Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
HIP - Hosting Integration Platform Roadshow
1&1 Hosting Integration Platform The 1&1 Hosting Integration Platform (HIP) is a multi channel platform designed to simply and efficiently build and integrate highly scalable, robust and extensible enterprise services, systems and applications into the distributed, heterogeneous 1&1 Hosting system landscape. HIP comes with RAIN (Rapid Application Integration) a frontend platform designed to build distributed enterprise web applications that can run on desktop and any mobile devices and CloudIA (Cloud Integrated Architecture) a backend platform that provides cross cutting functionalities for developers to build, distributed and composite systems, services and applications within a consistent RESTful service oriented environment.
Why do weneed HIP forourControlPanel? • Whatourcustomerssee • Slow performance • Middle-classusability • Nolanguageselection • No mobile support • Nodomainbatchhandling • Web 1.0 lookandfeel • No SSO forjumpstootherproducts • Whatdeveloperssee • Monoliticbuilding block • Multiple nestedsystemdependanciescausingrunandtestissues • No N-Tier architecture • Complexusageoffrontendframework • Toolingissues (Minimal mavensupport, testsupport, releasemanagement, dependencyresolving, changemanagement) • Multiple divisions (> 50 Developers) commitingtoONEsourcechunk • Fragmentedlocalisationsupport • Framework versioninconsitancy • Nomultitenantsupport • No mobile support • Limited rolesandrightssupport • Web1.0 basedtechnology
Initial Situation • Maintainability • products i.e. Control Panel generally consists of many (remote) services orchestrated together • services are closely integrated and use proprietary protocols and data models • strong dependencies between services significantly increase efforts for maintenance • Internationalisation • partial localisation support only, becomingincreasingly expensive in addition • still recurring issues when deploy services and infrastructure to international markets, i.e. outstanding efforts for product rollouts in different data center due hard wired services • no real multi-tenancy, especially regarding to legal terms and conditions • User experience • mobile and tablet devices unsupported • suffers from the fact that products such as DIY, WebDesk or OX use a broad variety of custom authentication and SSO mechanisms • products that have to communicate with each other, are required to adapt the solution of the respective other product in addition • 1&1 Hosting Target Architecture • clear competences and responsibilities for domains not given yet • impacts on cross cutting concerns such as authorization and integration efforts when adapting the new target architecture
1&1 Hosting Integration Platform The 1&1 Hosting Integration Platform enables Product Service System (PSS) developers to easily integrate into the Hosting landscape, effective and autonomous. HIP supports: • Self-contained system, service and application development • Independent deployment of components • Defined component and service life-cycle • Governance for interaction and communication between mutually interacting software • Horizontal scale out of components and of component interactions • Coherency of interfaces • Simple multi channel support • Simple internationalization support • Intermediary components for authentication and authorization to enforce security and encapsulate legacy systems
1&1 Hosting System Landscape HIP Rain CloudIA Client Runtime RAIN IDE Public Frontend Service Service Stack Server Runtime Resource Server Service Management Guidelines Business Support Systems (BSS) ProductService Systems (PSS) Domain Email SSA SSA O r d e r T r i g g e r Contract RESTful API RESTful API SSA Customer Supplier Supplier RESTful API Billing Supplier Order Platform Order Entry Provisioning API Order Management ProcessPlatform
SSA & PSS – a briefdescription PSS – Product Service System Is a (new) implementation of an 1&1 Hosting product which is compliant with the 1&1 target architecture. This means the backend is decoupled from other products (no monolithic system) and integrated via RESTful services. It uses the technologies and services provided by HIP. SSA – Self Service App Is a frontend (Web-) App for a PSS which allows end-users to administrate the product on their own (self service). Currently this kind of functionality is bundled in the Control Panel but shall be modularized according to the PSS.
HIP Integration scenario DMZ SSA SSA SSA Token SSA <<Role>> SSE Rolebasedaccess <<Role>>Owner <<Role>> Read Claim basedaccess Single Sign On Single Sign Out Message Bus Events Access Control Quotas SSO Filter PSS PSS Multitenancy PSS PSS Token PSS
RAIN.js HIP Rain CloudIA Client Runtime RAIN IDE Public Frontend Service Service Stack Server Runtime Resource Server Service Management Guidelines What is RAIN.js RAIN (Rapid Application Integration) is a frontend platform designed to build robust, extensible, efficient, highly scalable enterprise web applications that can run on desktop and mobile devices.
