TRESOR: The modular cloud - Building a domain specific cloud platform with OSGi - Alexander Grzesik
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

TRESOR: The modular cloud - Building a domain specific cloud platform with OSGi - Alexander Grzesik

  • 1,337 views
Uploaded on

OSGi Community Event 2013 (http://www.osgi.org/CommunityEvent2013/Schedule) ...

OSGi Community Event 2013 (http://www.osgi.org/CommunityEvent2013/Schedule)

ABSTRACT
The usage of cloud technologies for data exchange as well as the capability of services to run in the cloud brought this internet-based technology a gain of importance in the last years covering the private customer as well as the industry. This talk will give a practical introduction to an OSGi based architecture for cloud applications and gives an overview to the usage of OSGi Enterprise and Blueprint specifications. It will show some best practices, we established to develop with OSGi in an enterprise cloud environment.

With sight on the healthcare sector, the cloud is challenged with special requirements on data security during storage and transfer. Thus leading to the need to address customer concerns respecting privacy in much more detail than in other areas. To advance the research on the usage of cloud technologies in the healthcare sector as well as to enrich discussions on this theme, the German Federal Ministry of Economics and Technology funds 14 research projects as part of the Trusted Cloud initiative [1]. The TRESOR - Trusted Ecosystem for Standardized and Open cloud-based Resources – project as one of these projects has the aim to provide an open platform for cloud applications for the health care sector [2]. In this project, we combine modern cloud technologies and the OSGi service framework to build a modular and scalable PaaS (Platform as a Service) to provide flexible domain specific services for healthcare.

Topics covered:

Introduction to the TRESOR project
Why we decided to use OSGi
OSGi based architecture, benefits and pitfalls
OSGi Enterprise and Blueprint, What they provide and what is lacking
Some Best Practices
OSGi & Maven
From jar-hell to bundle hell ?
Fine grained control with Bundle Security
OSGi Bundles & JPA Persistence
Transaction management with Blueprint
OSGi in the cloud
References

[1] Trusted Cloud Project, BMWi

[2] TRESOR Homepage, BMWi

SPEAKER BIO
Current employment: Head of development of medisite Systemhaus GmbH responsible for the development of the Patient Data Management System (PDMS) m.life and Software architect for the TRESOR Project. 15 years of work experience in medical Software development, 10 of this as Team leader and Software architect. Expert for Software Architecture, OSGi, Java and Java EE

