The document outlines a knowledge transfer presentation focusing on the new PR.gov infrastructure for the good standing certificate service. It covers various topics including modern digital service development, microservices architecture, application programming interfaces (APIs), load balancing using HAProxy, and high-availability measures with Keepalived. Participants are expected to engage in weekly presentations and Q&A sessions designed to familiarize them with the technologies and design principles underlying the system's architecture.

1. Certificate of Good Standing
Knowledge Transfer
Presentation
New PR.gov Infrastructure
Good Standing Certificate Service
By Andrés Colón Pérez

2. About me
• Architect for the Good Standing Certificate
System
• Office of Management and Budget Employee
previously assigned to the Chief Information
Officer Office
• Worked with a multi-agency team to identify the
problems and solutions
• Designed and developed the PR.gov
infrastructure, networks, applications and
deployment automation

3. About this Presentation
• An attempt to familiarize government
personnel with:
– building modern digital services
– using free open source software to reduce
licensing costs
– designing networks, building and deploying
applications
– designing scalable government systems

4. What you’ll learn over the weeks:
• Project Overview (in spanish)
• Overview of concepts and technologies used in design, app
development, and infrastructure, including:
– HaProxy
– Keepalived
– Bind9
– Redis
– Ruby
– Resque
– Padrino, Grape, Puma, EventMachine and other gems
– HTML5 and Twitter’s Bootstrap
– Git
– Ansible
– PhoneGap

5. Week 1
Knowledge Transfer
New PR.gov Infrastructure
Good Standing Certificate Service

6. What’s the Plan?
• Overview of Knowledge Transfer Plan
• Knowledge Transfer Talk Topics: Week 1

7. Before we get started:
• Topics serve as an introduction
• Feel free to ask questions
• You’re expected to read up more on your own
• Five minute breaks

8. KNOWLEDGE TRANSFER PLAN

9. Knowledge Transfer Plan
• Weekly Presentations
– Save your calendar: Fridays 2:30pm
– June to September
– Starts June 19, end September 11 2015
• Weekly Q&A, Thursdays 9:30am – 10:30am
• Multiple Topics

10. Week 1 Topics
• Overview of concepts and technologies in:
– Development
– PR.gov Infrastructure / Network Design

11. Development Topics
• Software Architecture Style (Micro-Services)
• Application Programming Interfaces
• Redundancy and Scalability
• Asynchronous vs Synchronous Services
• Open Data (data.pr.gov)
• Version Control
• Open Source (Github / Application Stack)
• Software Development Method (DevOps)

13. MICRO SERVICES

14. Monolithic Applications

15. Monolithic Applications

16. Monolithic Applications (1990s)
• Tight coupling
• Everyone must agree on changes
• Each change has unanticipated effects
requiring careful testing beforehand
• Harder to Scale

17. Micro Services (2010s)
• Software Architectural Style
• Complex Applications composed of small
proccesses
• Loose Coupling
• Easier to Scale

18. Micro Services

19. APPLICATION PROGRAMMING
INTERFACES

20. API’s for Short
• Set of Protocol, Routines & tools for building
software applications
• Goal: interoperability
• A Web Service is a type of API
• Most popular Web Services:
– Simple Object Access Protocol (SOAP)
– Representational State Transfer (REST)
• SOAP often referred to as WebService
• REST often referred to as REST API

25. REST APIs
• Versioning is important
– /v1/apiname/resource
– /v2/apiname/resource
• Must properly implement HTTP error codes
• Commonly return JSON, YML.

26. REDUNDANCY AND SCALABILITY

34. Handling Load

35. ASYNCHRONOUS VS
SYNCHRONOUS SERVICES

36. Synchronous

37. Asynchronous

41. Open Data

42. Open Source

43. Version Control
• System that records changes to files and set of
files
• You can easily recall specific versions
• Great for collaboration:
– Branch
– Merge
– Revisions
• Popular version control: GIT, Mercurial
• GITHUB != GIT

44. DevOps

45. DevOps

46. DevOps
• Short for Development and Operations
• As Systems Scale, automation is critical
• Do more with less
• Consistent and easily deploy servers, manage
networks and applications

47. Ansible

48. Ansible
• Server Automation for Humans
• Based on SSH
• YAML Configuration Files
• Doesn’t require dedicated server
• Uses Playbooks

49. PR.gov Infrastructure Topics
• Security Philosophy
• Networks Segmentation
• Virtual Router Redundancy Protocol
• Documentation

50. SECURITY

51. Networks in the new Infrastructure
• Why Segmented Networks?
• Servicios PR.gov Networks

52. Why Segment Networks?
• Splitting networks into subnetworks
• Boosting Performance
• Improving Security

53. VIRTUAL ROUTER REDUDANCY
PROTOCOL
High-availability

56. PR.gov Networks
• Public Load-Balancing Network
– Redirect Public Traffic
• Front-End Network
– Process Public Traffic
• Private Network
– Inter-agency and intra-services network
• Back-end Network
– Private data storage