RAIN Benefits - Web-fragment-aggregation and recursive composition • Discrete Web-fragments • Aggregation from web-fragments out of multiple (sub) web-fragments during runtime on demand • Reuse of web-fragments either multiple times in the same, or in different aggregation contexts • Simple communication between web-fragments without complex “intercom” mechanisms (no Iframe, Intents) • Simple composition of user interfaces • De-coupled testing of web-fragments • Centralized management for web-fragments i.e. to manage a common branding • Multi device support • Holistic support for different client platforms: classic browser, smartphones, tablets • HTML5 ready • Dynamic UI layouts at runtime on demand • Internationalisation • Localisation support for text, images and layouts • Dynamic language selector: switch display locale in frontend at runtime • Generator for localization files • Further USPs • Asynchronousrenderingengine • Messaging support / Intentsmechanism • OAuth2 securityintegrationwithCloudIA
CloudIA HIP Rain CloudIA Client Runtime RAIN IDE Public Frontend Service Service Stack Server Runtime Resource Server Service Management Guidelines WhatisCloudIA? CloudIA offers to its customer (internal and external developers) an easy integration into the 1&1 hosting system landscape. CloudIA can be understood as a broker between its customers and offers cross cutting functionalities. These functionalities allow developers to concentrate on their core competence. We assure for our customers a consistent RESTful service oriented architecture.
CloudIA - ComponentOverview HIP Registry & Request Broker Access Control API (Standard Web Protocol RBAC) Reverse Proxy Integration Governance Layer Data Storage Criteria API OpenID Authentication Facade PSS Configuration API Public Frontend Services PSS Messaging Broker (PSS2PSS) OAuth2 Authorization Provider Service Registry SDK‘s (Java, JS, PHP) PSS REST APIGovernance DocumentationGuidelines Transparent Proxy Localisation-Tooling PSS Configuration Service AC SelfService UI Developer Guidelines BI Aggregation Service Integrated-build-system HTTP API‘s Management Console DataStorage Cluster Access Control Service Domain Model Specification BI Provisioning Service Infrastructure Profiling QuotaPolicy Service SSO Integration Templates Error Processing Service Event Notification Service UAS Adapter ResourceMetering Service WebSocket Server Realmbased Service Stack Service Management Toolchain Guidelines Protected Backend Services
CloudIA components (Authentication/Authorization) in detail • OpenID Authentication Facade • OpenIDprotocolwrapperforexisting 1&1 identitystoresactsasOpenIDproviderand/orrelyingpartyforanyserviceconsumer. Itenablesscopedandsecureintegrationof 3rd partyapplications (e.g. communityapps) into 1&1 hostingapplicationlandscapewhilereducingdevelopmenteffortsofbothinternalandexternalteams in relationtoauthenticationscenarios. • Access Control API • Thisis a public HTTP interfacethatexposes and standardizes Access ControlService query operations to those PSS applications that require these operations in order to secure resources, which are accessed through the PSS application. Utilizing an issued access token, the API allows application developers to query for authenticated users and granted authorities. OAuth2 Authorization Provider • Thiscomponentprovides OAuth2.0 protocolsupportbywrappingthegeneric, rolebasedsecurityinfrastructureofAccess Control Service. OAuth2 empowersapplicationdeveloperstosecuretheirresources on behalf oftheirusers in a federatedenvironmentwithouttheneedfortheuserstorevealtheircredentials. Access Control Service • Itis an infrastructureengineservingbasicaccesscontrolfeatures on whichthe open authenticationandauthorizationprotocolflowsrely. Applicationdeveloperscan manage roles, permissions, andtrustedclientswithin a realmforservicesrequiringprotectedaccess.
