ECLIPSE, AN EMERGING, STANDARDIZED, MODULAR, SECURE AND AFFORDABLE SOFTWARETOOLSET IN SUPPORT OF PRODUCT ASSURANCE, QUALITY ASSURANCE AND PROJECTMANAGEMENT FOR THE ENTIRE EUROPEAN SPACE INDUSTRY (FROM INNOVATIVE SMES TOPRIMES AND INSTITUTIONS) Andrea Bennetti (1), Salim Ansari (2), Tori Dewhirst (1), Giuseppe Catanese (1) (1) Affiliation Sapienza Consulting ltd., 5 Birtley Courtyard, Birtley Road, Bramley, Surrey GU5 0LA (UK), Email: firstname.lastname@example.org , (2) Affiliation, European Space Agency, European Space Research & Technology Centre Keplerlaan Postbus 299 2200 AG Noordwijk (The Netherlands), Email: Salim.email@example.com 1. ABSTRACT assessment will be presented for each module in the toolset with respect to the ECSS standard it The development of satellites and ground systems addresses. Lastly experience from early industry (and the technologies that support them) is complex and Institutional users will be presented. and demands a great deal of rigor in the management of both the information it relies upon 2. INTRODUCTION and the information it generates via the performance of well established processes. Over the past fifteen years Sapienza’s software solutions have delivered support to over 20 ESA- To this extent for the past fifteen years Sapienza led space missions and projects including but not Consulting has been supporting the European limited to: Mars Express, Rosetta, Herschel, Space Agency (ESA) in the management of this Planck, Exomars, Columbus, ATV, Galileo, and information and provided ESA with ECSS Earth Observation missions: ENVISAT, GOCE, (European Cooperation for Space Standardization) SMOS and Vega. Standards based Project Management (PM), Product Assurance (PA) and Quality Assurance The overarching goal of these software applications (QA) software applications. is to automate and help standardize (wherever possible) those core processes associated to PM, In 2009 Sapienza recognised the need to PA, and QA activities which are relevant and modernize, standardizing and integrate its core common in most space projects (from development ECSS-based software tools into a single yet through to operational phases). modularised suite of applications named ECLIPSE aimed at: For example these applications assisted ESA and its industrial partners in the management, storage • Fulfilling a wider range of historical and and sharing of project documentation, the emerging requirements, assessment and management of non-conformances, • Providing a better experience for users, the performance of formal project reviews (CDR, • Increasing the value of the information it PDR, ORR etc), the verification and tracking of collects and manages requirements compliance, and more generally in • Lowering the cost of ownership and operation the management of information and knowledge • Increasing collaboration within and between within a space project. space sector organizations • Aiding in the performance of several PM, PA, An historical account (from November 2000 ESA QA, and configuration management tasks in bulletin 104) of this contribution can be found in adherence to ECSS standards. the paper “New concepts in Document Management for Space Projects” that describes In this paper, Sapienza will first present the toolset, how the ESA Science directorate led the way in and a rationale for its development, describing and modernizing the Space Project Management justifying its architecture, and basic modules activities by developing and using an electronic composition. Having defined the toolset Document Management System (developed by architecture, this paper will address the current Sapienza Consulting) that is still successfully status of the individual applications. A compliance operated today as part of the ESA PRISMA
(Project Reporting Information System for down to the system suppliers), by increasingManagement and Administration) suite of software visibility and awareness between the parties whilstapplications (also developed by Sapienza). also standardizing key processes in a software controlled environment.3. ECLIPSE AS A TOOLSET FOR THE WHOLE SPACE SECTOR The new guidelines for Sapienza software products development, drawn in 2009, reflect our ambition to provide such a toolset to the European spaceHistorically, Sapienza-developed software sector over the coming years. To achieve our goalapplications were born and developed to fulfil the ECLIPSE has been designed tospecific needs of ESA. This effort has over theyears resulted in a collection of highly specializedweb-based collaborative software applications, • Be aligned to the ECSS Standardseach addressing the whole, or in some cases Have a low cost of ownership and operationportions, of a key ESA, PA, QA or PM process. Be agnostic to commercial platforms Be scalable, (to fit various deployment scenarios as size of data/users increases)The adoption of these applications by the ESA’s Be reliable (to support mission-criticalindustrial partners has been steadily