More in: Technology , Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,337
On Slideshare
1,337
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
25
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. TRESOR – the modular cloud Building a domain specific cloud platform with OSGi OSGi Community Event Ludwigsburg Eclipsecon 2013
  • 2. About myself Alexander Grzesik Head of Development medisite Systemhaus Working 15 years in software development alexander.grzesik@medisite.de Java Software Architecture Medical Software Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 3. Cloud – the future ? By David Fletcher Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 4. TRESOR Partners Trusted Ecosystem for Standardized and Open cloud-based Resources TRESOR is funded within the Trusted Cloud project by the Federal Ministry of Economy on basis of a resolution passed by the German Bundestag Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 5. TRESOR Cloud Ecosystem Search, Maintain, Match Marketplace Authentication IDM (i.e. Active Directory) Authorization TRESOR Proxy (Client) Service Profile Repository SLA Monitoring TRESOR User Manage TRESOR Proxy (Client) Client Profile Repository Billing TRESOR Broker TRESOR Ecosystem TRESOR Billing Service use TRESOR Proxy (Client) Clients TRESOR Proxy (Trusted 3rd Party) TRESOR PaaS TRESOR Service Provider Service use IaaS-Provider MMV PAI TRESOR Proxy (Service) Eclipsecon 2013 ... Building a domain specific cloud platform with OSGi Dynamic Services
  • 6. TRESOR Goals Extensible Data Security OSGi based Encrypted Data Use of Standards Secure Communication Development tools Open Secure Flexible Cloud Scalable Fast Time-to-Market Reliable No Vendor Lock-In High Availability Flexible deployment Eclipsecon 2013 Certified Powered by OpenShift Building a domain specific cloud platform with OSGi
  • 7. TRESOR PaaS at a glance Open Platform Strong Encryption Domain specific API Eclipsecon 2013 6dfg4854 5454sff5 179hg45g 584551gh 2152fgh5 78dfd15d 98dfgh2d fgf72548 44485ddf 658g54d1 11fghf15 14925fg1 7654fghd 874dfg6d Polyglot Persistence 151fd545 151538fd 15414gfg 154215jh 15325sgd 897fg21d 3544sdfg Modular Architecture Building a domain specific cloud platform with OSGi Powered by OpenShift
  • 8. Domain specific API Application Glassfish Application Server TRESOR Proxy Server Healthcare Applications and Services Applications & Services Plugin Build Service Vaadin Web Framework UI Components UI Module Management Plugin repository Laboratory Diagnostic Theraphy Planning Radiology Diagnostic Document Management Elastic Search Management & Monitoring Patient Adminstration Patient Timeline Clinical Documentation Order Entry Encryption Engine Terminology Reporting Encryption Business Rules Object Mapping User Management Configuration Search and Index Security Process Engine Persistence Notification Apache Felix OSGi Aries Blueprint Enterprise OSGi Java EE JPA/Eclipse Link 3rd Party Bundles OpenAM Eclipsecon 2013 Building a domain specific cloud platform with OSGi Integration Engine
  • 9. Cooking in the Cloud with OSGi Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 10. The Challenges Component Management Provisioning Dependencies Architecture Java Enterprise Integration Security Configuration Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 11. Bundle Structure Application Bundle Service Bundle Depends on API Impl Straightforward Tightly coupled API to Implementation Replacing Implementation with high overhead Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 12. Better: Bundle Separation Application Bundle Depends on Service API Bundle Depends on API Separate API from Implementation Application only depends on API Implementation may be changed transparently Eclipsecon 2013 Building a domain specific cloud platform with OSGi Service Impl Bundle Impl
  • 13. Managing with Blueprint • Spring-style dependency injection <bean id=“bmiServiceBean" class="medisite.eclipsecon.bmi.impl.BmiServiceImpl"> <property name=“calculatorBean" ref="bmiCalculatorBean"/> </bean> • Keeps code clean of OSGi dependencies <service id=“bmiService" ref=“bmiServiceBean" interface="medisite.eclipsecon.bmi.BmiService“ /> • Handles Service Lifecycle <reference id=“importedService" interface=" medisite.eclipsecon.bmi.BmiService" availability="mandatory”/> • Enterprise Extensions Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 14. Managing Dependencies Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 15. Manage Dependencies • Maven allows managing dependencies and versions • Maven Bundle Plugin creates your bundles <plugin> <groupId>org.apache.felix</groupId> <artifactId>maven-bundle-plugin</artifactId> <configuration> <instructions> <Export-Package>medisite.eclipsecon.bmi.