CloudIA components (Storage and lookup) in detail • HIP Registry • DataStorage Cluster • Central point to dynamically register and lookup bundles, backend services, RAIN Components and Monitoring elements that are within a use case scenario. • A scalableandreliablestorageinfrastructurethatmanagesanykindandamountofdataapplicationdevelopersrequireto manage seamlesslyandtransparently. Applicationsmay also sharemanageddatabased on a fine-grainedaccesslevelorgroupdatabyusingthenamespaceconcept. • A publicproxyservicethatforwardsinboundrequeststotherespectiveinternal web-serverthatprovidestherequestedresources. Thus, all platformservicesareexposedtoclientsover a commondomain. • Reverse Proxy • DataStorageCriteria API • A public HTTP interfacethatenablesclientapplicationstopersistandretreiveanykindofdatatheydesire. Besidescommonkey/valueoperations, the API providesfilteringabilities (criterias) toconditionalyretreivedata not onlybytheirkeys but also byotherdescriptiveattributes.
CloudIA components (PSS onboarding and governance) in detail • PSS Configuration API • QuotaPolicy Service • An API exposingoperationsofPSS Configuration Service permittingeach PSS applicationindependentlyconfiguringitsownrealms. Byfeeding a canonicaldomain model, applicationscanconfiguretheirruntimespecificproperties such asaccesspermissionsorclientquotas. • Measuresandenforcesquotas PSS applicationscansettolimitclientrequestsandresourceconsumption. Supportedquotametrics such asamountofdata per requestorrequests per timeframemaybe limited toanyorcertainclientsof an observedapplication. PSS Configuration Service • A Peristencelayerforapplicationspecificproperties a PSS canconfigurebyusingthepublicPSS Configuration API. The Service also distributescertainpropertiestotherespectiveservicetheybelongto, e.g. accesscontrolconfigurationsaredelegatedtothe Access Control Service. PSS Messaging Broker (PSS2PSS) • A Lightweight message-busenablingdecoupled PSSs exchaninginformation. Event Notification Service • A servicethatacquires, filters, and delivers information about platform events. In order to avoid fragmented event notification solutions for different concerns, such as alerting exceeded quotas, applications have to listen only on one single channel with one common event model.
Core concepts • Stateless, distributedservices– contraryto a centralizedandmonolithicsoftwaresolutionthatintegratesProduct Service Systems andsupportapplications, CloudIAconsistsofseveral, distributedservices, wherebyeachserviceisdedicatedto a certainfeaturescope. None oftheservicescomprisesbusinesslogic. Moreover, ourplatformservicesareintendedtogetorchestratedbybusinesssolutionsandproducts. Toachievethisweuse: • HTTP interfacesonly • thatfollowRESTful design principles • strict HATEOAS • lazyserviceinitialisation • canonicaldata model forplatformservices • Storage forcontext sensitive data– forscalabiltiy / internationalisationreasons all Product Service Systems areintendedtobestateless, theresponsibilityto manage applicationstatesisdelegatedtotheclientside. SomeProduct Service Systems still requiretokeeptrackofapplicationstate on serversideand/orneedtoexchangecontext-sensitive data. TosupportProduct Service Systems becomingstatelessandself-containedCloudIAoffers a scalabledatastoragetoProduct Service Systems.Toachievethisweuse: • NoSQL HA cluster • securedstoragerealm per client • abilitytosharestoragerealms • REST interfacewithcriterialikequeries • monitoringcallbackinterfacesforclients ® 1&1 Internet AG 2010
Core concepts • Open standard Web protocols– anyserviceusescommonstandardsandprotocolsonly. There will benoproprietaryworkflowsorextensions. Onemajorgoalis a straightforwardintegrationof 3rd partyapplications, regardlesswhetherprovidedbyinternalorexternalpartners. All adoptedtechnologiesandsolutionsarealignedtothatgoal. Toachievethisweuse: • IETF & OASIS industrystandards • onecommonprotocolstackfor all services • prototypesforintegrationscenarios • Token basedaccess– ourplatformenforcestokenbasedaccessevenfor backend services. As partoftheplatform, weoffer a finegrainedaccesscontrolbased on authorisationtoken. Every applicationthatwantstointegrate, e.g. Product Service Systems, ishighlyrecommendedtousethatapproach in order toparticipate all in all. Toachievethiswe do: • intenselysupportapplicationdevelopers, i.e. withSDK‘s (Java, PHP, JS) and extensive guides • leverage a lightweightand simple mechanismtoretrieveandvalidateaccesstoken • Bridge legacyandtargetarchitecture– since not all services in thehostingsystemlandscapearerefactoredregardingtothenewtargetarchitecture, we will supportlegacyservices in ourservicestackas well alongthemigrationpath. Toachievethisweprovide: • documentedguidelinesandpatternsforProduct Service Systems • exemplaryimplementationofservicesforContract Management ® 1&1 Internet AG 2010
