Solution architecture defines the details of how services are deployed on top of infrastructure architecture, interact with each other and also defines technical stack (tools and libraries to build and maintain solutions) which will work together to satisfy solution functional requirements.
The idea of having a set and proved technologies in solution architecture is to speed up solution development inception process when it is necessary to decide which tools, libraries, services, software design patterns and best practices development team will use to build solution.
Having working and proven solution architecture mitigates risk of building costly integrations which can not satisfy application performance and functional requirements.
Development, deployment and continuous integration tools:
This is a text with a footnote.
Automated deployment- Ansible is a tool of choice to streamline deployment of platform and solution specific tools and services
Release packaging and delivery- Docker provides a way to build and deliver versioned immutable release artifacts and move them as binary blobs in between of DEV, UAT and PROD environments
Continuous integration- Jenkins is a robust tool that provides pipelines to build, automatically test and publish release artifacts
Source code management- Gitlab provides source code repository, user public key management and fine grained source code access authorization
Docker registry- Docker private repository is used to store and publish environment specific docker images as well as to backup Athena built or 3rd party images
Maven repository- Nexus provides Java built artifact publishing repository as well as backup storage for 3rd party artifacts (such as installations and non-public libraries) necessary to build solution artifacts
Statical code analysis- Sonar is tightly integrated with Gitlab and provides automatic static code analysis code reviews for Gitlab pull requests
Code reviews and change quality- Gitlab provides workflow and tooling to facilitate easy and painless code reviews
Product Documentation- Jekyll is markdown based static site generator that is maintained in source code repository and allows easy way to have documentation as part of release process
API Documentation- Swagger is used to design, test, document and bootstrap OpenAPI standard based APIs
Technology stack, logical deployment and usage:
Web journeys- Apache Wicket is server-side components based web application framework that allows to build responsive/AJAX rich web applications with easy fallback to non-AJAX behavior
Integrations and middle-ware- Spring Boot micro-services using Apache Camel (EIP) and Quartz scheduler allows to build software patterns and best practices enabled highly maintainable and robust middleware
Single page application framework- Angular 4 is very well documented and mature single page application framework backed by major vendor that allows to build highly maintainable (TypeScript provides “compile time” validation and good refactoring capabilities) modern web applications with highly interactive User experience
Application framework- Spring Framework has it all. No need to build your own framework or re-invent abstractions to avoid technology lock-ins.
Data access framework- Spring Data provides patterns and implementations for data access layer abstraction
MVC framework- Spring MVC is tool of choice if there is use case to build simple MVC application
Micro-services- Spring Boot using Apache Camel (EIP) allows to build software patterns and best practices enabled highly maintainable and robust micro services
Message Queue- Apache ActiveMQ is robust and easy to maintain classic message queue that enables use of (EIP) and provides resiliency and asynchronous processing
RDBMS- PostgreSQL and MySQL are reliable, highly performant and proven two most popular and best open source DBs.
NoSQL DB- MongoDB, Elasticsearch and Cassandra are stable and well supported three most popular NoSQL storage solutions that cover three different NoSQL use cases
Release process, dependency and source code management- Apache Maven, Git Flow and JGit Flow are battle tested, easy to use, well supported and well known tools/processes/frameworks known by most developers
ETL and data processing tools- Airflow is easy to use tool to create and maintain complicated automated Workflows to crunch through enormous quantities of data and apply complicated workflows to group, segregate and link data so that it can be used for decision making
Rules engine and business logic- Drools is free to use rule engine that, if used properly, can be used to build maintainable highly performant underwriting, pricing and rating models
API gateway- Apiman is enterprise level, easy to extend API Gateway which allows to organize micro-service deployment and accelerate API build by taking over and enabling out of the box common API aspects such as authentication, authorization, whitelisting, blacklisting, usage reporting and limiting, etc.
Single Sign-On- Keycloak is standards based single sign on/off identity provider with very rich and diverse integration capabilities. Provides single sign on/off capabilities for all deployed micro-services to facilitate seamless and easy end-user experience
File exchange- OpenSSH (SFTP) server is battle proven, secure and extremely performat file exchange server
Maintenance, Monitoring and Security tools
Monitoring- Glances and Prometheus are used to collect, analyze and display server and service stats as well as to send alerts when certain thresholds of service or server resource availability are exceeded
Log aggregation- Fluentd, Elasticsearch and Kibana are used to collect all system and service logs in one place to provide easy and extremely insightful audit and troubleshooting capabilities
Identity management and LDAP provider- Free IPA provides platform user directory used to authenticate and authorize users before they can access certain platform services
Backup/Restore- AWS S3 provides highly reliable and cheap off-site backup capabilities
Public DNS- AWS Route53 is easy to use public DNS provider with rich automation API that allows easy and straightforward access to deployed services using DevOps automation
SMTP server- AWS SES is battle tested and cheap SMTP service with proper SPAM and Bounce handling procedures
Data loss protection- Squid and Apiman are used to whitelist which external services can be accessed by deployed Athena services
Service discovery and KV store- Consul provides deployed Athena service discovery and registry capabilities as well as Key/value storage for deployed environment state
Cluster and capacity management- Athena Dashboard is easy to use Web UI for DevOPs to view environment state (list of platform users, their state, service versions installed, resource usage and status), do capacity planning and perform common DevOPs functions such as starting/stopping of servers and services, redeployment or inception of services, adding/removing capacity, backing/recovery of service data, etc.
User self service portal- PWM is used for new platform user on-boarding and user self service, such as resetting forgotten password, etc.
Microservice management- Hawtio allows to debug and trace as well as to collects runtime information and stats from all micro-services built using Apache Camel
WAF (Web Application Firewall)- NAXSI, Apache httpd and Fail2Ban are simple yet powerful tools to prevent intrusion into publicly deployed services and allows to restrict features exposed by these services
VPN- OpenVPN server is used to give privileged access internal network of deployed environment
HID (Host Intrusion Detection)- OSSEC monitors all Host processes and critical files to detect any unauthorized changes to critical resources
DevOPs- Rundeck is used to give DevOPs members fine grained access to environment management features as well as to enable deployment automation solutions (for example: Jenkins installing new version of release in Development environment as part of build pipeline).