There was a time when the idea of using open source databases to support mission critical enterprise applications was, well, kind of kooky. Sure, developers loved open source databases for experimenting with new ideas, but when it came to production deployments, IT bit the bullet and coughed up six and seven figure checks to Oracle or IBM or Microsoft (… but mostly Oracle.) Say what you will about Oracle, but its flagship database had the enterprise-grade features and technical support that developers and DBAs needed to support real-world, mission critical applications and most open source databases just didn’t.
That was the opening Paul Laurence needed. Back in 2012, Laurence was a lawyer specializing in private equity investment for high-growth technology companies. Plunking down hundreds of thousands of dollars (or more) to Oracle just wasn’t feasible for startups and some enterprises operating on shoestring budgets. Laurence correctly recognized the demand for an open source relational database that provided the benefits of community support and open innovation but also had the management, backup and recovery, compliance and security features required to support customers with real service-level agreements. These weren’t features the open source community was likely to develop on its own, Laurence figured, so he decided to start his own company to take on the task.
Fast forward five years and Crunchy Data, the company Laurence co-founded, provides its own distribution of PostgreSQL, the open source object-relational database known for its reliability and ability to handle large volumes of concurrent workloads and users. Crunchy Certified PostgreSQL, Crunchy Data’s flagship offering, is unmodified PostgreSQL packaged with popular extensions, like PostGIS to enable geo-spatial queries, and all important enterprise-grade features like audit logging. Crunchy Data also offers subscription-based enterprise support to help with troubleshooting, performance tuning, version upgrades and other tasks.
Security is the Name of the Game
Laurence landed on PostgreSQL as the open source database to focus on after researching the enterprise market back in 2012.
“Postgres is very popular and after speaking with customers and prospects there was clearly a demand for the same type of tooling and features as well as production-level support for open source Postgres as you see with proprietary databases,” Laurence said. “So we started Crunchy Data to bring open source Postgres to enterprise use cases.”
With that decision made, it didn’t take long to zero in on the enterprise-grade features to focus on first, Laurence said. “When we first started, everywhere we went and everyone we talked to, it was all about security.” No enterprise worth its salt is going to deploy mission-critical applications on an insecure database. Without robust security and related compliance capabilities, PostgreSQL would remain a niche database. So Laurence and team got to work.
One of the first features that a member of the Crunchy Data team developed and committed to the open source PostgreSQL project was a feature called row-level security. This allows admins to filter database results at the role-level based on the user’s identity, role and security authorizations. This means a single database can support multiple users with a variety of roles, only giving user access to the data they are authorized to see and interact with. It was a feature that Oracle already supported and was a “blocking feature” preventing enterprises from adopting PostgreSQL. “We worked with the open source community to have that feature committed to the core database project and it became first available in PostgreSQL two years ago.”
Advanced audit logging was another “blocking feature” preventing public companies from adopting PostgreSQL. As of part of the Sarbanes-Oxley Act of 2002 (SOX), all public companies are required to submit to the Securities and Exchange Commission an annual assessment of the effectiveness of their internal financial auditing controls. PostgreSQL had some audit logging capabilities, but lacked the enterprise-grade capabilities required to comply with the SOX mandate. So Crunchy Data worked with a number of government and public enterprises to develop an open source audit log generator that extends PostgreSQL’s native audit logging capabilities by providing detailed logging classes, the ability to control logging at the object level, and the ability to include fully-qualified object names for logged statements in independent fields of the log output.
Thanks to these and other security-related features the Crunchy Data team helped develop, today Crunchy Certified PostgreSQL is one of just 32 databases worldwide that is certified compliant with the Common Criteria for Information Technology Security Evaluation, an internationally recognized standard for cybersecurity. Common criteria certification is particularly important when dealing with government organizations, which impose among the highest security requirements on software vendors of any industry.
Bringing PostgreSQL to Cloud-Natives
Developing much needed security capabilities for PostgreSQL is just one area that Laurence and the team at Crunchy set their sights on. More recently, Crunchy Data teamed up with Pivotal to bring Crunchy Certified PostgreSQL to Pivotal Cloud Foundry, the leading cloud-native platform supporting modern application development and operations. The partnership started thanks to a request from a mutual Crunchy Data-Pivotal customer in the government sector. It became clear it was going to be a good fit soon after the two companies started collaborating.
For one thing, the Crunchy Data and Pivotal share a similar business model. Both Pivotal Cloud Foundry and Crunchy Secure Enterprise PostgreSQL Support are offered on a subscription basis. More importantly, both companies are dedicated to supporting their respective open source projects. Just as Crunchy Data engineers are consistent committers to the open source PostgreSQL project, so are Pivotal engineer active members of the open source Cloud Foundry community.
From an engineering standpoint, it was important to Laurence that any Crunchy Data deployment on Pivotal Cloud Foundry stayed true to the company’s mission to provide enterprise-grade PostgreSQL.
“If you’re really talking about running a database in production with an enterprise workload, you need things like high-availability, backup and recovery, and security management,” Laurence said. “So when we were talking with Pivotal about building this capability it wasn’t just a question of can we spin up a database on Pivotal Cloud Foundry. It was a question of how do you take a tried and true PostgreSQL database with all the tooling and capabilities around it that we know we need in an enterprise workload and move it to Pivotal Cloud Foundry without making sacrifices.”
For example, Crunchy Certified PostgreSQL includes pgBackRest, an open source system for reliable backup and restore capabilities developed in part by Crunchy engineers. It was important to Laurence that Crunchy Data on Pivotal Cloud Foundry not only include pgBackRest, but that it was integrated with and could be deployed and managed by Cloud Foundry BOSH. Cloud Foundry BOSH is an integral part of Pivotal Cloud Foundry responsible for release engineering, deploying and managing large-scale distributed systems with a high degree of automation. This makes it significantly easier for operators to provide developers with access to secure, on-demand, highly available multi-node clusters for their applications.
“None of these seemed like they would be insurmountable, and in the end they weren’t, but many presented difficult technical challenges that just required us to really dig in and spend the time solving to ensure we delivered a first-tier database [on Pivotal Cloud Foundry],” Laurence said. “We rolled up our sleeves and we worked closely with the Pivotal engineering team, who were very generous with their time, to deploy Crunchy Data on Pivotal Cloud Foundry with all the enterprise-grade features and tooling that our customers have come to expect.”
The result of these joint efforts was the Crunchy PostgreSQL for PCF tile, which hit PivNet, the Pivotal Cloud Foundry marketplace, in December 2016. Today, Crunchy Data and Pivotal are announcing the latest iteration of the tile, which now supports the Pivotal Cloud Foundry on-demand service broker. This means developers can provision dedicated Crunchy Certified PostgreSQL clusters for themselves directly from the OpsManager Marketplace. No operator intervention is required, after the initial tile installation. This gives developers on Pivotal Cloud Foundry a way to quickly spin up secure, enterprise-grade open source SQL database clusters to support their most demanding applications and maintain release velocity. And that, in the end, is a big part of what going cloud-native is all about.
Get started with the Crunchy PostgreSQL for PCF tile on PivNet here. And don’t miss this upcoming webinar on May 23 with Pivotal and Crunchy Data exploring security best practices for PostgreSQL.