How to use Microservices and Open Source-Architectures for the digitalization of the public adiministration The Südtiroler Gemeindenverband has created a Microservice and Open-Source Architecture for the Citizen-to-Government digitalization of the administrative proceedings in the Southy Tyrolean Municipalities. In this talk, we are pleased to present the technical architecture with all the layers and components used and how they interact with each other. Using Vaadin, Kubernetes, Springboot, Keycloak, RabbitMQ and Open-Source-Tools like Prometheus, ElasticSarch, Kiali and others, it is possible to achieve an End-to-End/Citizen-To-Administration digitalization of the business processes and procedures within the boundaries of the national and local laws, using the state-of-the-art technology. Furthermore, this architecture is built to guarantee scalability and best resource and performance management. The collection of modular microservices are able to interact with the main public and private third-party software in use in South-Tyrol and in Italy, local and national WEB-Portals and infrastructures and with the italian Digital Identity. The citizens will be able to identify themselves with their digital identity, they’ll fill out a Web-Form and will send the generated digital document and the embedded data to the back office of the municipalities. The document will be automatically registered, and the data will populate and activate the digital processes and procedures that are managed by the officials using the new back-office-software. The official documents will be sent to the citizens through the private areas in the WEB-Portals in order to close the digital lifecycle and to avoid the use of analog and materialized communication. The new architecture is built and published as a shared service for all the public administration in Italy and as an Open-Source-Project that can be reused and extended by the interested communities and by the companies on the market. The software is produced following the principles of “Security by Design” and “API-First” (OpenAPI 3) and the whole software lifecycle will be managed with agile methodologies.

1. GOFFICE 2.0
THE NEW OPEN-SOURCE-ARCHITECTURE FOR THE DIGITALIZATION OF THE MUNICIPALITIES IN
SOUTH TYROL

2. WHO AM I
¡ Graduated at FUB as computer scientist
¡ SW programmer, SW analyst, SCRUM master & team
leader
¡ In goffice2 my role is SCRUM master and technical project
reviewer, particularly for
¡ Architectural analysis and implementation
¡ Business analysis
¡ Code produced

3. STATE OF THE ART: GOFFICE10
¡ Delphi2010-based
¡ Thick client
¡ limited interoperability with external
systems
¡ A lot of modules!
¡ Circa 15

4. GOFFICE2
¡ What
¡ web-based ecosystem
¡ API first
¡ Why
¡ bring the legacy system to the world of new technologies
¡ Who pays
¡ goffice2 is mainly funded by the European Regional Development Fund (FESR - EFRE)
¡ Further details https://www.sfscon.it/talks/goffice-2-0/

5. LOGICAL STRUCTURE
¡ Mainly as Java microservices
¡ springboot
¡ OpenAPI
¡ Each microservice can be one of these types (up to now)
Connector services
¡ scope: interact with external platforms, where SGV
has little or no control
¡ Currently: mycivis private area, third-part modulistic
engine, SUAP portal
¡ Possible future connectors: pagoPA, ANPR, PND,
PDND
Support and business services
§ Scope: interact with internal platforms, whose
SGV has (quite) total control
§ Support: DMS, authentication and authorization,
reporting and data extraction
§ Business: licenses, online modulistic
management

6. LOGICAL STRUCTURE/2
¡ Each microservice can count on a set of common libraries suitable for
¡ security, multitenancy & persistence
¡ messaging
¡ logging
¡ Each microservice communicates via OpenAPI to the UI
¡ The chosen technology is Vaadin
¡ We developed a monolith UI with multiple views in the same jar
¡ UI interacts only with services
¡ Connectors are not used by UI
¡ Service and connectors can talk directly or using AMQP (RabbitMQ
¡ Thanks to this structure, changing the presentation layer is easier

7. Notifications
AMQP
Licenses Service
DB Entities
REST
Service Impl
Commons
DB Msg
Security Persistence Multitenancy Logging Common Libraries
Messaging
LOGICAL STRUCTURE - MODULE EXAMPLE
3° part DMS
Proxy
3° part DMS
Proxy
Infocamere
Connector
Commons
REST
Infocamere
Msg
UI
Digital signature
Service
Commons
Service Impl
3° part Digital
signature Proxy
REST
Trouble
shooting
DB Entities
REST
Service Impl
Commons Commons
Service Impl
REST
Document
Service

8. LOGICAL STRUCTURE - LOGIN EXAMPLE
LDAP
SSO login
page
Frontend
Spring security
Keycloak adapter
Microservice
Spring security
Keycloak adapter
2: redirect to login page
1: verify JWT token
3: obtain JWT token
Pass the JWT to downstream service
Periodically, refresh
JWT token
user federation

9. PHYSICAL (INFRA)STRUCTURE
¡ 3 environment: dev, quality, production
¡ Each environment is composed by
¡ kubernetes cluster (1 master, 2 -or more- nodes) with these pods installed
¡ Service mesh: istio
¡ NoSQL storage, for non-application-critical information: MongoDB
¡ User authentication, JWT token mngm and service authorization: keycloak
¡ Logging: ElasticSearch, fluentd, kibana
¡ Monitoring: prometheus, grafana, jaeger, Kiali
¡ DBMS (Postgres)

10. PHYSICAL (INFRA)STRUCTURE/2
¡ CI/CD
¡ All the elements composing goffice2 are deployed as docker images/k8s pods through continuous integration
and continuous delivery (gitlab, jenkins, jfrog artifactory)
¡ Images are built, controlled and deployed through maven builds and custom helm charts
¡ Configuration files (springboot and goffice2 config files) are all centralized and externalized, so that each pod
can be moved across all environments at no cost
¡ Nightly builds are deployed on dev environment
¡ Periodically tags/releases on quality (for testing purposes) and production

11. PHYSICAL (INFRA)STRUCTURE - ALM
IDE
Asset Repository
Version control
CI / CD
Container registry
Code analysis / Quality control
Documentation
Container
orchestrator

12. OPEN SOURCE
¡ All used products are open source
¡ All code produced is going to be open source
¡ All the software produced will be published on the italian “Catalogo del software a riuso”

13. THANK YOU FOR YOUR PATIENCE…
Q&A