Benefits - CloudIAreflectsandaddressesexistingandupcomingissuesof 1&1 hostingproducts. • Maintainability • trackingandlimitingofaccesslevel, origins, quotasandfeaturesofferedtotheclients on behalf ofProduct Service Systems • exclusiveuseof open web standardsandlightweightprotocolsonlyenablesProduct Service Systems tointegratelooslycoupledwithotherservices • de-coupledtesting • easy andprecisefailuredetection • Internationalisation • standardized, guided design of services and API’s significantlyreduces efforts for international rollouts and localization • clear separation of localizable content • independent ad hoc service deployment due loose coupling • supports fulfillment of different legal terms and conditions due multitenancy support • User experience • standardizedSingleSignOnpermitsusersto jump seamlesslyandtransparentlybetween SSAs • authenticationsupportfor 1&1 Accountandothercredentialpairs • communityreadiness, integrating 3rd partyapplicationswithlessefforts • 1&1 Hosting Target Architecture • enablescoherentorchestrationofProduct Service Systems andself-containedservicesaccordingly • crosscuttingconcerns such asauthenticationandauthorizationsolved in a reliableandfuture-proofway • genericandcoherentcommunicationinterfacesforProduct Service Systems whenevertheyarerequiredtoexchangeinformationwitheachother ® 1&1 Internet AG 2010
List of HIP Features ready for PSS DEVELOPMENT Integration on August 7th 2012 (Release 1) Asynchronous Rendering Engine Development Integration Environment Messaging Support HIP Registry Modular RAIN SDK Authentication Facade Internationalization (I18N) OAuth2 Authorization Provider CSS Media Query Support Data Storage Visual Elements Contract Management CloudIA SDK Security Exception Handling Documentation HTTP Session Guidelines Documentation
HIP Releaseplan 2012 Jul Aug Sep Okt Nov Dez Release 1 Release 2 Release 3 New Releases after every 3 Sprints / 9 Weeks The primary target of this release is to make important HIP Features available on our DEVELOPMENT Integration Environment so that other Hosting product teams (like Domain SSA) can start development / integration with HIP Features. Release 1 (07.08.2012) The primary target of this release is to make important HIP Features production-ready and directly integrate / use them in some of our Hosting products (like Control Panel and Domain SSA). . The primary target of this release is not defined yet. One of the main objectives is to bring HIP into Production. Release 3 (11.12.2012) Release 2 (09.10.2012) CloudIA Coding Night Date: 09.08.2012 ® 1&1 Internet AG 2010
Ressources ® 1&1 Internet AG 2010
Backup ® 1&1 Internet AG 2010
1&1 Hosting System Landscape example use-case – token based access on provisioning data 3 - storetoken 4 - readtoken Rain Server Runtime (i.e. Session Manager 2 - createtoken 5 - GET /domains Domain 7 - GET /articleItems Contract 1 - contractId 12345 ContractSelection SSA Domain SSA 6 - verify token <<RESTful >> Domain Config API 10 - Domains 1and1.com gmx.net web.de Domain Backend Services Domain Comet Services <<RESTful >> Contract API Domain 8 - verify & decrypttoken Provisioning Information Manager UseCase “listdomains“: CloudIA Callback URL Access ControlAPI 9 - Articles 123:AG-AN-FN-QN 456:AG-AN-FN-QN 789:AG-AN-FN-QN selectcontract createunique OAuth2 token storetokenatruntime readtokenfromruntime calldomainlist, usingtoken verifytokenandretrievecallbackurl (PIM) callarticlelistusingtoken verifyanddecrypttoken (idofcurrentlyselectedcontract) getarticlesforcontractfrommigraene usearticlelisttoretrievedomainsfrommigraene Access Control Service Migraene OAuth2 Authorization Provider Auftragmatrix Domain
