Enterprise Service BusAdvisory Board Mtg #2

To the service bus and beyond...

Administrative Technology Services:

Enterprise Applications

ATS ESB Advisory BoardMeeting #2, Friday, 2/6/2015

2

Advisory Board• Scott Bradner

• Jon Saperia

• Jefferson Burson

• Ventz Petkov

• Bill Knox

• Alex Manoogian

Presenting• Lisa Justiniano

• Karen Stelle

• Brian Sullivan

• Mike Thomas

Current Infrastructure Choices

• Amazon Linux 64-bit

• ESB software: abandoned Fabric8 for ServiceMix. Version 2.0 of Fabric8 (November 2014) is now a Kubernetes + Docker application.

• Messaging: Stand-alone ActiveMQ instances. The ServiceMix-embedded ActiveMQ could not handle fail-over correctly.

• Database: RDS Oracle Ent 11 with TDE (transparent data encryption) option. Single encrypted tablespace. 

3

Architecture

• 2 AZs, single region

• 2 ELBs to support direct JMS

• AMQ configured for shared database

4

RDS Oracle RDS Oraclehot standby

Elastic Load Balancer443 CXF, Karaf web console

ServiceMix ServiceMix

ActiveMQ ActiveMQ

Elastic Load Balancer443 ActiveMQ web console61617 ActiveMQ

us-east-1a availability zone us-east-1b availability zone

monitor 8101(karaf SSH console) monitor 8101

monitor 61616monitor 61616

Network

• Simple but provide:

• DR and fail-over

• Security: separate subnet for persistence.

• 2 VPCs, one for TEST one for PROD

• Each VPC gets a /24 network from UNSG.

• Break the /24 network into four /26 networks (58 IP addresses):

• two for application

• two for DB

• The elastic load balancers get public IP addresses outside of our subnets.

5

Network

6

RDS Oracle RDS Oraclehot standby

Elastic Load Balancer(internet Facing)

us-east-1a availability zone us-east-1b availability zone

subnet 10.39.8.0/26 subnet 10.39.8.64/26

ServiceMix

ActiveMQ

ServiceMix

ActiveMQ

subnet 10.39.8.192/26subnet 10.39.8.128/26

Elastic Load Balancer(Internet Facing)

TEST instance VPC 10.39.8.0/24

public IP 54.174.31.20atsesbtest1.cadm.harvard.edu

public IP 54.173.128.135atsesbtest2.cadm.harvard.edu

atsesbtest.cadm.harvard.edu atsesbtestmq.cadm.harvard.edu

Direct Connect

Harvard Data Centers

60 Oxford St.

Integrations

 

7

Proof of Concept Integration

web services and web service clients

local file system reads and writes

SFTP reads and writes

message producers and consumers (Active MQ)

Pilot Integration HCI / HRCI

DB Connections

ACLs

COA Validator No Future (if servlet is retired)

public -> ServiceMix

Eureka to Peoplesoft

HUID, no names

No ServiceMix -> CWDWAAPS2919000.university.harvard.eduServiceMix -> hrdev1.cadm.harvard.edu: 9108

FRAP feed HCI, PI salaries

Yes FRAP CIFS -> ServiceMixServiceMix -> GMAS DB and JackRabbit

Staff Terminations

HUID, no names

DWHRDEV ServiceMix -> crew01.cadm.harvard.edu:8103ServiceMix -> consumers of this service

7

Technical Challenges

• Connection to Non-Publicly-Routable IPs. 2 choices:

• VPN (Jefferson Burson discourages VPN use)

• Direct Connect

• Encryption:

• Direct Connect is not secure

• Must encrypt individual connections (JDBC example)

• Monitoring of wire to catch misconfigurations?

• Synchronizing Deployments

• Hoping to use ZooKeeper

• Shell-Scripted Deployment

8

Technical Challenges (continued)

• Routing issue with Direct Connect and internet facing load balancers:

• proxy provides incorrect source IP address

• request takes one route, response takes another

9

Deliverables Review 1 of 3(items still to do are highlighted in red)

• Instance build-out:

• build a high availability stack

• scripted creation of infrastructure

• deliver both TEST and PROD stacks

• Amazon auto-scaling?

• Four or five integrations developed and in production

• A code deployment mechanism

• Operational support in place: ITO and TWS/Maestro, logging, regular backups

10

Deliverables Review 2 of 3

• Developer documentation. We will have written the following documentation:

• developer on-boarding documentation

• library of commented example integrations

• Wiki section documenting best practices

• A Security Guide will be available for developers

• Testing

• Prove that guaranteed message delivery is working by simulating outages

• Perform security testing, maybe through Hailstorm or Veracode dynamic scans.

• load testing?

11

Deliverables Review 3 of 3

• Determine if all data can be encrypted in flight and at rest without developer explicitly encrypting

• Research granularity of authorization available for:

• direct JMS connection to ActiveMQ

• read / write message queues

• connection to web services

• consumption of OSGI services (DB connection pools)

• access to system properties

• access to file system

• Implement the above authorizations as needed for Pilot

12

How You Can Help:

• We've been discussing penetration testing with Ventz. Should we do all of the following?

• A manual overview of the architecture

• A vulnerability scan of the network and operating system layer

• A dynamic application scan of the application layer:

• How will Harvard Operations fit in? Will we install TWS/Maestro and ITO?

• Any ideas for securing data other than to secure individual connections?

• Will any form of monitoring the wire be available?

13

Wiki:https://wiki.harvard.edu/confluence/display/ATSESB/Welcome

14