growing, as activities)ESA projects chose applications like the RID Be comprehensive, covering a valuable sized(Review Item of Discrepancy system) and the cluster of related ECSS requirements for PA,NCTS (Non-Conformance Tracking System) as the QA and PMde-facto standards. Nevertheless industry Be modular(especially non-primes) has, until recently, had Be integrated (limiting repetition of non-valuerelatively low interest in adopting these adding operations as far as possible)applications for the management of their own Be extendableinternal operations and projects. Be customisable but retaining processes integrityAn investigation completed by Sapienza in 2009 Be collaborativerevealed that one of the major barriers to a wider Be secureadoption of the applications was the cost of the Be easy to usenecessary system infrastructure (software andhardware) which in most SMEs is not present andwarranted by other business needs. Other findings 4. ECLIPSE SPACE BUSINESSrevealed that a greater integration of the MODULES (STATUS ANDapplications was sought in order to reduce the ROADMAP)transactional (number of operations) andadministrative cost of operating several distinct The ECLIPSE toolset currently includes theapplications. following modules (or space applications):As a result of the investigation Sapienza Consulting DCCM (Document Configuration and Changereviewed its software product development strategy Management)eventually resulting in the development of the RID (Review Item of Discrepancy) system forECLIPSE suite, that now promises to provide the the performance of formal space projectsEuropean Sector with a strong candidate for a de- reviews by distributed teamsfacto PA, QA and PM, ECSS-process-based AIM (Action Items Management)software toolset that would be affordable by SMEsas well as large organizations. Three further modules have currently been identified and are planned to be integrated in futureThis toolset can replace spreadsheets and low-end releases of the toolset:databases in performing and controlling criticalprocesses (with a need for full record and bi- NCTS (Non Conformance Tracking System)directional trace ability retention), while adding RISK management module (known assecurity and the “collaborative” and “real time” ARAMIS, currently in use by the ESA Galileoaspect to the space project management project)environment. VCS (Verification Control System) for the management and creation of requirementsFurthermore this toolset can function as a vertical compliance matricesintegration agent in the space project supply chain(integrating the Institution to the prime, all the way
EKD (Engineering Knowledge Database) a 5. SYSTEM VISION highly customisable database for managing engineering product data From an architectural point of view the ECLIPSE suite has been designed as a combination of ECLIPSE integrates the individual modules (i.e. multiple layers and modules stacked on top of a DCCM or AIM or any other) in a common document repository. The high level architecture Software Project Environment. can be divided into three different categories of system elements: This approach provides several benefits to the system users: • Applications: modules that implement the specific business process (Fig 3 grey boxes). • It allows a coherent navigation of all the • Services (Fig 3 yellow boxes): essential relevant project applications within the same functions supporting the applications. project environment • Utilities: libraries and tools (not shown in Fig • It automatically generates bi-directional and 3). auditable data records • It provides manageable workflows and enables logical links to be built (searched and displayed) between appropriate business objects. For example documents can be created and managed in DCCM, than exposed to the RID system for their review by disperse teams across the vertical supply chain. This is just one example of how the modules in ECLIPSE work together. Figure 3 – System Vision All information managed by ECLIPSE is stored within the Document Repository (file system or an external Software Content Repository) and the Metadata Repository (relational database for the document attributes and all other records in the system). The Core Services implement the essential functionality at the heart of the system (security, workflow engine, auditing). The User Repository (JAIL) is responsible for theFigure 1 –ECLIPSE Integration and interoperability management of all users and organisations concept involved in the ECLIPSE project/s. The “Space Applications”, namely DCCM, RID, AIM, (eventually NCTS etc.), implement the business processes and provide the users with the relevant functionality and data according to the predefined business rules and security schemes. 5.1 Key features The key features of the resulting architecture are: Figure 2 –ECLIPSE integrated environment User Interface • Layered modular structure combining and composing services that support transversally the various applications.