1&1 Hosting System Landscape - Legacy Controlpanel HIP Rain CloudIA controlpanel-mambaFrontend Client Runtime RAIN IDE Public Frontend Service Service Stack controlpanel-mambaFrontend controlpanel-mambaFrontend Server Runtime Resource Server Service Management Guidelines controlpanel-login controlpanel-login controlpanel-login Business Support Systems (BSS) ProductService Systems (PSS) Domain Email SSA SSA O r d e r T r i g g e r controlpanel-app-userdata controlpanel-app-domain Contract controlpanel-app-userdata RESTful API RESTful API SSA controlpanel-app-userdata Customer Supplier Supplier RESTful API Billing Supplier Order Platform controlpanel-hostingorder Order Entry Provisioning API Order Management ProcessPlatform
1&1 Hosting System Landscape – Migration path ® 1&1 Internet AG 2010
ControlPanel Evolution Path HIP HIP CloudIA CloudIA Rain Rain ControlPanel ControlPanel ControlPanel Frontend Container Frontend Container Mail Mail Mail Domain Domain Domain Domain SSA Q1 ‘13 My Data My Data My Data ContractSelection Q1 ‘13 Customer Customer Customer My Data tbd Contract Billing Contract Contract Billing Q2 ‘13 WebHostingSSA MailXChange SSA tbd De-coupledevolutionforevery PSS/BSS* Enablement Q1 ‘13 MS Produts SSA Starting Q1 ‘13 Ongoing Projects CP Performance QuickWins CP UX improvments CP I10N CP regional deployment *Each PSS/BSS decidesifandwhentofollowtheevolution, propably, ifbiggerbusinessrequirementsshowup in theroadmap Asyncronousserversiderendering (RAIN) Utilizationofcommonservices (CloudIA) Frontend container CP Externalloginservice CP Loginflowcleanup CP Pustefix Version Update Evolution tothenewControl Panel ConsolidationandrefactoringoflegacyControlPanel ® 1&1 Mail & Medien GmbH 2011
Possible scenarios for BSSA Evolution Frontend Container Frontend Container ControlPanel Middleware ControlPanel Middleware BSSA BSSA Facade Facade Business Systems / Leadingsystems Currentlyplannedscenariowithin PF1ST Evaluation withbusinesssystemsifwecanenhancethescopeofthe BSSAC and BSSAA initiatives tosteptowardstargetarchitecture ® 1&1 Mail & Medien GmbH 2011
1&1 Hosting System Landscape – Migration path • A firstmilestonewhenmigratinghostingproducts/ControlPanel will beachievedbyclusteringrelatedactivities in 2 majorphases: • Migration ofcommonservices • outsourcingofuserauthentication in a separate service • integratingnewauthenticationservicewithnewstandardized SSO solution • replacementofobserverbaseddataretrievalwitheventbasedcommunicationpattern • shiftdistributed order processtriggertonew Order Management solution • movelegacybusinesslogicto backend layerpartiallymisplaced in frontendyet –> domainlogic kompl. Im CP • ImplementingRESTfulservicewrapperforfrontendand backend services
1&1 Hosting System Landscape – Migration path • 2. Integratingfirstcitizien • new SSA frontendsolutionbased on RAIN readyforuse • Integrating BSSA as RAIN firstcitizien (i.e. invoiceoverview) • implementingseamlessloginjumpsbetweenProduct Service Systems(ControlPanel, BK Shop, Domain SSA) • readonlyRESTfulinterfaceforcontractdata • facadeformergingandprovidingdatafromlegacycontractmanagement, CCD andCometatonesingleaccesspoint • SSA ContractSelectionimplemented • DHIP asreadonlyRESTfulservicewrapper (configapi, caching, notifications, … )
Protocols – federatedloginwithOpenID • Benefitsfromtheusersperspective – Safe, Faster, Easier! • Safe: usercredentialsenteredonlyat ONE trustedplace • Faster: seamlessauthentication, userprofiledataenteredonlyonce • Easier: one Web identity instead of many usernames and passwords • Benefits from application developer perspective • user agent based Single Sign On possible • user profiles can be distributed across different but trusted services • control of sharing information • many popular web applications to easily integrate with • How it works • an OpenID is a global unique URL that is owned by one digital identity e.g. myopenid.1and1.com/maxmustermann • the OpenID and its credentials are known and validated by a so called IdentityProvider e.g. myopenid.1and1.com • user authentication via OpenID is requested by a RelyingParty, usually a common web application that has a trusted relationship to the IdentityProvider and serves applications a user wants to access