58. Next week
• VRRP in Linux
• Haproxy Load balancer
• SSH Authentication

59. Week 2
Knowledge Transfer
New PR.gov Infrastructure
Good Standing Certificate Service

60. What’s the Plan?
• Last week Q&A
• Overview of Knowledge Transfer Plan Week 2
• Knowledge Transfer Talk Topics: Week 2

61. Last week we saw:
• CAP Project Overview
• Overview of concepts in:
– Development
– PR.gov Infrastructure / Network Design

62. Last Week: Development Topics Q&A
• Software Architecture Style (Micro-Services)
• Application Programming Interfaces
• Redundancy and Scalability
• Asynchronous vs Synchronous Services
• Open Data (data.pr.gov)
• Version Control
• Open Source (Github / Application Stack)
• Software Development Method (DevOps)

63. PR.gov Infrastructure Topics Q&A
• Security Philosophy
• Networks Segments
• Virtual Router Redundancy Protocol
• Documentation

64. Overview of technologies in
Operations:
Infrastructure Services:
• Keepalived (implementación de VRRP en Linux)
• HaProxy (Load-Balancing en Linux)
– Introduction
– HTTP Load-Balancing
– TCP Load-Balancing
– Health Checks
• TLS
• Key Authentication

65. KEEPALIVED

66. KEEPALIVED

67. KEEPALIVED

68. KEEPALIVED

69. Keepalived:
• Definitions
• About
• Installation
• Configuration
• Logging

70. High-availability
“A system that is continuously
operational for a desirably long
length of time”

71. High-availability Goal:

72. High-availability in Servers:

73. Keepalived
• Free Open Source Software
• Zero licensing costs
• Written in pure C
• Used for High-availability
• Implements VRRP
• I/O Multiplexer provides realtime networking
• Robust and Stable

74. Keepalived & VRRP
• VRRP is IETF protocol
• Allows two or more routers to act as a virtual
router
• Routers present a Virtual IP Address (VIP) that
corresponds to a Virtual Mac Address (VMAC)
• Each router has a real hardware and IP
address

75. Keepalived & VRRP
• Linux does not support Virtual MACs.
• Keepalived only implements VIPs, works fine
on all modern networks
• Requires a network that allows gratitious
Advanced Resolution Protocol (ARP) requests
– An advanced notification
– Updates cache ARP cache before other systems
ask for them

76. Keepalived & VRRP
• Backup Server(s) monitor continuously
– Listens for multicast advertisements
– Expects them from the current master server
• If master disappears
– An election process ocurrs
– The highest priority backup wins
– Winning backup announces gratitious ARP for that
VMAC, and takes over
– Happens almost instantly

77. Keepalived

78. Keepalived: Software Design

79. • IP Virtual Server: provides transport-layer load
balancing inside the Linux kernel
• Layer-4 switching (OSI)
• Allows things Linux Virtual Servers (LVS)
– Cluster of servers
– Appears as single server to user
– Layer 4 balancing
• Note: we dont use LVS
Keepalived & IPVS

80. OSI Layers

81. Keepalived Linux Process

82. Keepalive(d) your Load-Balancers

83. Keepalived is simple in Linux
• Install:
– apt-get install keepalived
• Configure:
– vim /etc/keepalived/keepalived.conf
• Start Keepalived:
– service keepalived start
• Stop Keepalived:
– service keepalived stop

84. Keepalived Logs
• Read the logs:
– tail /var/log/syslog
• How it looks:

85. Keepalived Configuration
Location:
/etc/keepalived/keepalived.conf

86. global_defs {
}
vrrp_script chk_service { # Requires keepalived-1.1.13
script "killall -0 keepalived" # cheaper than pidof
interval 2 # check every 2 seconds
weight 2 # add 2 points of priority if OK
}
vrrp_instance VI_1 {
state master
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type <PASS-TYPE>
auth_pass <PASSWORD>
}
virtual_ipaddress {
192.168.108.10 dev eth0 label eth0:0
}
track_script {
chk_service
}
}

88. HAPROXY

89. HAProxy: What is it?
• Realible, High Performance Load Balancer
• Can Load-balance both TCP and HTTP
• Can handle massive amounts of traffic
• Can queue up requests for a server
• Can be configured to send specific amounts of
traffic to an application:
– Configure to never sends more than you can
handle
– Helpful for heavy apps

90. HAProxy: Who uses it?
• Who uses it? Internet Giants:
– Twitter
– Instagram
– Reddit
– Tumblr
– Airbnb
– Farmville
– Imgur
– Github
– TaoBao: Largest Picture Content Distribution Network in
the World
– <insert censored site> uses it