• Loosely coupled components whose reference documentation, includes interactions are governed by predefined management of change occurring to groupings interfaces. Being self-contained each of documents (such as baselines and data component can be tailored to meet custom packs). project requirements without affecting the • Document and Records Management: provide other modules and, most notably, impacting an intuitive and powerful user interface to the overall architecture. retrieve the information related to both• Flexible set-up which allows documents and records. enabling/disabling components and layers in • Creation, management and reporting of order to support “ad-hoc” system collections of documents, either defined by the configuration. users or by configurable tags (applicability).• Distributed deployment to enable hosting of the various modules on different servers and The Review Item Discrepancy (RID) application locations to assist scalability and best resource allows the creation and the management of formal utilisation. project reviews where collections of technical• Integration of available open source and documents are reviewed by nominated panels commercial tools (on need basis) to create during the difference phases of a space project. competitive advantage re-using existing implementations. Review Item Discrepancies are captured, tagged• Availability of APIs and Web Services for and distributed within the project teams or across supporting the interaction with external the supply chain, all the way from the customer to systems and third-parties. potentially the lowest tier of suppliers, according to• Reliance on innovative Java EE standards pre-defined levels of permissions. (version 5) and “state-of-the-art” open source technology (Hibernate, Spring, Struts2, The Action Items Manager (AIM) is the component Lucene, JasperReport). Adoption of open responsible for assigning actions, monitoring the standards such the Content Repository API progress of the actions, the responses of the (JSR-170), Java Portlet Specification (JSR- actionees and all relevant information. 168), RSS, XML, HTTPS, LDAP, WebDAV.• Focus on Web access, with the possibility in AIM offers a global view of all project actions the future to offer a desktop front-end when which might be originated by different people in offline capabilities and/or advanced data different contexts (or applications), and is intended manipulation are required. to formally manage Action Items Lists.5.2 Applications The NCTS (Non-Conformance Tracking System) is intended to support the different actors inThe applications are the modules that implement recording, reporting and reviewing dispositions forthe business processes and workflows. non-conforming items during the development of a Space project/mission.The Document Configuration and ChangeManagement system (DCCM) is a web application The main functions include the identification andwhose main functions are: notification of Non-conformances, tracking Internal and Customer Non-conformance Review Boards• Document Configuration Control: recording (NRB) Dispositions and the management of all and managing of all documentation (technical associated information (project specific attributes, and contractual) which applies to the NRB participants, attachments and tasks related to configuration of a software or hardware the Non-conformances). product/project.• Approval Workflow: initiation and NCTS is accessible from different participants management of document reviews. The (Customer, Prime, and Sub-contractors), and approval can either follow a simple sequential therefore security mechanisms are implemented to model (one reviewer after the other) or ensure that user access is dictated by both the distribute to multiple individuals in parallel. Product Tree of the project and the individual user The system records the creation, distribution privileges. and full history of the document evolution throughout the approval loop. Currently NCTS is not fully integrated in• Change Management: control of all changes to ECLIPSE; however this work is planned for 2011. documents, versioning, applicability; linkage to deviations and waivers, applicable and
5.3 Services The JAIL service module (Java Authentication Interface to LDAP) is responsible for theThe services are the elements that provide essential management of the user credentials stored on thefunctions to the applications and are re-usable LDAP Directory Service.building blocks on which any new Application canrely. It includes two main parts:The Project Administration Module (PAM) is a • API available to all applications which need tocentralised repository of the project configuration retrieve and manipulate the user informationdata, including the management of the user • Web application providing access to theprivileges across the entire suite. administrators of the system for maintaining the database of users.Its responsibilities include: JAIL is a cross-platform solution designed to work• Create and manage the projects with a variety of databases and LDAP repositories.• Maintain the Project Folder Tree: the folder break-down structure of the project The Metadata Builder (META) service module is• Configure the Product Tree: the hardware an engine which supports the creation and configuration associated with the project. management of user-defined dynamic metadata.• Define user roles and privileges The main function of META is to support thePAM offers a web-interface to the project system administrators (or users with a specificadministration functions within ECLIPSE. access role) in the definition and set-up of metadata related to the entities in the system, allowing eachThe iLayout service module is responsible for the project team to configure which attributes andmanagement of the ECLIPSE layout and information need to be captured.appearance, including the static resources such asCSS files, images, etc. META is extensively used in DCCM where each project customises the Document attributes asIts responsibilities include: needed. This introduce a very high degree of flexibility which is required to cover all different business cases, it even provides the means to• Build a sandbox (container) where the extend the semantic behaviour of the information ECLIPSE web applications can run managed by ECLIPSE.• Define application skins and themes (customised “look-and-feel” for each web The AUDE (service module) component provides a application) centralised repository for all ECLIPSE audit logs.• Manage the static resources Critical user actions (access and manipulation ofiLayout organises the management of all ECLIPSE records and documents) and application eventsgraphic resources allowing for defining a (notifications, document distributions) are loggedcustomer/organisation specific look-and-feel. to ensure the full trace-ability of “who has done what”. ECLIPSE administrators then have access toThe FLO (service module) is the workflow the (large) auditing repository and are able to runmanager which allows the applications to design, searches or reporting for documenting evidence ofmaintain and run business-specific process changes to the information.workflow. DCCM, for instance, leverages the FLOengine to run the review and approval ofdocuments during the creation and up-issuing 6. DEPLOYMENT OPTIONSstages. The deployment high level diagram belowThe component offers a possibility to add and illustrates the physical components, protocols andcustomise team/project specific workflows to any interactions involved in the runtime configurationof the ECLIPSE applications on an as needs basis. of the ECLIPSE product.FLO is implemented on top of the JBoss BPM(Business Process Modelling) engine, a popularopen source solution.
