Nua - a self-hosted, resilient PaaS

Project By
“DevOps in a box™ for your Web apps”

View Slide

1-Slide Summary
Observation:

• State of the art = PaaS, SaaS,
Containers…

• Increasing need and demand of
European market for more “sovereign”
solutions

Proposal:

• "Self-hosted PaaS" : technical oxymoron,
but disruptive response to market and
strategic needs

• Expected huge impact on open source
adoption and other positive externalities

How:

• See detailed roadmap

Who:

• Internal resources (proven experience in
required areas of expertise)

• Set up collaboration with an open source
ecosystem

View Slide

Vision & Strategy

View Slide

Open Source Software & The Cloud - It’s complicated 💔

View Slide

The Problems with Cloud Computing

View Slide

Issues - GAFAM as judge, jury and executioner

View Slide

Issues - Data Privacy and Competition

View Slide

Issues - Sh*t Happens

View Slide

Alternative: Self Hosting ?

View Slide

SGDSN (French Ministry of Defense), Revue stratégique de cyberdéfense, 2018
« An industrial strategy based on open source, provided
that it is part of a well thought-out commercial approach,
can enable French or European businesses to win market
shares where they are currently absent and thereby enable
France and the European Union to regain sovereignty. »

View Slide

The 1000 B$ Question
"Can we - the open source ecosystem - signi
fi
cantly displace
ubiquitous proprietary cloud applications such as: O
ff
i
ce365, MS
Teams, Google Workspace, Google Analytics, Zoom, SalesForce,
Freshbooks, Xero, MailChimp, Zendesk, SurveyMonkey, GitHub,
Blackboard, Slack, Heroku, Trello, Airtable, Datadog, Tableau... -
by open source alternatives?"

View Slide

But… - Problems with Self-Hosting
• The “Linux Distribution” model invented by Slackware, Red Hat,
SuSE and Debian in the 90s has been highly successful for
infrastructure services and desktop applications, but has not been
extended to Web applications

• Installing and maintaining Web applications on top of a Linux
distribution can become a time-consuming and operationally risky
activity

• There must be a better way…

View Slide

Our Solution
“Nua streamlines the development,
selection, installation and resilient
operations of Web applications in a
self-sovereign cloud environment”

View Slide

Nua & the Dev(Sec)Ops Lifecycle
Develop & Package
A methodology and technical
specifications to define running
application from a source code base
Build & Test
Developers tools to help app
vendors and package makers easily
build robust application images
Secure
A server platform (“orchestrator”)
ensures that applications run
according to the stated intent
Run
Backups & Disaster Recovery,
Firewall, WAF, IDS, extra
authentication, RBAC…
Monitor & Governance
Tools to monitor system performance and
resources consumption + alerts + dashboards
Deploy
“One click” or one-line CLI deployment of applications,
according to use cases relevant to each target use group

View Slide

Concept Map

View Slide

Initial Target Users / Customers
Start-Ups and SDOs
Software developing organisations
(SDOs) will use Nua to benefit from
Web-based development tools (forge,
bug tracker, etc.) and streamline the
deployment and management of their
prototypes and applications
Non-profit & Local Gov.
Non-profits (associations, local
governments) will benefit from a self-
sovereign platform to provide “GAFAM-
free” services to their members or
constituents
SOHOs and SMEs
Small businesses that value data
sovereignty and technological
autonomy, but don’t want to spend
hours installing and managing their IT
system, will use Nua to run their
businesses

View Slide

Meet Our Team Member
40+ combined years of experience with professional open source projects, Python programming and Web technologies
Stefane Fermigier
CEO
Founded Nuxeo, open source ECM management pioneer,
in 2000 (scaled form 1 to 50 employees in 6 years, sold for
M$200 in 2020).

F/OSS and digital sovereignty activist since 1998.

Experienced with managing businesses and R&D projects.

Develops primarily in Python and HTML5.
Jérôme Dumonteil
Tech Lead
Senior software engineer and consultant with 30+
years of experience.

Was responsible at Mandriva for the corporate Linux
server distribution and services department.

Experienced with R&D projects, packaging
applications, Linux servers, Python development.

View Slide

Beyond V1 - Towards Sustainability
1 - Enhance and Expand
Enhance the services provided byt the platform.

Expand the number of supported or provided application in the
marketplace (up to 100 applications).
3 - Operationalize
Streamline curation and maintenance of supported applications.

Provide adequate support and value-added services to our
customers, partners and community.
V2+
01
02
03
2 - Integrate
Integrate applications with platform services and with each other.