91. HAProxy:
• How do we use it?
– HTTP Load-Balancing
– TCP Load-Balancing
– Health Checks
– Statistics

92. YOU TOO CAN SCALE APPS

93. HAProxy is a breeze to setup:
• Install:
– add-apt-repository ppa:vbernat/haproxy-1.5
– apt-get install haproxy
• Configure:
– vim /etc/haproxy/haproxy.cfg

94. HAProxy, simple administration:
• Start:
– service haproxy start
• Stop:
– service haproxy stop
• Restart:
– service haproxy restart

95. HAProxy is simple & powerful:

97. HAProxy s Keepalived

99. HAProxy is simple & powerful:

100. TLS

101. Transport Layer Security
• TLS is a protocol that ensures privacy between
communicating applications and their users
• When a server and client communicate, TLS
aims to ensure that no third party may
eavesdrop or tamper with any message.
• TLS is the successor to the Secure Sockets
Layer (SSL).

102. Transport Layer Security
• SSLv1, SSLv2, SSLv3 and TLSv1 are all
vulnerable
• Weakest protocol supported by the system is
used for attacks
– POODLE
– HEARTBLEED

103. Transport Layer Security
• Check your servers for insecure cyphers and
protocols:
– https://www.ssllabs.com
• Man in the middle attacks can decrypt HTTPS
data

104. Transport Layer Security

105. SSL Termination

106. SSL Termination (HAProxy)

107. SSL Termination

108. KEY AUTHENTICATION (SSH)

109. Secure Shell
• SSH is a cryptographic (encrypted) network
protocol
• Used for initiating text-based shell sessions
• Used for administering remote machines in a
secure way
– Network Switches
– Servers
• Can authenticate using:
– Username / Password (less secure)
– SSH Keys (more secure)

110. Secure Shell
• /home/acolon/.ssh/
– Same as: ~/.ssh/
• Contains:
– Cryptographic keys
– Authorized Keys and machines

111. SSH Hidden Folder
• cd
• mkdir ~/.ssh
• chmod 700
• cd ~/.ssh/
• ssh-keygen -t rsa

112. SSH: Generate your Keys

113. SSH: Generate your Keys
• Default is 2048 bit key
• Use: ssh-keygen -t rsa -b 4096

114. SSH: Transfer your Keys
• One way:
– ssh-copy-id <username>@<host>
– Example: ssh-copy-id acolon@192.168.1.1
• Or:
– Copy your public key to the server
– cp authorized_keys authorized_keys_Backup
– cat id_rsa.pub >> authorized_keys

115. Secure Shell

116. Secure Shell

117. Why SSH Authentication?
• Far more Secure
• Difficult to crack
• Less prone to Brute Force attacks
• Multiple users can authenticate

118. Week 3
Knowledge Transfer
New PR.gov Infrastructure
Good Standing Certificate Service

119. What’s the Plan?
• Last week Q&A
• Overview of Knowledge Transfer Plan Week 3
• Knowledge Transfer Talk Topics: Week 3

120. Q&A - Last week we saw:
Infrastructure Services:
• Keepalived (high-availability with VRRP in Linux)
• HaProxy (Load-Balancing in Linux)
– Introduction
– HTTP Load-Balancing
– TCP Load-Balancing
– Health Checks
• Transport Layer Security (TLS) & SSL vulnerabilities
• Passwordless Authentication – SSH Key Authentication

121. Overview of technologies in
Operations:
Infrastructure Services:
• Advanced Key Value Store: Redis
• PostFix
• Bind9

122. Databases
• There isn’t a “one-size fits all”
• Choosing the right tech, hinges on use case
• If your data doesn’t change and has moderate
manageable growth: SQL not dead for you
• High throughput and growth, efficient scaling,
rapid data change: NoSQL

123. RDBMS
• Scalability:
– Scability is vertical
– More data usually means bigger servers
– Scaling across multiple servers is possible but time-
consuming
• Fixed Schema
– Must be decided and locked before data entry
• ACID compliance
• Stored in Relational Model
– Rows: contain all information about specific entity
– Columns: contain all the seperate data points about entity.