Application Server The “Single Server” configuration is suitable for HTTPS HTTP Server small and medium organisations wanting to host SSO ECLIPSE on a single server (either internally J2EE Container HTTPS Content FTP/ SMTP/ Network Drive located in the organisation Intranet or publicly Integrator Server Fax File Email available on the Internet). LDAP I/O SQL File System 6.2 Internal & External Server LDAP RDBMS In this scenario the deployment involves a “dual- Figure 4 – Deployment Diagram server” environment in order to serve the Intranet users as well as supporting external access. This solution is the most reliable in terms of security andThe system elements captured in the diagram are: performance. ECLIPSE is hosted on both the Internal and External servers, however sensitive• Users accessing securely ECLIPSE via https data (records and documents) is always behind the• An application server hosting the middle-tier organisation firewall (no data is stored on the (Java EE applications, HTTP Server, the external server). The security firewall is Single Sign-On component) responsible for governing the communication• The Content Integration Server (integration of between the two machines, typically allowing external documents submitted through in/out only a limited subset of protocols like, such different channels and protocols) as, SQLNet (database connectivity) or LDAP• The RDBMS (Relational Database) (repository protocol. of application and user data)• The file system (storage of application attachments, resources)• The LDAP Directory Service storage (user and company details)Designed to fit small, medium and largeorganisations ECLIPSE offers multiple deploymentoptions.6.1 Single ServerThe simplest deployment configuration is based ona single-server environment where a single instanceof ECLIPSE is deployed. RDBMS and Middle-Tier(application server) could either reside on the samehardware or on different physical machines. Theonly prerequisite of this type of deployment is togrant the Java applications (Middle-Tier) directaccess to the file system (creating/accessing filesand directories). Figure 6 – Dual Server Deployment Diagram The “Dual Server” configuration is oriented towards enterprises that can afford larger investments in terms of infrastructure and network set-up. This set-up, as well as implementing the strictest level of security for external access, offers the best configuration for performance and scalability purposes.Figure 5 – Single Server Deployment Diagram
7. TECHNICAL SPECIFICATIONS summaries the Java EE specifications currently used in ECLIPSE.ECLIPSE is designed to work on two types ofinfrastructure: Platform Feature Description Version JDK Java Development Kit 1.5.X• Oracle Infrastructure comprising the Oracle Servlet Specs Java Servlet API 2.4 10g/11g RDBMS and 10g R2 Application JSP Specs Java Server Pages 2.0 JDBC Java Database Connectivity 3.0 Server. JAX-RS Java RESTful Web Services 1.2• Open Source Infrastructure comprising the JTA Java Transaction API 1.1 PostgreSQL RDBMS and the JBoss JavaMail Java Mail API 1.4 Application Server. Table 1 – Java EE specifications currently in use inThe two software stacks are presented in Figure 7: ECLIPSEon the left the Oracle-based stack which relies onthe market-leading database and application server, 8. SECURITYwhile on the right the Open Source infrastructureleveraging on enterprise-level solutions. Security is a critical aspect of any Information System dealing with confidential information,In both scenarios ECLIPSE adopts a mix of Open especially in an environment where the nature ofSource frameworks and libraries which form the many documents is classified and users might workfoundation for implementation of the user and for organisations in direct competition.business requirements. Additionally the violation of Intellectual Property (IP) and misuse of sensitive data represent one of Oracle Open Source the worst threats for entire organisations. Application Hibernate, Struts, Hibernate, Struts, Software SpringFramework, JBPM SpringFramework, JBPM Middle-Tier PostgreSQL 8.2 ECLIPSE adheres to well-established security Oracle AS 10.1.5 standards available in the IT field, tackling the RDBMS Oracle 10gR2 / Oracle 11g JBoss AS 4.2.x security requirements on two different levels. Operating System Solaris CentOS First, security is enforced in the network and server layers (operating system, database, middle tier)Figure 7 – Infrastructure software stacks for with the definition of security policies, deployment ECLIPSE of firewalls and implementation of available standards such as SSL.7.1 Java Specifications At the same time fundamental security-related bestJava Platform Enterprise Edition (Java EE) is the practises are applied in the design, coding andindustry standard for designing and developing testing of the ECLIPSE applications.enterprise-class solutions coded in the Javaprogramming language. 