Software products from various suppliers are used in the aftersales of our customer (an OEM in the automotive industry). The aim of the cloud platform is to provide a uniform infrastructure, architecture, and process for using these products.
The agile implementation of digital products can take place as quickly as possible with a focus on added value for the end user. To facilitate this, the platform provides services and handles cross-sectional issues such as security, compliance, high availability, and release processes.
On the basis of IBM Cloud, Kubernetes, and Istio, Novatec is building up and operating a modern cloud infrastructure that meets top requirements for security and availability. The platform supports any desired application architecture and handles the cross-sectional issues mentioned below.
Increasingly, large companies are the target of attacks on their IT systems. Successful attacks can seriously harm the reputation of a company as well as damaging it financially. Data protection plays an extremely important role, since data is the core of any business, and the leakage of data can result in claims for damages through product liability lawsuits.
This is why encryption is vital, so that not even the cloud provider can access critical data. To ensure adequate data encryption, the teams are given guidelines for selecting the right encryption types and suitable data stores. To provide security against the cloud provider, encrypted backups are saved in the local infrastructure.
Authentication and authorization using OpenID Connect is offered as a central service of the platform. This ensures a high implementation standard and reduces the risk of individual applications being attacked. At the same time, it means that the teams do not need to master the details of the solution.
Developers of different suppliers build applications on the platform. This is why it’s important to efficiently secure the teams areas against each other. Each team has its own areas in the various platform components where it has extensive authorizations. This allows the team to work autonomously and really efficiently without being dependent on other teams. In addition, it means that the applications do not mutually influence each other.
In full accordance with the “defense in depth”security strategy, security measures at different levels secure communication between the end user and service as well as internal communication between the services and platform. The measures used include Mutual TLS, JSON Web Tokens, and explicitly defined network policies. As a result, the developer teams can concentrate on security in the application itself.
With DevOps, the quality of the software can be improved and market availability can be accelerated. In accordance with DevOps, the individual developer teams on the cloud platform are responsible for both the development and the operation of their applications. The teams can access extensive services that are made available by the platform to help them with the management, provision, and monitoring of their applications.
Among other things, the platform includes automatic measuring instruments for the applications in the form of monitoring and logging agents. These provide the teams with metrics and logs for their applications, including upstream and downstream services. There are also dashboards with metrics for the data services that the teams procure from the cloud provider. This means that the teams do not have to set up their own tools of this kind.
Further tools for CI/CD are made available to the teams in an extensive tool chain in order to enable the easy implementation of the release processes, which are handled in a cross-platform manner, for interdependent services. These tools include a central Wiki and a project management tool for agile software development.
The platform team handles the efficient provision of resources for the execution of the applications. The constant availability of the platform is ensured through a 24/7 on-call service.
The architecture of the platform is designed for top availability. For example, thanks to the multi-zone architecture, the platform remains available even if an entire computer center fails. All platform components are designed to be consistently redundant, which means that the failure of individual components can be handled without problems.
The regular and largely automated simulation of concepts for disaster recovery mean that a low recovery point objective (RPO) and recovery time objective (RTO) can be guaranteed if a catastrophe should occur.
In the spirit of agile empowerment, the design of the platform by Novatec takes place in close cooperation with the architects of the customer in a scrum team (also called the “platform team”). We work closely with other stakeholders such as the customer’s cyber security unit. This ensures that the processes and architecture of the cloud platform are aligned with the general IT standards and business objectives of the company.
One major aim of the platform is to enable developer teams to develop their products efficiently in order to eventually shorten development cycles for new products. To facilitate this, Novatec provides the teams with advice on operating their services and supports them with relevant tools, processes, and guidelines so that the teams can develop and operate their products independently in a clearly defined context. The teams have the freedom to choose the best application architecture and technology to realize their particular task. The platform team works closely with the developer teams in order to receive suggestions and feedback that help to improve the platform and to ensure that the DevOps principles are observed on the platform.
On the platform, over 200 developers create their products in small, independent teams. Frequently, the teams face similar technological challenges and the same issues arise when certain architecture decisions must be made. For this reason, the platform team organizes regular “Community of Practice” meetings, when the teams talk about current issues and can present solutions. In addition, topic-specific chat rooms and a shared Wiki encourage the teams to work together and exchange knowledge.
Higher-level decisions about standards are made in regular “Architecture Board” meetings, which representatives of the various developer teams and suppliers participate in.