124. Choose the Right Tool for the Job

125. Polyglot Persistence
“Use the right tool for what you’re trying to
accomplish”
CAP:
Our project uses both SQL and NoSQL
– PR.gov successfully implements NoSQL (Redis)
– RCI uses both SQL and NoSQL (MSSQL, MongoDB)

127. What is NoSQL?
• An alternate way of thinking about databases
• NoSQL = “Not Only SQL”
• Not a Relational Database
• Data not modeled in terms of tabular relations
• Some NoSQL databases are ACID compliant,
but some sacrifice compliancy for
performance and scalability

128. How many types of NoSQL?
There are plenty of NoSQL flavours:
• Key-Value Stores
• Document databases
• Graph Databases
• Wide Column Databases

129. NoSQL Adoption
• Size Matters:
– When working with large datasets, consistently scaling
is easier to achieve with many NoSQL family
• Speed:
– NoSQL is usually faster and sometimes extremely
speedier in writes
– Reads can also be very fast depending on the NoSQL
DB used and data being queried
• NoSQL has seen rapid adoption in web-
technologies

130. Why NoSQL?

131. Data in NoSQL
• Key-Value Stores
– Associative Array of key-value Pairs
• Document databases
– Stored as collection of document, structure can vary
• Graph Databases
– Data is stored in nodes, properties and lines
• Wide Column Databases
– Data is stored in column families, rows can have
different columns

133. Popular NoSQL Examples
• Key-Value Stores
– Redis
• Document databases
– MongoDB
• Graph Databases
– Neo4J
• Wide Column Databases
– Cassandra & Hbase

134. Examples of NoSQL

135. NoSQL Adoption

136. IN-MEMORY DATABASE
URL: Redis.io (Remote Dictionary Server)

137. Introduction to Redis
• Most important feature: high-performance
• Advanced Key-Value Store
• Often referred to as a Data Structure Server
• Open Source (BSD license)
• Built-in replication
• Multiple Persistence Options
• Read and Write speeds obsessively
documented

138. Redis: high-performance
• In-memory database
• Small code-base (20k lines in C)
• Connection via TCP or Unix Socket
• No nested data structures
• Persistence via Snapshotting and/or Journaling
• Master/Slave chain database replication
• Sentinel Server Monitoring – real clustering now
in beta

139. Redis: Uses Cases
• Caching
• Statistics collection (downloads, hits, time
benchmarks)
• Log buffers
• Tasks Queues
• Share state between processes
• Inter-proccess communication in a distributed
network
• Built-in Publish Subscribe

140. Who uses it?
• Twitter
• Instagram
• Pinterest
• Snapchat
• StackOverflow
• Airbnb
• Tumblr
• Flickr
• Craiglist
• Hulu
• Imgur

141. Redis: Why we love it!
• Automatic Key Expiration
• Great for both caching and storage
• Scales for millions of requests
• Used for fast, self-expiring sessions on Web App
• Used for fast, self-expiring transactions on GMQ
• Powerful Libraries available for EventMachine
(Reactor Pattern) used by our GMQ API for Redis
• Redis used by Github’s Resque for asynchronous
workers

142. Cap Redis
• Used primarily as:
– Web Session Storage
– Transaction Storage
– Workers Coordination
– Statistics

143. Redis: Data Structure
• Often referred to as a Data Structure Server
– Can contain Strings
– Hashes
– Lists
– Sets
– Sorted sets
– Bitmaps

144. Redis: Data Types

145. Redis: Master the Data Types
• Redis can be used as Key Value storage
• But to get the most out of it, think of it as a tool set
• When designing for efficiency, think how to best model
your data using the myriad of available data types
• Think of how you want to store your data, including the
key

146. Redis: Installation
Quick install:
Detailed configuration:
http://redis.io/topics/quickstart

147. Redis: Starting and Shutting down
Start your server:
Shutdown your server:

148. Redis: Connect to Redis
• redis-cli allows you to connect to a redis
server
• It accepts arguments as commands, such as:

149. Redis: Connect to Redis

150. Redis: Connect to Redis

151. Redis: Testing Redis

152. Redis: Testing Redis

153. Redis: Hashes in Redis

154. Think of hashes as:
• “users:1” => { :name => “andres”, :rank => 1 }

155. Redis: Testing Redis

156. Redis: Connect Ruby to Redis

157. Redis: Connect Ruby to Redis

159. Redis: Pub/Sub

160. Redis: Pub/Sub

161. Redis: Persistence
• In-memory
– No storage on disks. Useful for caches
• RDB
– Favors performance over persistence
– Very compact single-file representation
– Perfect for Backups (backup daily, keep snapshots for months)
– Very good for disaster recovery (compact, easily transferable)
– RDB maximizes performance since all the parent process needs to do in order to persist is
forking a child that will do all the rest. The parent instance will never perform disk I/O or alike.
– Can save every X seconds or if more than Y number of transactions have been changed
• AOF
– Favors persistence over performance
– Much more durable than RDB
– An append-only log, there are no seeks nor corruption problems if power failure
– If log ends with half-written command (disk-failure, etc), redis-check-aof tool fixes it easily
– Much bigger than RDB
– More aggressive storage, as it favors persistence

162. Redis: Replication

163. EMAIL SERVER
Mail relay

164. Email
• One of the most popular internet services to
date
• Facilitates communication
• MTA – mail transfer agents, move mail from
one mail system to another
• MDA – mail delivery agents, move mail from
one system to the user’s mailbox

165. Postfix
• Free open source mail transfer agent (MTA)
• Handles routing and delivery of email
• Solid Email Server for Linux
• The default MTA for a number linux
distributions including Ubuntu
• Very useful for SMTP Relay
• Quick setup, very reliable

166. Postfix Queues
• Incoming Queue:
– Receives mail from other hosts
– As long as emails are arriving and it hasn’t been
processed, it is kept in this queue
• Active queue:
– The queue that actually deliver messages
– It has a limited size and messages are accepted if
there is space for them. Other queues must wait
for the active queue to be ready to accept items.

