View
218
Download
2
Category
Preview:
Citation preview
Enterprise Service BusAdvisory Board Mtg #2
To the service bus and beyond...
Administrative Technology Services:
Enterprise Applications
ATS ESB Advisory BoardMeeting #2, Friday, 2/6/2015
2
Advisory Board• Scott Bradner
• Jon Saperia
• Jefferson Burson
• Ventz Petkov
• Bill Knox
• Alex Manoogian
Presenting• Lisa Justiniano
• Karen Stelle
• Brian Sullivan
• Mike Thomas
Current Infrastructure Choices
• Amazon Linux 64-bit
• ESB software: abandoned Fabric8 for ServiceMix. Version 2.0 of Fabric8 (November 2014) is now a Kubernetes + Docker application.
• Messaging: Stand-alone ActiveMQ instances. The ServiceMix-embedded ActiveMQ could not handle fail-over correctly.
• Database: RDS Oracle Ent 11 with TDE (transparent data encryption) option. Single encrypted tablespace.
3
Architecture
• 2 AZs, single region
• 2 ELBs to support direct JMS
• AMQ configured for shared database
4
RDS Oracle RDS Oraclehot standby
Elastic Load Balancer443 CXF, Karaf web console
ServiceMix ServiceMix
ActiveMQ ActiveMQ
Elastic Load Balancer443 ActiveMQ web console61617 ActiveMQ
us-east-1a availability zone us-east-1b availability zone
monitor 8101(karaf SSH console) monitor 8101
monitor 61616monitor 61616
Network
• Simple but provide:
• DR and fail-over
• Security: separate subnet for persistence.
• 2 VPCs, one for TEST one for PROD
• Each VPC gets a /24 network from UNSG.
• Break the /24 network into four /26 networks (58 IP addresses):
• two for application
• two for DB
• The elastic load balancers get public IP addresses outside of our subnets.
5
Network
6
RDS Oracle RDS Oraclehot standby
Elastic Load Balancer(internet Facing)
us-east-1a availability zone us-east-1b availability zone
subnet 10.39.8.0/26 subnet 10.39.8.64/26
ServiceMix
ActiveMQ
ServiceMix
ActiveMQ
subnet 10.39.8.192/26subnet 10.39.8.128/26
Elastic Load Balancer(Internet Facing)
TEST instance VPC 10.39.8.0/24
public IP 54.174.31.20atsesbtest1.cadm.harvard.edu
public IP 54.173.128.135atsesbtest2.cadm.harvard.edu
atsesbtest.cadm.harvard.edu atsesbtestmq.cadm.harvard.edu
Direct Connect
Harvard Data Centers
60 Oxford St.
Integrations
7
Proof of Concept Integration
web services and web service clients
local file system reads and writes
SFTP reads and writes
message producers and consumers (Active MQ)
Pilot Integration HCI / HRCI
DB Connections
ACLs
COA Validator No Future (if servlet is retired)
public -> ServiceMix
Eureka to Peoplesoft
HUID, no names
No ServiceMix -> CWDWAAPS2919000.university.harvard.eduServiceMix -> hrdev1.cadm.harvard.edu: 9108
FRAP feed HCI, PI salaries
Yes FRAP CIFS -> ServiceMixServiceMix -> GMAS DB and JackRabbit
Staff Terminations
HUID, no names
DWHRDEV ServiceMix -> crew01.cadm.harvard.edu:8103ServiceMix -> consumers of this service
7
Technical Challenges
• Connection to Non-Publicly-Routable IPs. 2 choices:
• VPN (Jefferson Burson discourages VPN use)
• Direct Connect
• Encryption:
• Direct Connect is not secure
• Must encrypt individual connections (JDBC example)
• Monitoring of wire to catch misconfigurations?
• Synchronizing Deployments
• Hoping to use ZooKeeper
• Shell-Scripted Deployment
8
Technical Challenges (continued)
• Routing issue with Direct Connect and internet facing load balancers:
• proxy provides incorrect source IP address
• request takes one route, response takes another
9
Deliverables Review 1 of 3(items still to do are highlighted in red)
• Instance build-out:
• build a high availability stack
• scripted creation of infrastructure
• deliver both TEST and PROD stacks
• Amazon auto-scaling?
• Four or five integrations developed and in production
• A code deployment mechanism
• Operational support in place: ITO and TWS/Maestro, logging, regular backups
10
Deliverables Review 2 of 3
• Developer documentation. We will have written the following documentation:
• developer on-boarding documentation
• library of commented example integrations
• Wiki section documenting best practices
• A Security Guide will be available for developers
• Testing
• Prove that guaranteed message delivery is working by simulating outages
• Perform security testing, maybe through Hailstorm or Veracode dynamic scans.
• load testing?
11
Deliverables Review 3 of 3
• Determine if all data can be encrypted in flight and at rest without developer explicitly encrypting
• Research granularity of authorization available for:
• direct JMS connection to ActiveMQ
• read / write message queues
• connection to web services
• consumption of OSGI services (DB connection pools)
• access to system properties
• access to file system
• Implement the above authorizations as needed for Pilot
12
How You Can Help:
• We've been discussing penetration testing with Ventz. Should we do all of the following?
• A manual overview of the architecture
• A vulnerability scan of the network and operating system layer
• A dynamic application scan of the application layer:
• How will Harvard Operations fit in? Will we install TWS/Maestro and ITO?
• Any ideas for securing data other than to secure individual connections?
• Will any form of monitoring the wire be available?
13
Wiki:https://wiki.harvard.edu/confluence/display/ATSESB/Welcome
14
Recommended