Protocols – OpenIDflow • Final thoughts: • many OpenID capable Web Sites already out there • de facto standard on many popular we platforms • broad support in different programming languages, SDKs and HTTP server • therefore easy to integrate • and lower risk and fewer bugs in connection to authentication when using a ready-made proven APIs
List of HIP Features ready for PSS DEVELOPMENT Integration on August 7th 2012 Asynchronous Rendering Engine Development Integration Environment • Stable Dev environment (VMs, DB-cluster, ...) • GSC asdevelopmentbase • Maven 3 integration • Continuous Integration (incl. release process) • Automated integration tests (Fitnesse) • System monitoringasrequiredby IT-Ops • IT-Security checklist forourapplications • RESTful API Guidelines applied on all services Messaging Support HIP Registry Modular RAIN SDK • Service registryusedfor HIP internalservices (CRUD, filter, …) • Register PSS services • Request Broker aka service lookup functionality (with advanced filtering) Authentication Facade • PSS sample app („DCS light“) with best practice solution • Demonstration of SDK in CloudIA Coding Night • Maven archetypes for simple PSS setup / generation • OAuth2 authorization model support • HowTo / tutorials for HIP integration • Ready to use for local development • Login functionality using UAS (IDP, NS), including facade of user management • Mapping 1&1 Account to Customer (currently mocking services from Munich) • Error handling for Login and Logout Internationalization (I18N) OAuth2 Authorization Provider CSS Media Query Support • Documentation (HowTo, Use Cases mapped to OAuth flows • PSS Archetype with OAuth2 support (see SDK) • All HIP Services secured (including fine grained client config) Data Storage • http://developers.1and1.com/hosting/hip/index.html • Infrastructure documented • HIP services documented (REST API, system context diagram, UML) • Operations manual for all services (aligned with Hosting-OPs) Visual Elements • Session Store (CRUD, Bulk operation, data security via OAuth2) • Data Storage Criteria API with support for filtering and paging of data • Data Storage Cluster using a highly scalable NoSQL database (Cassandra) Contract Management • REST API Guidelines (thoroughly used, not provided) • LoggingGuideline • I18N Guideline • Caching Guideline • OAuth2 AuthorizationGuidelines • Contract selection with RAIN frontend integration • Provisioning Information Manager supports • caching, filtering, paging of data • articleItems from migraene for legacy migration • provisioningItems for new SSA CloudIA SDK Security Exception Handling Documentation HTTP Session Guidelines Documentation
List of HIP Features ready for PSS DEVELOPMENT Integration on August 7th 2012 • Server side API • Client side API Asynchronous Rendering Engine Development Integration Environment • Client side publish / subscriber • Intents mechanism (client / server) Messaging Support HIP Registry • Create project • Create component • Start / Stop server • Generate localization files Modular RAIN SDK Authentication Facade • Text localization • Images localization • Layout localization • Dynamic language selector • Server side / client side support Internationalization (I18N) OAuth2 Authorization Provider • Button • Drop Down Button • Drop Down Menu • Checkbox • Radio Button • Group of Checkboxes • Group of Radio Buttons • Progress Bar (Quota Indicator) • Datagrid with support for paging, sorting and filtering CSS Media Query Support Data Storage Visual Elements • 1&1 Account login component • OAuth2 integration with CloudIA • Authorization for Frontend Components ( compliant with Role Based Access Control 2.0 Standard • Dynamic security conditions (pluggable security hooks specific to each application). Contract Management CloudIA SDK • Custom Exception Pages • Generic Handler for Error handling Security Exception Handling Documentation • Pluggable storage with default CloudIA data store integration (OAUTH 2 secured) • Open source storage for http session (Memory store) HTTP Session Guidelines Documentation