multi-regionality we also have the problem of data locality and PII regulation (GDPR, CCPA) which make this something that transcends code

@high-optician-2097 thanks for the information. Obviously you cannot do that with software alone. I was just wondering because we struggle a bit with the idea of making Kratos multi-region capable. Do you plan on using CockroachDB for that? We are just trying to find out possibilities of using Ory in a multi-region set-up (either SaaS or self-hosted, but if it was possible self-hosted) but are no fans of CockroachDB...

CockroachDB is a small part of the whole equation 🙂

That's for sure 😉 Thanks for the info!

Out of curiousity, why do this yourself when you get multi-region automatically at Ory? 🙂

Haha first because apparently you are also not fully there yet. Assuming that you have completed it, you are fully right that it is a massive effort. The biggest reason would be to be in control of this key technology. One way we are thinking about is to re-do the current database layer into an event-based approach that aligns with the general event-sourcing of our platform. Did you ever think about going into that direction?

I think that would be massively over-engineering the problem 😉 To be honest, I don’t think that it’s a good idea to do this yourself. Ory’s technology will evolve tremendously in the next years and if you develop your own thing (on a fork) it will basically be impossible to catch up. This applies for new features as well as security patches, and we see it with every company that decides to fork stuff from Ory. If the underlying problem is regulation and the law, I’m sure we can find a solution to work together on this! If you run on GCP/AWS the constraints of control are similar as when using Ory!

I mean event sourcing is not the solution to everything and it certainly does not give you multi region for free, neither does a non-CQRS approach 😉 I guess it can facilitate some stuff though. You can take a non sql database as eventstore, for example. And can re-build your read models easily in read-only clusters. But yes, the big issue with using Kratos in a self-hosted version is that you are obviously forced to do pretty much the whole thing that the Ory team has to do for Ory Network/Cloud. That's obviously a lot. And would require to use proprietary features of Cockroach and are pretty much forced to go to AWS or GCP to get the features. So one approach would be to use Ory Network. Disadvantage is that it's a key technology where you rely on someone else and that it might not go along with your overall strategy. We strictly avoid American hyperscalers for example. Advantage is, of course, that we don't have to write or fork auth software (would be a lot of work, as you said) and don't need the DevOps part (definitely also a lot of work). These are my thoughts regarding that topic right now 🙂

@purple-energy-75954 we have had a few discussions recently in this direction. Would we be able to schedule a time to talk about your ideas? My email is thomas@ory.sh

Definitely! Would be very interested! I'll send you an email!