167. Postfix Queues
• Deferred queue:
– Email that cannot be delivered
– Prevents the system from continously trying to deliver
email
– Keeps the active queue short, by storing failed emails,
and thus newer messages get priority
– Enhances stability
– If MTA cannot reach a domain, emails are stored here
– Retry is scheduled with an increasing waiting time.
– After wait, the item is put on the active queue.

168. CAP and email relays

169. Postfix: how we use it
• GMQ provides a REST interface for mailing
• GMQ workers queue jobs in relay server
• Postfix mail server is not exposed to the
internet
• Traffic is only outbound, not inbound

170. Postfix: Installation
• sudo apt-get install postfix
• Select “Internet Site”
• Enter name of your domain
• Additional configuration:
– Edit: /etc/postfix/main.cf
• Sender Policy Framework (SPF) record is
important for the domain you wish to relay

171. Postfix: Installation
• Postfix start – starts the server
• Postfix stop – stop the server
• Postfix reload – reloads configuration without
downtime

172. Postfix: Important commands:
• check queue size:
– mailq
• Check current queue:
– postqueue –q
• Flush the queue (force resend):
– postqueue –f
• Show number of emails being sent to each domain:
– qshape active
• Same as above but for deferred queue
– qshape deferred

173. BIND9
DNS

174. DNS
• Allows not to hard-code IPs in our network
• Possible to associate multiple names to the
same machine to update the different
available services
• Makes our infrastructure more resilient to
future changes

175. Bind9
• Free Open Source DNS Server
• Massively popular in the linux community
• Resilient and easy to install and configure
• Allows for master and slaves DNS
• Allows for zone transfers

176. Commands
• Install:
– sudo apt-get install bind9
• Start:
– /etc/init.d/bind9 start
• Restart:
– /etc/init.d/bind9 restart
• Stop
– /etc/init.d/bind9 stop

177. Configure
• Files:
– /etc/bind/
• Local configuration:
– /etc/bind/named.conf.local

178. Configure
• Files:
– /etc/bind/
• Local configuration:
– /etc/bind/named.conf.local

179. Configure
• Zones:
– /etc/bind/zones/

180. Configure
• Zones:
– /etc/bind/zones/

181. Next week (4) – Save the Date!
Basic Core Application Technologies:
• Ruby Programming Language
• Gems
• Environment variables (DotEnv)
• Rake
• Bundler
• Internationalization (i18n)

182. Week 4
Knowledge Transfer
New PR.gov Infrastructure
Good Standing Certificate Service

183. What’s the Plan?
• Last week Q&A
• Overview of Knowledge Transfer Plan Week 4
• Knowledge Transfer Talk Topics: Week

184. Q&A - Last week we saw:
Infrastructure Services:
• Advanced Key Value Store: Redis
• PostFix
• Bind9

185. Basic Core Application Technologies:
Infrastructure Services:
• Ruby
• Gems
• DotEnv
• Rake
• Bundler
• Internationalization (i18n)

187. RUBY

188. Topics
• Some thoughts on Programming Languages
• Ruby History
• Who uses Ruby
• Ruby Basics
• Learn Ruby by Example

189. The Principles of Languages
• Thinking is Important for Programmers, we
can only code what we can think
• But how do we think?
– In words of specific languages
– We grasp the world by language and express
ourselves with them
– Languages are not only tools to communicate but
also tools to Think

190. Programmer’s Thoughts
• Natural languages are:
– too ambiguos,
– too verbose
– too indirect
• In code, written down thoughts become
programs

191. Ever been frustrated with
Programming?

193. Not all languages are created equal

194. Everyone can become frustrated with
a specific Language. Try a new one.

196. About Ruby
Ruby is a dynamic, object-oriented,
general-purpose programming
language.

197. About Ruby
Ruby is a:
• dynamic,
• object-oriented,
• general-purpose programming
language

198. Dynamic Languages
High-level programming languages which
at runtime, execute many common
programming behaviors that static
programming languages perform during
compilation.

199. Object Oriented Programming (OOP)
A programming paradigm based on the
concept of "objects”, which are data
structures that contain data, in the form of
fields, often known as attributes; and code,
in the form of procedures, often known as
methods.

