cwin16 tls-a micro-service deployment - v1.0
TRANSCRIPT
REX on a Micro-Service deployment
Toulouse, September 27th, 2016,
S. MARSOLLE & F. CASSIN
That’s one small step for IT, one giant leap for business agility
Give to your business the moon as in this REX of micro-
services solution used in the Airbus flight tests
department to rebuild a large and complex systems. This
medium size on-going project took some technical
decisions and finally managed to bring the Micro-
Services philosophy in a huge legacy IT system.
PRISM Micro-services REX
The “Airbus PRISM framework” is a REX of a real world agile framework built on
top of SOA and µService technologies to master redesign of complex systems
Summary
PRISM (Project to Redesign Instrumentation Solutions Management) is an Airbus project to overhaul a substantial
proportion of the flight test management system.
PRISM objectives target to use modern and innovative architecture principles like API management, DevOps, micro-
services, … to build a solid framework enabling high quality for developments, easy operation, high efficiency and an
incomparable agility to be adapted to present and future business requirements.
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 3
Main drivers, why the MicroServices?
Existing Functional PRISM domain is supported by 1 main BIG and
centralized application (in an obsolete technology and design) plus
multiple satellites (in various technologies)
Catia V5
SABRE
CRIEV
CASTOR
PRISM = Tout ce qui est
FTI dans le périmètre EVI
SAP PGI CIRCE-C Technical SheetELMT
OPERA
FTA-NG
SHERPA-NG
Adage-XL (ou pas XL?)
MEDIA
SNOW
MIAM
eTLB
OASIS-FTIL'avancement de la
définition des chaines de
mesure
Certaines activités
viennent de TLB.
A mettre dans PRISM ?
Base Des Essais (BDE)
CANIF
IDA KALLISTE
YODA
PPSIS
LGIS
? (Multiple apps)
CUB_LOM per specialist
Switch configuration files
EVICA, EVIDS, EVIDA, EVIAC
SABRE scans /bdexport/data/SABRE/INBOX to
detect new files, the user creating the
programming select the files he accepts.
ALEST
PLUME
???
Airplus ?
Albatros / Airplus ?
OASIS
SAP FAL !?
FTI DEFINITION
PROGRAMMATIONREPORTING
FURTHER
FTI Eqt Catalog
DESI
Bridge FT
WS Secured
PRISM ALL-IN-ONE
(tout mélangé)
OSCAR-PC
get ETL File
Consult fiches techniques
get Mnemonics (available in ICDs)
Get data esport
Get measurement chain to
compute mesure precision
Use (to get which
equipment S/N is on
which aircraft)
Use (to get additional activities to do)
get NCD file
Use (get ETL fi le for MR generation +
other informations for MR generation)
Use (to get FTI Programming)
Use
Use (to get ZMOD advancement)
get parameter l ist from id
Use (to store which FTI
Programmation has be used
for a fl ight)
Update parameter status
Get MEMS definition
get avancement status
Get program files for CUB
Information sur les essais (dates, ...)
GMAO envoi des données
Use (to get ZMOD id/definition)
get measure list and
summary of mesure
chain
Used to know parameters
Use (manual l ink to get ICDs)
Use
CUB log delivery
notification
update FTI definition
Get MEMS module
Get parameters
Use (for getting equipment
information)
Use (faire une réservation
magazin et la sortie)
Get ICD files for A320
Use (to get objects to export
to SHERPA-NG for FTI
programming) for CUB
Update parameter status +
get measurement chain
Get PMZ for approbation
Use (get equipment IP adresses)
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 4
POC context & objectives
PRISM Framework provides
common middleware and/or infrastructure for all PRISM applications
and the associated architecture rules and design guidelines.
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 5
Context : the PRISM framework enabling PRISM implementation
Project to
Redesign
Instrumentatio
n Solutions
ManagementFTI
PROGRAMMING
VERIFICATION&
MAINTENANCE
FTI DEFINITIONLOGISTICS
DATA
TRACEABILITY
REPORTING
BUS
MANAGEMENTAFDX
MANAGEMENT
PRISM Project
PRISM FrameworkReporting
Bus Management AFDX
Management
FTI Programming
Verification and
Maintainance
FTI DefinitionLogistics
Data Traceability
POCPOC must provide and
demonstrate basis for the
PRISM framework:
• Security
• HA & scalability
• COTS used and their possible
evolution
• Supervision and administration
• Packaging and deployment
Which technology
to last 15 years?
