

Non Functional Requirements

In this section we are covering some of the non functional Requirements

Table of contents

• Security
• Resiliency
• DevOps
• Service Management

Security

Multiple security concerns are addressed by the hybrid integration compute model. The first one is to support the deployment of private on-premise LDAP directory. The installation and configuration of the Open LDAP on the Utility server is described here.

Second, to control the access from a IBM Cloud app, we first implemented an adhoc solution integrating passport.js and using a /login path defined in our inventory product in API Connect. See explanation here on how we did it.
The connection between the web app, front end of hybrid integration compute and the back end is done over TLS socket, we present a quick summary of TLS and how TLS end to end is performed in this article

The front end login mechanism on how we support injecting secure token for API calls is documented here

Add a IBM Secure Gateway IBM Cloud Service

To authorize the web application running on IBM Cloud to access the API Connect gateway running on on-premise servers (or any end-point on on-premise servers), we use the IBM Secure Gateway product and the IBM Cloud Secure Gateway service: the configuration details and best practices can be found in this article

Resiliency

• Making the Portal App Resilient
  Please check this repository for instructions and tools to improve availability and performances of the hybrid integration Compute front end application.

High availability

We do not plan to implement complex topology for the on-premise servers to support HA, mostly because of cost and time reason and the fact that it is covered a lot in different articles. For a basic introduction of HA and DR in a two or three data center you can read this article.

For IBM Cloud Private read the following ICP cluster HA article

Using container helps to control the server and OS configuration with the application code in a unique integrated deployment unit. This is a huge advantage for high availability of those applications. With modern single page application for web application, the micro services are more stateless and so the complexity of high availability between data center resides in the following areas: code replication as part of the continuous deployment data replication for the different datasource, SQL, non SQL and files. The different type of data may lead to different RPO and even loss tolerance. May be loosing, a tweet, a comment, or the picture of the aunt's cat are not that important, while a sale or bank transactions are. load balancing at the edge services number of instances for each of the different component of the solution. Is it possible to have at least three instances for each micro service running in parallel.
network latency security token management