200. General Purpose Language
In computer software a general-purpose
programming language is a programming
language designed to be used for writing
software in a wide variety of application
domains.

201. About Ruby: History
• Relatively young, 1995
• From Japan
• Designed to be Natural
• Grew hugely in popularity with the Rails
Framework (Ruby on Rails)

202. About Ruby
• Free:
– Developed as open source with a very open
license
– Freedom to learn from the source
– Freedom to extend and modify

203. About Ruby
• Ruby is strong in scripting as Perl
– Built in regular expressions
– Almost all equivalent functionality
• Can access all system calls on the Operating
System via a standard library
– Ruby/DL (Dynamic Loading)
– Explicit libraries: syscall, Win32API
• Useful for scripting, but not limited to it

204. About Ruby
• Ruby’s OOP Features:
– Object
• Everything is an object
– Class
• Every class is an object
– Methods
• Every procedure is a method;

205. OK! LET’S COMPARE
“Hello World!”

206. Hello World: LotusScript
%INCLUDE "symphonylsx.lss"
Dim application As SymphonyApplication
Dim documents As SymphonyDocuments
Dim document As SymphonyDocument
Dim range As SymphonyTextRange
Set application = New SymphonyApplication
Set documents = application.Documents
Set document = documents.AddDocument("",True,True)
Set range = document.content.End
Call range.InsertBefore("Hello World")

207. Hello World: C#

208. Hello World: Objective-C

209. Hello World: Visual Basic

210. Hello World: Java

211. In Ruby
puts “Hello, World!”

213. Ruby is focused on
programmer productivity
over machine optimization

216. Ruby Uses
• Simulations
• 3D Modeling
• Business
• Robotics
• Networking
• Game Development
• System Administration
• Web Applications
• Security

217. Who is Using it?
• NASA (Langely Research Center)
• Google (Sketchup)
• Lucent (3G wireless telephony product)
• Level 3 Communications (central data collection
for over 1,700 global servers)
• 37Signals (Basecamp)
• Twitter
• AT&T (YellowPages.com)
• StateFarm (R&D Center)

218. Ruby Features
• Cross Platform
• Object Oriented
• Powerful string operations
• Variables are not typed
• Regular Expressions

219. Ruby Features
• Class Inheritance
• Garbage Collection
• Threads
• Iterators and Closures
• Exception Handling
• Operator Overloading
• Introspection, Reflection, Meta Programming

220. Basics: Variables
key = value

221. Basics: Variables
agua = 0
> 0
presupuesto = 0
> 0

222. Basics: Types of Variables
Capitalized variable names
are known as constants.
Cannot be chaned:
CONSTANT = “light speed”

223. Basics: Types of Variables
• Constant variables
• Local variables
• Global variables
• Class variables
• Instance variables

224. Basics: Constant Variables
Capitalized variable names
are known as constants, and
their value should only be
assigned once.

225. Example: Constant Variables

226. Basics: Types of Variables
• Constant variables
– Cannot be changed.
• Local variables
– Local to a specific scope. Such as a method.
• Global variables
– Accessible through the entire progarm
• Class variables
– Accessible to the class.
• Instance variables
– Specific to each instance of a class

227. Basics: Comment Code
# this is a comment
key = value

228. Basic Comparison Operators
key == key2 # (equal)
key != key2 # (not equal)
key > key2 # (bigger than)
Key < key2 # (smaller than)
key >= key2 #(bigger or equal)
key <= key2 # (less or equal)

229. Basic Comparison Operators

230. Other Comparison Operators

231. Example: Comparison Operation
prespuesto == agua
> true

232. Basic: Assignment Operations

233. Basic: Assignment Operations

234. Examples: You can store the output
agua + 1
> 1
agua
> 0
agua = agua + 1
> 1
agua
> 1
agua += 1
> 2

235. Basics: Logical Operators

236. Basics: Logical Operators

237. Basics: Conditionals
if(condition)
…
end

238. Basics: Conditionals
if(condition and !condition2)
…
end

239. Basics: Conditionals
if(condition)
…
else
…
end

240. Basics: Conditionals
if(condition)
…
else
…
end

241. Basics: Conditionals
if(condition)
…
elsif (condition2 == value)
…
else
…
end

242. Example: Conditionals

243. Basics: Methods
def method_name
…
end

244. Example: Methods
def say_hi
puts “Hi”
end
say_hi
> “Hi”

245. Basics: Methods and arguments
def method_name(argument)
…
end

246. Basics: Methods and arguments
def method_name(argument)
…
end

247. Example: Methods and arguments

248. Example: Methods and arguments

249. Basic: Call methods from Methods

250. Example: Putting it all together

251. Example: Parenthesis are optional

252. Classes

253. Instantiating a Class

254. Adding instance variable for Class

255. Adding instance variable for Class

256. Adding methods to our Class

257. Adding methods to our Class

258. Hands-on Experience
• Now we’re going to have a hands-on
experience with Ruby
• Let’s see some examples
• Let’s modify them real-time based on Q&A
• Let’s catch up on some basic Git