8.1 User AuthenticationBased on the solid ground provided by the Java User authentication is the process of establishingPlatform Standard Edition (Java SE), Java EE the identity of the user/system accessing thesupplies additional libraries and services that product.support the scalability, security, integrity, and othernon-functional requirements essential for enterprise Each request served by the ECLIPSE suite isapplications. authenticated via JOSSO. Java Open Single Sign- On (JOSSO) is a Single Sign-On solution for webJava EE offers a robust and high performance applications. It is an open source J2EE basedplatform which has proved effective for the design, software for user authentication and authorization.development, maintenance and evolution of the The software is released under the GNU LesserECLIPSE suite. In particular, Java EE services General Public License (LGPL).offer simplified access to critical aspects such asconnectivity, transactions, security, etc. ultimately The framework allows multiple webmaking development faster as well as improving servers/applications to authenticate users accessingsignificantly the quality delivered.The table below the protected pages against their credentials stored
on the Lightweight Directory Access Protocol(LDAP) repository.JOSSO exposes Single Sign On services usingSOAP over the HTTP protocol, allowing it toeasily integrate also with non-Java applications.8.2 ECLIPSE AuthorizationUser authorization is the function of defining whichresources and information the user, onceauthenticated, is entitled to access. 10. EARLY ADOPTER OF ECLIPSEAuthorization in ECLIPSE is implemented in two OHB Systems AG (the prime contractor for thestages: verification of access to the web application GALILEO FOC projects) is the first commercialand validation of the user privileges when customer of the ECLIPSE toolset with hundreds ofperforming a specific action in ECLIPSE. users across the various Applications. OHB- Systems AG agreed to participate with Sapienza,Upon access to the web application (URL check) ESA and other stakeholders in a Configurationthe user authorization is handled by JOSSO Management Office for the ECLIPSE toolset totogether with the LDAP repository. ensure its consistent space sector focused evolutionJOSSO ensures that the authenticated user has been 11. CONCLUSIONSgiven application access by querying the LDAPserver: this takes place transparently to the The ECLIPSE toolset is unique in its nature, as itapplication itself since security, in this case, is addresses many needs of the space sector towardscontrolled by the Middle-Tier. harmonization, standardization and operability of systems, processes and tools in an affordable wayThe next filter is applied by the application serving for all the sector actors, from Prime Satellites tothe functionality. Each user in ECLIPSE is always sub-systems providers. It is recognized that manyassociated with the “User Wallet”, a registry of all major space sector players have developed in–permissions granted to the user across the entire house highly sophisticated systems that addresssystem. some (but not all) of the functionalities and business processes covered by ECLIPSE.It is the responsibility of each application, using the“User Wallet”, to establish whether a function, However as more and more collaboration andscreen or a given piece of information is accessible exchange of information or data is required for theto the user or not. successful delivery of a space project there is a need for the sector to agree upon and using a8.3 Password Management common toolset for those core Space PA, QA and PM processes that will increase the performance of those activities while lowering their costs.In addition to the enhanced account controls,ECLIPSE user passwords, on the LDAP server, areencrypted using advanced encryption algorithms. By providing a tool specifically designed for space and whose evolution will be driven by a Configuration Management Board with key9. ECSS COMPLIANCE ROADMAP stakeholders from the space industry, Sapienza can assure its sustainability is in line with the needs ofECLIPSE is built to support organizations the industry as a whole.operating in the space sector to naturally adhere toECSS Standards while offering the benefit ofcollaboration and information sharing. The tablebelow provides a summary of the current status ofexisting planned modules adherence to thepertinent ECSS standards.