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 6
Definitions – PRISM Framework POC scope
Business API
AF
DX
Managem
ent
FT
I P
rog
ram
min
g
FT
I D
efinitio
n
Verification &
Main
tain
ance
Logis
tic
Data
Tra
ceab
ility
Report
ing
Bus M
anag
em
ent
Transversal Workflow
Authentication &
Authorization
Portal
Reporting
Technical API
Middleware
Infrastructure
Provided by
PRISM
applications
Red boxes are
functional areas
partially
prototyped
during the POC
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 7
Why did not you buy directly a set of COTS ?
There are plenty of COTS managing Micro-Services and DevOPS
platforms:
API Gateway COTS:
Mule AnyPoint has been evaluated during the PRISM POC phase
DevOPS tools
Not yet fully standardized in Airbus
MicroService stack
Many initiatives on market, but no leading solutions : very long term support (15 years
at least) cannot be built with solutions not secured for the future. The “tool of the year”
is not an argument here.
Waiting for Enterprise tooling.
All is prepared to jump easily in incoming Airbus supported solutions for Containers,
DevOPS tools, Application performance management… It involves to limit some
ambitions and to compensate with custom developments while taking care on cost and
deadlines
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 8
Internet
SOA
IIOP
Controversy – Does PRISM is really related to micro-service ?
Architecture concept
Solution class
Design style and standard
Time line
EDI
Level of In
tero
pera
bili
ty
B2B
B2C /
WWW
Distributed
organizations
Enterprise
Information System
Distributed
application
Application
Service
Micro service
Solution class
D-OSGi
Gateway
SCA
EAI
SOAP
WS-*
ESB
REST SwaggerRAML
API Gateway
HATEOAS
Managed Component
Swagger
PRISM
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 9
PRISM secured « bubble »
Admin Web
browser
PRISM framework services – UI restricted to administrators
AirbusApplicationsRP
SiteMinder
AFDXmanagement
BUSmanagement
REPORTINGDATAtraceability
FTIdefinition
LOGISTICSVERIF &maintenance
FTIprogramming
SECU PROCESS ELK
PRISM
Public API
External
APIs
Registry(CONSUL)
NGINX internal « API Gateway » Load balancing
Deployment
manager
HTTP with the SM “REMOTE_UI” cookie & the JWT
cookie
HTTPS / intranet
HTTP-REST with
JWT
Admin agent / Tomcat
filter
URL mapping
Dynamic configuration
JWT injection
User Web
browser
Admin and
user end
points are
separated
(different web
site URL)
Log collection
PORTAL
UI
a way to deploy MicroService security in an existing security landscape
REST only
Case by case
REST only with JWT
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 11
PRISM integration with legacy resources
Each resource is adapted by a connector
At the beginning of the project, connectors will be developed in Java and hosted in a
Tomcat instance dedicated to build this gateway (to be refined during ARD definition)
PRISM secured zone
REST only External resource APIs
REST / HTTP /
JWT
SABREDB
Filer A
Filer B
Filer C
SMTP
App E
App F
REST
API
REST
API
REST
API
REST
API
App F
adapterApp E
adapter
Filer adapter
DB adapterCase by case protocol
SMTPSMTP
adapter
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 12
PRISM Framework technology stack
RHEL Linux
Docker like solution
JVM
Operating system
Containerization
Runtime
Middleware
Service execution container
Tomcat
Native
NginxCON
SUL
PRISM Framework(Java for now) ELK
(tech,
transac,
func)
Monitoring
& Audit
Airbus
Ops
tooling
Security
JWT
Airbus
SSO (Siteminder)
Airbus
Network /
Hardening
VMWare Hypervisor
Application (µ)Services
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 13
PRISM Bubble Framework POC Services implementing the RESTful
NGINX : Acts as the KEY proxy / a “low level” API gateway for web services deployed
inside the bubble.
CONSUL and CONSUL Template : this is the service registry managing for each
service its version and its state (alive, broken, stopped, …). CONSUL stores bubble
shared parameters, services tags and inter-service version constraints.
ELK and Beats are used to collect in a single place (Elasticsearch) logs and traces in
a asynchronous near real time way. LogStach is used to grab data from logs
SECU bespoke service provides REST API to generate or renew a JWT token. It
manage a persistent store (Open LDAP is pre-empted) for fine grained authorisations.