259. Learn Ruby by Example - Follow me to github:
https://github.com/mindware/cap_ruby_training.git

260. Let’s Learn by Example
• Loops
– Basics
– Hashes
– Arrays
• Classes
– Instances
– Methods
– Getters and Setters
– Inheritance
– Namespaces

261. Let’s Learn by Example
• Gems
• DotEnv and Environment Variables
• Rake
• Bundler
• Internationalization

262. …Done! What we did:
• We practiced Git for version control
• We learned some ruby basics
• We saw some cool ruby examples
• Now let’s learn about Ruby Gems

263. Hashes

264. GEMS

265. GEMS LABS DEMO

267. DOTENV

268. Installating dotenv
system-wide
gem install dotenv

269. Bundling dotenv
Simply add to your Gemfile:
gem ‘dotenv’
bundle install

270. Create your Secret file
File name: .env
Content:
DB_PASSWORD=my secret
DB_USER=my user

271. Accesing the value
require ‘dotenv’
Dotenv.load
puts ENV[“DB_PASSWORD”]
# outputs: ‘my secret’

272. DOTENV EXAMPLE
Time for a Demo

274. Rack is the foundation for all modern Ruby Web
Frameworks

275. Rack provides a common interface between
server and Applications.

276. By wrapping HTTP requests and responses in the
simplest way possible, it unifies and distills the
API for web servers, web frameworks, and
software in between (the so-called middleware)
into a single method call.

277. Rack allows you to write once and run
everywhere:
• Puma
• Goliath
• Thin
• Webrick

279. Built for:
• Speed
• Parallelism
• Runs Rack Apps only

280. Global Installation:
gem install puma

281. Bundler installation
gem ‘puma’
Then:
bundle install
Run the server:
bundle exec puma

282. Puma powers CAP Web Applications

283. Command:
puma -t 0:8 -w 4 -p 3000 -e production --
preload config.ru

285. Detailed Demo
• Let’s see some demos and practice:
– EventMachine
– Goliath
– Grape
– Sinatra
– Padrino
– Redis-Rb
– Hi-Redis
– EM::Synchrony
• Q&A

286. Detailed Demo
• Let’s see some demos and practice:
– EventMachine
– Goliath
– Grape
– Sinatra
– Padrino
– Redis-Rb
– Hi-Redis
– EM::Synchrony
• Q&A

287. Now let’s see how we used these:
• Let’s review our Github Source Code for:
– CAP Web App
– GMQ CAP API
– GMQ Workers
• Head over to:
– https://github.com/commonwealth-of-puerto-rico
• Q&A

288. Topics
• CAP Project Overview
• Q&A

289. Project Overview
• What was wrong
• What we did to fix it
• What we achieved
• Moving forward

290. PR.gov Infrastructure Topics
• Security Philosophy
• Networks Segments
• Virtual Router Redundancy Protocol
• Documentation

291. PROJECT OVERVIEW
(in Spanish)

292. Certificado de
Antecedentes
Penales y
Nuevo App de
PRGOV

294. En 36 dias:
64,366 solicitudes recibidas
98%
2%
PR.gov
Completadas Pendientes

295. En Menos de 36 dias:

296. En Menos de 30 dias:

297. LOS RETOS

298. • En la prensa se publicaron algunos de los
problemas, pero no todos. Tip of the
Iceberg.
• El certificado anterior incorporaba
información que no habia sido validada
con otras agencias.
• Muchos patronos utilizaban información
en el certificado que la Policia no habia
validado correctamente.

299. En el antiguo sistema: si se entraba un seguro social
inventado, con la información (falsa) de Homero Simpson,
la Policia le emitia un certificado sin validar la identidad.

301. En las profundidades….
• Habia personas cometiendo
fraude con estos certificados;
• Sistema se apagaba 8 horas para
hacer backup;
• Solicitudes no se reintentaban si
ocurrían un fallos básicos en el

302. • En los intentos de fraude, el
Registro Demográfico de la Policía
almacenaba información
incorrecta y luego no emitía
certificado verdadero dueño del
seguro social;
• No habia forma de consultar
datos de delitos menos graves de
la Policia, por lo que los
certificados no cumplian con la
ley.

