The document discusses implementing a modern data platform for Monaco based on FIWARE. It outlines challenges around data ingestion, integration, facilitating self-service, and security. It then describes Monaco's hybrid cloud-based data mesh solution using FIWARE components like Orion Context Broker, Kubernetes, and Apache Ranger for unified access, centralized policies, and data security across clouds. An AWS Smart Territory Framework will be integrated for ingesting IoT data and activating data pipelines.
Implementing a Modern Data Platform for Monaco based on Fiware
1. Vienna, Austria
12-13 June, 2023
#FIWARESummit
From Data
to Value
OPEN SOURCE
OPEN STANDARDS
OPEN COMMUNITY
Implementing a Modern Data
Platform for Monaco based on Fiware
A Case Study in Sovereign Nation Transformation.
2. Vienna, 12-13 June, 2023 | #FIWARESummit www.fiware.or
g
Challenges in implementing a Modern Data Platform
Data Ingestion ● What are the approaches for simplifying data ingestion and sharing?
● How can IoT devices be effectively managed and controlled?
Integration
● How to easy integrate with established legacy databases ?
● How can managed databases and services be incorporated to accelerate project and application
development?
Facilitating self-service for end-
users
● How to propose a virtualized access layer to connect seamlessly multiple datastores across different
clouds?
● How can easy self-service and ad hoc analysis be facilitated?
● How to industrialize data cataloging and metadata ingestion ?
● How can one leverage advanced services and technologies offered by Cloud operators for maximum
benefits?
Security
● How to control identity and autorisations across different distributed Data stores ?
● How can the sovereignty of highly sensitive and confidential data be ensured?
● How to ensure data encryption depending of their localization and criticity ?
3. Vienna, 12-13 June, 2023 | #FIWARESummit www.fiware.or
g
Exploring the global perspective of a hybrid cloud-based data-mesh.
Key points :
❖ Fully containerized data platform
➢ Flexibility and scalability of Kubernetes
(OpenShift)
❖ Unified administrative access
➢ Openshift guarantees comprehensive
management of the resources distributed
across the 2 clouds (AWS + MonacoCloud)
❖ Orion CB acts as traffic router
❖ Integrate the AWS Smart Territory
Framework as ingestion sub-system
❖ Unified data access :
➢ API + SQL engine (centralize DB access from a
single point )
❖ Centralized policies enforcement
➢ Integrated control and granular role
management (ABAC)
4. Vienna, 12-13 June, 2023 | #FIWARESummit www.fiware.or
g
❖Eliminated Data silos and introduced an unified view to access and query data from
multiple sources and differents clouds using Trino (Policy Enforcement Point):
➢ Ability to query any source using SQL such as TimeScaleDB, MongoDB, Flat files (stored on S3), etc…
➢ Enhance performance by leveraging high performance and parallel query engine to process large amount of data.
❖Data Encryption at rest and transit for an end-to-end integrity
➢ Network Service Data communication (Micro-service TLS communication)
➢ Bring Your Own Keys capabilities (for future usage)
➢ Over-encryption (AWS KMS -AES + Openshift Platform FIPS )
❖Centralized policy enforcement for consistent access control, data masking, and auditing
across all your data sources including Orion CB through Apache Ranger (Policy Decision Point)
➢ Robust Data Governance Maintained data governance
➢ Streamlined operations
➢ Enhanced data security measures
Realizing Unified Data Access and Centralized Policies Enforcement
5. Vienna, 12-13 June, 2023 | #FIWARESummit www.fiware.or
g
By utilizing the pre-existing security layer that governs the datastores and
APIs of the Data platform to secure Orion Context Broker :
Securing Orion CB with a “conventional” security layer based on
Kong, FastAPI, Keycloak and Apache Ranger
Security Layer
Client
Data Platform
Entities
GET - /v2/entities
GET - /v2/entities/{entityID}
POST - /v2/entities
PUT|POST - /v2/entities/{entityID}
DELETE - /v2/entities/{entityID}
Attributes
GET - /v2/entities/{entityID}/attrs/{attrName}
PUT - /v2/entities/{entityID}/attrs/{attrName}
● Keycloak : Manage users and rôles
● Apache Ranger : Define policies and permissions, logging
● Kong API : Central entry point API-Gateway for security, traffic control,
monitoring, logging, …
● FastAPI-based process to interact with Apache Ranger and redirects
calls to Orion (if allow)
● Orion CB manages data and send notifications. Accessible only via the
FastAPI-based process (thanks to an Ingress controller)
Request/Reply
QuantumLeap
Trino
6. Vienna, 12-13 June, 2023 | #FIWARESummit www.fiware.or
g
Our ingestion sub-system, the AWS Smart Territory Framework (STF)
Comprehensive set of tools and services for managing Smart city infrastructure :
❖Provisioning, monitoring, and remote management of IoT devices
❖Dynamic scaling based on incoming data volume
❖Event-triggered data pipeline activation
❖Real-time conversion of incoming data to NGSI data model for Orion Context Broker feeding
Seamless integration and operation to leverage the full potential of our
platform for data ingestion and processing
7. Vienna, 12-13 June, 2023 | #FIWARESummit www.fiware.or
g
The team and our partners
Partners
Government of Monaco
Laurent CURNIER
Data Platform Project
Manager
Côme SAUVAL
Head of Data & Platform
team
Christophe PIERRE
Director of Digital Uses
Development
Amine SOUABNI
Platform Engineer
Didier FORGET
Public Cloud and Innovations
Project Manager
8. Vienna, 12-13 June, 2023 | #FIWARESummit www.fiware.or
g
Hosting Partner Keystone Sponsors
Media Partners
Find Us On Stay up to date Be certified and featured
JOIN OUR NEWSLETTER