*</Export-Package> <Import-Package> org.slf4j;provider=paxlogging, * </Import-Package> </instructions></configuration></plugin> Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 16. Non OSGi dependencies • Problem: A dependency is not an OSGi Bundle • Option 1: Wrap bundle <goals> <goal>wrap</goal> </goals> <configuration> <wrapImportPackage>;</wrapImportPackage> </configuration> • Option 2: Embed dependency <Embed-Dependency> *;scope=compile|runtime;type=!pom;inline=false </Embed-Dependency> <Embed-Transitive>false</Embed-Transitive> <Import-Package>*;resolution:=optional</Import-Package> Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 17. Java Enterprise Integration Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 18. Persistence • JPA Persistence Units as OSGi Bundles • Create Persistence.xml and include in bundle: <Meta-Persistence> META-INF/persistence.xml </Meta-Persistence> <Include-Resource> META-INF/persistence.xml=src/main/resources/METAINF/persistence.xml </Include-Resource> <JPA-PersistenceUnits> persistence-test </JPA-PersistenceUnits> Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 19. Embeded Persitence Unit Application Bundle Depends on Service API Bundle Depends on API Eclipsecon 2013 Building a domain specific cloud platform with OSGi Service Impl Bundle Impl Persist ence
  • 20. Persistence Service Application Bundle Service API Bundle API Service Impl Bundle Impl Persistence Bundle DAO Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 21. Persistence Service via Blueprint • Managed by Blueprint container (Aries) • Declarative Transaction Management <bean id=“bmiDAO" class="medisite.eclipsecon.persistence.impl.BmiDAO" init-method="init"> <jpa:context property="entityManager" unitname="persistence-test" /> <tx:transaction method="*" value="Requires" /> </bean> Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 22. Web Application Bundle • Deploy a war as OSGi bundle (wab) <instructions> <Web-ContextPath>/bmi</Web-ContextPath> <_wab>src/main/resources</_wab> </instructions> • Interact with OSGi Services from Servlet BundleContext ctxt = (BundleContext) servletContext.getAttribute(“osgi-bundlecontext”); • JNDI Integration InitialContext ic = new InitialContext(); IBmiService calculator = (IBmiService) ic.lookup("osgi:service/" + IBmiService.class.getName()); Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 23. Configuration Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 24. Configuration Administration Service • Blueprint integration from Apache Aries <cm:property-placeholder id="property-placeholder" persistentid=“frameworkConfig" update-strategy="reload"> <cm:default-properties> <cm:property name=“selfTest" value="false"/> </cm:default-properties> </cm:property-placeholder> <bean id=“testerBean" class="medisite.eclipsecon.bmi.impl.BundleTest> <property name="selfTest" value="${selfTest}"/> </bean> • Managed Properties <bean id=“bmiService" class="medisite.eclipsecon.impl.BmiServiceImpl"> <cm:managed-properties persistent-id=“bmiServiceConfig" update-strategy="container-managed"/> </bean> Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 25. Security Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 26. ConditionalPermissionAdmin • Control Permissions ConditionalPermissionAdmin cpa = getConditionalPermissionAdmin(context); ConditionalPermissionUpdate u = cpa.newConditionalPermissionUpdate(); List infos = u.getConditionalPermissionInfos(); infos.clear(); for (String encodedInfo : encodedInfos) { infos.add(cpa.newConditionalPermissionInfo(encodedInfo)); } if (!u.commit()) throw new ConcurrentModificationException("Permissions changed during update"); Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 27. Policy File Reader ACCEPT { [org.osgi.service.condpermadmin.BundleSignerCondition "CN=tresor,O=medisite Systemhaus GmbH,C=de"] ( java.security.AllPermission "*" "*") } DENY { (org.osgi.framework.PackagePermission “medisite.eclipsecon.*" "IMPORT") } ALLOW { (org.osgi.framework.PackagePermission “*" "IMPORT") } Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 28. More thoughts on Security • Make sure PolicyManager starts before custom bundles • Restrict access to ConditionalPermissionAdmin • Application Permissions with blueprint interceptor (Aries) Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 29. Provisioning Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 30. Cloud Provisioning Repository Cloud Application Manager Application Application Application Application
  • 31. Putting it all together Blueprint Configuration Admin Configure Application Bundle Service API Bundle Service Impl Bundle API Impl Protect Security Manager Eclipsecon 2013 Building a domain specific cloud platform with OSGi Persistence Bundle DAO
  • 32. Lessons learned • Steep learning curve • Detailed information is often missing • From jar hell to bundle hell – Managing dependencies is challenging – Not all libraries support OSGi • Difficult to migrate non-OSGi application to OSGi Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 33. Benefits of OSGi for Architecture • • • • • • Separation of components Loose coupling Detect dependencies Encapsulation Versioning Integrating Java EE Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 34. Think about your architecture Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 35. Useful Resources • The OSGi Standard • OSGi Books – OSGi in Action – OSGi in Depth – Enterprise OSGi in Action • IBM Websphere Documentation • Pax OSGi Projects Eclipsecon 2013 Building a domain specific cloud platform with OSGi
  • 36. Questions ? Eclipsecon 2013 Building a domain specific cloud platform with OSGi