303. Mas abajo:
• Los datos se encontraba en 4 bancos de datos
distintos, que no se hablaban entre si.
• RCC, el sistema de Justicia que alimentaba el
banco de datos principal de la Policia, seria
decomisado en semanas.
• Policia no tenia forma de sincronizar los delitos
Graves de forma automatizada y necesitaban
ayuda

304. Y en el fondo…

305. Retos que enfrentamos
Así sincronizaban los datos
Tribunales y la Policía de
Puerto Rico.

306. Retos que enfrentamos

307. Toda solicitud de certificado en línea requeria una
validación manual. Un promedio de 2 meses de espera
para recibir el certificado.

308. - playbook.cio.gov

309. - playbook.cio.gov
+ Understand what people need
+ Use Data to Drive decisions

310. Ciudadanía Móvil
77%
Mobile First
Los celulares son el principal
medio de acceso al Internet
en Puerto Rico

311. Ciudadanía Móvil:

312. - playbook.cio.gov
+ Bring in experienced teams

313. OPEI

314. Estrategia
PR.Gov App - Gestor
Policia /Justicia /Tribunales
– Registro Criminal
DTOP/NCIC - Identidad

315. - playbook.cio.gov
+ Choose a modern Techology Stack

316. Technology Stack

317. - playbook.cio.gov
+ Default to open

318. Código Disponible en Github
https://github.com/commonwealth-of-puerto-rico/prgov_cap_webapp/

319. START
Ready!
Modulos para la
Policia
Desarrollo de APIs y Micro Services (RCI) Equipo
Componentes Técnicos
Desarollo de Web App
Desarollo de Sistema
De Mensajeria Gubernamental PR.Gov
Personal Técnico,
Agilidad en
Contratación y Accesos

320. ANTES…

321. …Antes:

322. …Antes:

323. …Antes:

324. …Antes:

325. …Antes:
• En fallas, las solicitudes no se reintentaban automaticamente
• No se emitian certificados positivos
• No se validaba la información de identidad previo a la emisión
• Certificados emitidos en ventanilla no era posible invalidarlos
posteriormente una vez emitido, aún si contenian errores.
• Certificado de PR.gov era aceptado por patronos, pero se imprimia en hoja
de papel regular.
• Policia emitia en papel especial con un alto costo para la agencia.
• La seguridad del papel no era funcional toda vez que si emitian
incorrectamente un certificado, no podian cancelarlo.
• Certificado no expiraba.

326. NUEVO SERVICIO

332. Validación de Identidad:
• Aceptamos con o sin acentos, mayuzcula o
minuscula.
• La información de las agencias es la utilizada.
• El sistema tiene inteligencia para detectar
posibles errores en los nombres e identificar
apropiadamente.
• Si toda la validación es correcta, se emite
certificado.
• De requerir evaluación humana, se envia a
analista de la Policia

333. Certificados en su Email

334. Retos del Beta
• Algunas personas tienen su información
incorrecta en DTOP y estamos colaborando
interagencialmente en el particular
• Interesamos incorporar nuevos métodos de
validación en PR.gov (licencias de otros países, y
pasaporte)

335. Logros (Alpha)
• Consolidamos cuatro sistemas de datos
criminales en uno, adoptando RCI
• Validación identidad del ciudadano en DTOP
• Integración del registro de ofensores sexuales
• Integración de modulo para entrada de los
delitos menos grave de la Policía
• Un mismo proceso de validación, para
solicitudes presenciales en las ventanillas de la
Policía y en línea en PR.gov
• Funciona en celulares y tabletas
• Sistema escalable y con $0 costos de
licenciamiento

336. Logros (Beta)
• Se emiten certificados positivos por primera vez
por PR.Gov
• Certificados que antes salían negativos, ahora
salen positivos correctamente.
• Se valida la identidad del ciudadano previo a la
emisión.
• Se incorporó más allá que la tecnología, un
análisis de los procesos operacionales de la
Policía, para atender sus necesidades.
• Servicio en español e inglés

337. Logros del Prototipo (Beta)
• Servicio en español e inglés
• Por primera vez, personal que es sentenciado,
busca certificado el mismo día, y se le emite
positivo.

338. Emails: dia antes del lanzamiento

339. Tráfico: día antes del lanzamiento
Sistema de Mensajería Gubernamental:
Transacciones completadas: 893
Visitas al GMQ: 14933

340. Tráfico Móvil

341. - playbook.cio.gov
+ Address the whole experience, from
start to finish.

342. El Primer App de PR.gov
Disponible para:
Android y Iphone

343. PRGOV App

344. Escanea códigos de forma Segura

345. Solicita tu Certificado

347. Resumen:
• Nuevo Certificado es más seguro y rápido.
• Require un ID de DTOP
• Se trámita rápido y de forma segura
• Funciona en tu móvil, tabletas y PCs
• Versión beta está disponible en:
– http://servicios.pr.gov/cap
• App de solicitud y validación disponible para
Android y Iphone (keyword: PRGOV)