Cloud talk: How Okta stayed running during AWS outage

Our chat with Okta CEO Todd McKinnon covered the company's cloud directory services model and redundancy. Okta is an Amazon Web Services customer, but had a failover ran through a recent outage.
Written by Larry Dignan, Contributor on

Todd McKinnon, CEO of Okta, a cloud directory services startup, has seen on-demand software evolve to play a major role in enterprises. McKinnon, former head of engineering at Salesforce.com, started Okta after being the executive sponsor for large enterprise deployments at Salesforce.com.

The common thread was that there was a need for single sign-ons and user visibility in SaaS applications.

We recently caught up McKinnon to chat about his business, which revolves around user management for enterprises with a portfolio of SaaS services. Okta is Andreessen Horowitz's first cloud computing investment.

Here are the key points from our chat, which covered Okta's model as well as cloud redundancy. Okta is an Amazon Web Services customer, but had a failover so it stayed running during a recent outage.

Okta's role. McKinnon, a Salesforce.com veteran, is aiming to build a cloud-based directory service so there are single sign-ons for users and better security procedures. Why is this important? As enterprises increasingly move to SaaS there's a user management issue. Previously, an employee would leave the company and his keycard and VPN access would be nuked. That was good enough since everything was behind the firewall. SaaS changes all of that. "Enterprises want a way to understand who is accessing what and that the right accounts are deprovisioned," said McKinnon. "Cloud services are accessible anywhere."

Where does Okta stand today? The company has 20 customers, most of them early adopters. All are looking to Okta to manage multiple SaaS accounts. After all, many SaaS accounts in an enterprise weren't started by the CIO, but a business line person. Now the CIO has to get some control over SaaS sprawl.

So security is the big pitch? "What we're trying to do is to provide solutions for the CIO to explicitly have visibility into security," said McKinnon. "That's our buyer."

On the on-premise software connection, McKinnon noted that Okta is being used as a meta directory that replicates an on-premise directory service. Okta holds the cloud list and connects it to the on-premise directory. "Our fundamental strategy is that it's a hybrid world---cloud and on-premise---but the center of gravity will shift to use the cloud," said McKinnon. As things shift to the cloud it's possible that Okta will become a next-gen directory service.

Okta's decision to run on Amazon Web Services. McKinnon has built his company on AWS. It's also worth noting that Okta didn't go down during the AWS outage. Why? "We had a fail over to a backup system and we ran on that during the outage," said McKinnon. This backup system happened to be another AWS availability zone. "We span multiple availability zones and regions."

Why did Okta architect that way? McKinnon said one thing he learned from his stint at Salesforce.com was that all infrastructure "fails and is brittle." And if you're going to be an enterprise player you need redundancy. "The name of the game is diversity and redundancy," said McKinnon. He said you can build redundancy by making sure you stick with commodity APIs so you can switch infrastructure providers if needed. "We have taken great pains to avoid proprietary APIs," he said.

What cloud redundancy challenges are there in the future? McKinnon noted that redundancy gets more challenging as you move up the cloud stack. In theory, infrastructure as a service providers (AWS, Rackspace etc) have to build reliability and the customer has to be architected for redundancy. "When you move up the stack reliability isn't as clear," he said. McKinnon and I started talking about platform as a service and how it's fuzzy how a customer can build reliability if it banks on one platform, which is basically proprietary.

Did AWS communicate well during its outage? McKinnon found AWS communications to be a bit hard to follow via the dashboard. More proactive updates would have been better. "Amazon needs to work its communication out and to balance transparency," said McKinnon. The Okta CEO should know---he lived through Salesforce.com's outages in late 2005 and early 2006. Those outages made the company more transparent.

Editorial standards