OpenLDAP as a domain security repository where you can manage PRISM
authorisations.
Activiti to support business workflows of bespoke development and orchestrated
services (sync/async, scheduled)
Nexus to store all artefacts (i.e. the binaries and other resources) that are deployed in
a PRISM environment and Subversion to store environment parameters. This way
you can redeploy any versioned service at any time
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 14
Typical figures. A few MacroServices or plenty of µServices ?
At beginning of projects we planned to have 20 (macro) services
…but now we reach 40 “µ” services because of code-reorganization
and maybe 60 µServices at the end of project.
the main objective is to gain flexibility in “deploy-to-production” process.
1 external call, a click in Web client or a call from external application to
public PRISM API, usually drives 5 internal services calls.
Half of services have a database persistency.
All services use transverse framework services like the configuration
manager or the logger.
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 15
An example of Micro-Service philosophy influence on design
Before starting development : 1 application delivers in 1 WAR
1 monolithic console application that fully manage deployment process
Currently (mid of dev) : 2 applications delivered in 2 WARs
1 Framework manager (Deployment management)
1 Console GUI
At the end of 2017
3 specialized Framework managers:
• Deployment management
• Monitoring
• start/stop of components
Several transverse services
• BPM/Workflows manager
• Artefact repository (Nexus)
1 Console GUI aggregating information from framework managers.
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 16
What’s about performances?
Considering
a service call from any Nginx client has a ping latency average of maximum 8 ms.
You have a maximum of 5 cascading calls
Any call is externally cacheable at runtime
Service infrastructure has no scalability limit and scalable at runtime,
You have a versatile performance monitoring, so you can find the bottleneck when you have
performance issue (or even automate alerts).
Then you have all levers obtain good performances in PRISM project context.
In case of transversal data request need just think about “big data” solution.
One of the service could a search engine working as PRISM framework service.
In case of huge real-time event flow need, you can complete the architecture
with a queuing system that would have the role as Nginx for asynchronous
calls.
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 17
REX at mid-projectIN
TE
RN
AL A
NA
LY
SIS
• Cost to install products due to incomplete DevOps tooling (no automation for infrastructure deployment)
• It works• Not so expensive to develop framework
components• Lightweight software layer• Framework allow any Java implementation
(Spring, JEE…) and is opened to any technology (like dotNet, NodeJS)
• Tomcats architecture not proven (number, size per execution node, topology)
• Lack of Public API policy
• Service granularity is designed at code time.• Many Framework components are managed
like business components (re-use of deployment process).
• New external REST service on legacy system are managed as internal services.
• Docker (container virtualization) introduced for automated integration tests.
• The Framework is fully re-usable by another Airbus project
EX
TE
RN
AL A
NA
LY
SIS
STRENGTHS
WEAKNESSES
OPPORTUNITIES
SWOT
S O
W T
THREATS
Copyright © 2016 Capgemini and Sogeti. All rights reserved. 18
Contact information
Sébastien
MARSOLLEManaging Enterprise Architect
Frédéric
CASSINManaging Enterprise Architect
www.capgemini.com
The information contained in this presentation is proprietary.
Copyright © 2016 Capgemini and Sogeti. All rights reserved.
Rightshore® is a trademark belonging to Capgemini.
www.sogeti.com
About Capgemini and Sogeti
With more than 180,000 people in over 40 countries, Capgemini is a
global leader in consulting, technology and outsourcing services. The
Group reported 2015 global revenues of EUR 11.9 billion. Together
with its clients, Capgemini creates and delivers business, technology
and digital solutions that fit their needs, enabling them to achieve
innovation and competitiveness. A deeply multicultural organization,
Capgemini has developed its own way of working, the Collaborative
Business Experience™, and draws on Rightshore®, its worldwide
delivery model.
Sogeti is a leading provider of technology and software testing,
specializing in Application, Infrastructure and Engineering
Services. Sogeti offers cutting-edge solutions around Testing,
Business Intelligence & Analytics, Mobile, Cloud and Cyber
Security. Sogeti brings together more than 23,000 professionals in
15 countries and has a strong local presence in over 100 locations
in Europe, USA and India. Sogeti is a wholly-owned subsidiary of
Cap Gemini S.A., listed on the Paris Stock Exchange.