[ Guides ]

The State of Multi-Cloud 2024: Expert advice from early adopters

Why are enterprises going multi-cloud? For operational resilience, compliance, avoiding lock-in...and some highly un-technical reasons that may surprise you!

Read the report

Specializing in the convergence of networking and security, Fortinet is a leader in the cybersecurity industry. Fortinet solutions are among the most deployed, most patented and the most validated in the industry, with a comprehensive portfolio of over 50 enterprise-grade products. One of these is FortiSASE, a Secure Access Service Edge (SASE) solution that enables secure remote access and high-performance connectivity for users anywhere.

At RoachFest23, Fortinet’s Director of Software Development, Louis Jia, told the story of FortiSASE’s migration from CockroachDB SH (self-hosted) to CockroachDB managed services. This post is an overview; to learn all the nitty-gritty, region-expanding, latency-destroying details, be sure to watch the entire presentation.

In the beginning, there was self-hosted

When the application became generally available in March 2021, FortiSASE was running on CockroachDB SH. They launched in two AWS regions, US East and US West. The challenge with a two-region setup, of course, is what to do when a whole region fails and availability becomes a concern. With hundreds of companies relying on FortiSASE as their management portal for secure remote access to their business applications and resources, this is not a service that can go down.

Beyond the need to guarantee operational resilience, the team was discovering further pain points when it came to managing a self-hosted database.

  • Running on self-hosted, they were in charge of developing and testing their own backup disaster recovery plan. 
  • The FortiSASE team found the self-hosted community edition of CockroachDB to be very hands-on when it came to query performance tuning and application optimization. 
  • The company was considering expanding the management portal to Europe and Asia. With the database located in the US serving an application cluster somewhere in Asia or Europe, latency would be extremely high. 
  • Finally, even doing a minor database upgrade is a big hassle when the team primarily consists of developers and DevOps. 

“We don’t really have a dedicated DBA. Managing upgrades and database changes took a lot of resources,” Jia explained in his presentation. “We want to focus on providing security, secure network solutions, and secure access to our user base instead of doing database day-to-day management.” 

Migration inspiration

For all these reasons, migrating to CockroachDB-as-a-Service gave FortiSASE everything they needed and wanted: resilience, the lowest latency possible, and freedom from managing and maintaining their own database. Working closely with Cockroach Labs customer support engineers, they transitioned from their embedded self-hosted database cluster to utilizing CockroachDB-as-a-Service in less than two months. (“And that was before Cockroach introduced migration tools and services,” Jia notes. “Now it would take even less time.”) 

“The migration challenge was how to move the data in as small as possible of a change window,” he continued. “We needed to have a cutoff and get it done, and migrate this entire application without any data traffic hit.”

Not to spoil the happy ending, but the migration process went very smoothly.

“Essentially what we did was to export a file from the embedded CockroachDB SH. Since it’s metadata, luckily it’s not that big, I think 20, 30 gigabytes. Then we had to edit this large file and make some minor syntax changes to go from self-hosted to Cockroach Cloud. Then we uploaded it to an S3 bucket close to where the Cockroach cluster was located, and then imported it. We did this in less than one hour (though that’s still quite a bit when in production). First, though, we did do many dry runs and tests in staging.”

Stellar support from Cockroach engineers

Jia credits Cockroach Labs support for helping to shepherd the blessedly uneventful migration. “Very capable CockroachDB engineers consulted with us, gave an architecture introduction, and educated the entire team. Prior to the migration we had a schema review and got some really useful guidance, making some changes, adding a sequence to the UUID, etc.”

Once live, Jia and his team greatly appreciated CockroachDB dedicated’s automatic updates, but  didn’t like it when upgrades happened in the background during peak usage times. “So we talked to the Cockroach engineers, who then added the capability to set a preferred upgrade window. “The turnaround was really fast between what we asked for and when we actually saw the feature in the managed services web console,” he explained. 

“We really didn’t have to do anything”

When it came time to expand the application to new regions, the FortiSASE team again enjoyed assistance from Cockroach Labs support. “We were looking to add another region in Asia but were not sure what specific area to add. The Cockroach Labs folks advised us on the best location.”

Having the managed service made adding a region utterly simple. Adding a new region to their earlier self-hosted instance of CockroachDB would have consumed time and resources.  To add a new region in CockroachDB dedicated, however, he said, “We really didn’t have to do anything."

“Just send a request and the new cluster is added; we add a region to the new database. And then we set up our own application cluster, with a private link to talk to the local Cockroach cluster only. That’s it.”

A better night’s sleep

The move to fully managed CockroachDB gave the FortiSASE team improved performance, easier upgrades, and the ability to add new regions seamlessly — as well as increased availability and reliability for the database. It also helped them sleep better at night. “A couple of times we did get woken up in the middle of the night when the self-hosted service went down,” Jia explained. 

“Now, using CockroachDB as a DBaaS, we do sleep much better. Fingers crossed, ever since we moved to the managed service, we have had zero downtime.”

About the author

Michelle Gienow github link linkedin link

Michelle Gienow is a recovering journalist turned front end developer based in Baltimore, MD. She creates content around her central obsessions: Jamstack, distributed architecture and developing a cloud native mindset.

Keep Reading

What is operational resilience and how to achieve it

Major cloud platform outages used to be rare events. As the amount of global data increases exponentially, however (90% …

Read more
RoachFest Recap: DoorDash, City Storage Systems, Booking.com, Santander, and more shared their CockroachDB journeys

More than 500 attendees from around the globe recently swarmed into New York for RoachFest ‘23, the annual user …

Read more
CockroachDB on Azure, multi-region serverless SQL, and more announced at RoachFest '23

Each October, RoachFest gathers together application owners, architects, engineers, and operators running their …

Read more