Location: Fulton, MD
Customer since: July 2013
Sonatype’s solutions are critical infrastructure that developers use every day. Fastly helps provide a reliable, secure experience for Sonatype's more than 10 million users worldwide as they continue to scale, more than doubling total monthly releases, tripling bandwidth and quadrupling total request traffic.
“Fastly allows us to get into the guts of our CDN; we can quickly configure things the way we need to configure them. With other providers, configuration was totally opaque — we’d have to go through customer support to get rules changed, and that’s pretty unwieldy and not very effective. Fastly has its own API, giving us ultimate flexibility.” — Jason Swank, Technical Operations Lead
“Knock on wood, but in the more than three years we have leveraged Fastly, we’ve delivered a huge global user base 100% uptime, coincident with exceptional network performance. In short, it just works… really, really well.” — Mike Hansen, SVP Product Development and Engineering
The exploding growth in both the production and usage of open source software has led to corresponding scale requirements in network delivery and the availability requirements dictated by part of the world’s critical development infrastructure. Fastly gives Sonatype the ability to cache millions of open source components while offering the flexibility to update content instantly, ensuring those components are always available. As a result, they’ve been able to readily support the enormous and rapid growth that continues year after year.
“We’ve had zero issues with Fastly’s service. Download requests from the Central Repository have increased by 3x and request traffic by 4x, all without skipping a beat. Fastly has helped us get there.” — Jason Swank, Technical Operations Lead
Maven Central is a free service, sometimes making it difficult for Sonatype to gather user feedback. Developers see the service as a utility, but maintaining reliability is key to ensuring that users don’t go elsewhere.
“Fastly helps us provide extremely reliable service for developers. Being able to readily meet the expectations of 100% uptime for a free service is just awesome.” — Mike Hansen, SVP Product Development and Engineering
One of the reasons Sonatype chose Fastly is because it’s built on Varnish, the open source web accelerator. This offers the benefits of open source, which includes an extensive, knowledgeable community and documentation.
“One big benefit to using Varnish is it allows us to run our own instances, letting us test things out very easily. With our previous provider, we had to wait for an engineer to make rules changes for us, so it was painful dealing with that feedback cycle.” — Jason Swank, Technical Operations Lead
Because Maven Central is used by developers around the world, it’s critical that Sonatype can look into their site health to ensure successful builds. This was challenging with their previous CDN, which didn’t offer visibility into their environment. Fastly offers real-time analytics that give Sonatype insight into events as they occur, allowing them to identify and fix security issues quickly. Sonatype streams logs to S3 endpoints to gather information and make changes as necessary.
“Being able to monitor and diagnose problems instantly was a huge selling point for Fastly. Now we can stream live syslog data, addressing problems as they happen. This is especially beneficial for security issues; by gathering together information gleaned from streaming logs, we can determine both the popularity and vulnerability of certain components. If there is a vulnerability, we can easily identify and fix it.” — Jason Swank, Technical Operations Lead
Real-time log streaming is also key to Sonatype’s commercial products, which include security mitigation, license mitigations, and popularity information.
“We have a pretty significant infrastructure around crunching data for our commercial products, and Fastly helps us streamline this process en route to our customers.” — Jason Swank, Technical Operations Lead
When a component changes in Sonatype’s repository, they need to effectively remove and update all related assets, including documentation, across their site. By using surrogate keys, they can tag a certain component, ensuring that all outdated versions are removed from their repository at once. This gives them precise purging while also saving time — instead of having to go through their site URL by URL, they can immediately purge all items associated with that tag.
“When there’s a new component, it’s not just releasing a new version — there’s a number of upstream things affected. When deployments happen we’re purging on a pretty regular basis. Surrogate keys let us be selective about what we’re purging, letting us update content in a very precise, surgical way.” — Jason Swank, Technical Operations Lead
Sonatype users wanted increased security; they were concerned that unencrypted HTTP traffic could be tampered with, potentially compromising the applications they were building. Developers wanted Sonatype to offer Transport Layer Security (TLS) from the CDN, and Fastly worked quickly to get it implemented.
“Fastly really stepped up and implemented TLS really quickly. The onboarding process was so fast — we had everything sorted within a day or two.” — Jason Swank, Technical Operations Lead
Before they had a CDN in place, Sonatype could not really consider offering TLS because the amount of traffic they were seeing would mean a very intensive load on their origin. Their first CDN provider could not perform TLS certificate validation and were thus potentially susceptible to man-in-the-middle (MITM) attacks. With Fastly, they can validate certificates all the way through, decreasing load on origin while ensuring security for their users.