Provide coherent and comprehensive packages of services and
applications that address the needs of identified target markets.
A key part of our value proposition is the continuous operation of the services we provide

View Slide

Current Architecture & Technical Roadmap (V1)

View Slide

Concept Map (reminder)

View Slide

Detailed (!) Mind Map

View Slide

Server Stack and Main Use Cases

View Slide

System Landcape Diagram (C4 - Level 1)

View Slide

Container Diagram (C4 - Level 2)

View Slide

Technical Challenges - Build
• Simplicity

• Developer experience that improve developers onboarding and productivity

• Simple metadata format - "conventions over con
fi
guration”

• Versioning of format and data model

• Reproductibility

• Provide reproductible build environments (containers)

• Safety

• Provide infrastructure and utilities to enable logging, monitoring and testing, as well as
entry points in the containerized applications for these services

• Evolutivity

• Anticipate future support of additional technologies and use cases

View Slide

Technical Challenges - Run
• Resiliency

• Provide external monitoring capabilities, alert on failures, and provide recovery plans

• Facilitate restart and upgrade of components and apps

• Check the system using “chaos engineering” methods

• Security

• Produce “Minimum Viable Secure Product” and apply security best practices and norms

• Restrict access by “smart”
fi
rewalling and data encryption

• Respect current regulations (ex: GDPR, CCPA…) and anticipate security audits or certi
fi
cations (ex: SOC 2,
ISO 27001…)

• Maintainability

• Design a layered and evolutive architecture

• Apply Infrastructure as Code best practices

View Slide

Development Roadmap
Q1 ‘23 Q2 ‘23 S2 ‘23
M1 - Tech Preview
• Minimal platform
services

• 5 packaged apps

• No marketplace

• Suitable for dogfooding

• Goal: gather feedback
from developers
M2 - Beta
• Basic services

• 10 packaged apps

• Static marketplace

• Usable by open source
technology enthousiasts

• Goal gather feedback
from early adopters
M3 - V1 (MVP)
• Full set of core platform
services

• 20 packaged apps

• Usable by the initial
target markets

• Goal: validate product/
market fit hypotheses
and start initial user
base
S1 ‘24 2025
V1+
• Additional services (ex:
DevSecOps…)

• 40+ packaged apps

• Partnerships with IaaS
and SaaS vendors

• Goal: initial revenue
creation via support /
subscription services
V2
• Multi-server deployments

• Enterprise services
(SAML, additional
DevSecOps…)

• “Stacks” of apps for
specific market segments

• Goal: expand market to
demonstrate financial
sustainability
See also: https://github.com/abilian/nua/projects/1

View Slide

Deliverables: Milestone 1 (Tech Preview)
• File format (metadata,
callbacks)

• Build plugins

• Build image and helpers

• Orchestrator (Framework)

• Core backing services
(databases, storage...)

• App installation&con
fi
guration

• Build commands

• Run commands

• First 5 packaged applications

View Slide

Deliverables: Milestone 2
• Test framework

• UI framework / Web App

• User management (+ groups,
roles…)

• Upgrades

• Backups

• Resilience testing (upgrades &
disaster recov.)

• Firewall (basic)

• Additional 10 applications

• Web site

• "Marketplace" (basic)

• Doc (multi-audiences)

View Slide

Deliverables: Milestone 3 and 4 (V0.9 and V1.0)
• Bug
fi
xes / tweaks

• Installer (.deb package or Ansible scripts)

• Cron jobs

• Monitoring

• Conferences, webinars, workshops

View Slide

Development Methodology
• The development will follow best practices of Python development

• Use of type checker (mypy) and linters (
fl
ake8)

• Dependencies managed with Poetry

• Documentation generated by mkdocs (including API)

• Unit test with Pytest

• Trunk-based git development

• Details in https://abilian-developer-guide.readthedocs.io/

View Slide

Community Engagement
• Development will happen in the open, on GitHub (yes, it’s problematic,
but hard to avoid at this point)

• Repository: https://github.com/abilian/nua

• Interested parties will be encouraged to:

• Contribute additional application pro
fi
les

• Contribute additional platform plugins (builders, services…)

• Comment on feature and application requests (via RFCs)

• The platform will support third-party (“uno
ff
i
cial”) or
fi
rst-party “beta” or
“unsupported” package repositories

View Slide

www.abilian.com

[email protected]
www.nua.rocks

github.com/abilian/nua

View Slide

Nua - a self-hosted, resilient PaaS

Nua - a self-hosted, resilient PaaS

Stefane Fermigier

More Decks by Stefane Fermigier

Other Decks in Technology

Featured

Transcript