Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nua - a self-hosted, resilient PaaS

Nua - a self-hosted, resilient PaaS

Stefane Fermigier

January 05, 2023

More Decks by Stefane Fermigier

Other Decks in Technology


  1. 1-Slide Summary Observation: • State of the art = PaaS,

    SaaS, Containers… • Increasing need and demand of European market for more “sovereign” solutions Proposal: • "Self-hosted PaaS" : technical oxymoron, but disruptive response to market and strategic needs • Expected huge impact on open source adoption and other positive externalities How: • See detailed roadmap Who: • Internal resources (proven experience in required areas of expertise) • Set up collaboration with an open source ecosystem
  2. SGDSN (French Ministry of Defense), Revue stratégique de cyberdéfense, 2018

    « An industrial strategy based on open source, provided that it is part of a well thought-out commercial approach, can enable French or European businesses to win market shares where they are currently absent and thereby enable France and the European Union to regain sovereignty. »
  3. The 1000 B$ Question "Can we - the open source

    ecosystem - signi fi cantly displace ubiquitous proprietary cloud applications such as: O ff i ce365, MS Teams, Google Workspace, Google Analytics, Zoom, SalesForce, Freshbooks, Xero, MailChimp, Zendesk, SurveyMonkey, GitHub, Blackboard, Slack, Heroku, Trello, Airtable, Datadog, Tableau... - by open source alternatives?"
  4. But… - Problems with Self-Hosting • The “Linux Distribution” model

    invented by Slackware, Red Hat, SuSE and Debian in the 90s has been highly successful for infrastructure services and desktop applications, but has not been extended to Web applications • Installing and maintaining Web applications on top of a Linux distribution can become a time-consuming and operationally risky activity • There must be a better way…
  5. Our Solution “Nua streamlines the development, selection, installation and resilient

    operations of Web applications in a self-sovereign cloud environment”
  6. Nua & the Dev(Sec)Ops Lifecycle Develop & Package A methodology

    and technical specifications to define running application from a source code base Build & Test Developers tools to help app vendors and package makers easily build robust application images Secure A server platform (“orchestrator”) ensures that applications run according to the stated intent Run Backups & Disaster Recovery, Firewall, WAF, IDS, extra authentication, RBAC… Monitor & Governance Tools to monitor system performance and resources consumption + alerts + dashboards Deploy “One click” or one-line CLI deployment of applications, according to use cases relevant to each target use group
  7. Initial Target Users / Customers Start-Ups and SDOs Software developing

    organisations (SDOs) will use Nua to benefit from Web-based development tools (forge, bug tracker, etc.) and streamline the deployment and management of their prototypes and applications Non-profit & Local Gov. Non-profits (associations, local governments) will benefit from a self- sovereign platform to provide “GAFAM- free” services to their members or constituents SOHOs and SMEs Small businesses that value data sovereignty and technological autonomy, but don’t want to spend hours installing and managing their IT system, will use Nua to run their businesses
  8. Meet Our Team Member 40+ combined years of experience with

    professional open source projects, Python programming and Web technologies Stefane Fermigier CEO Founded Nuxeo, open source ECM management pioneer, in 2000 (scaled form 1 to 50 employees in 6 years, sold for M$200 in 2020). F/OSS and digital sovereignty activist since 1998. Experienced with managing businesses and R&D projects. Develops primarily in Python and HTML5. Jérôme Dumonteil Tech Lead Senior software engineer and consultant with 30+ years of experience. Was responsible at Mandriva for the corporate Linux server distribution and services department. Experienced with R&D projects, packaging applications, Linux servers, Python development.
  9. Beyond V1 - Towards Sustainability 1 - Enhance and Expand

    Enhance the services provided byt the platform. Expand the number of supported or provided application in the marketplace (up to 100 applications). 3 - Operationalize Streamline curation and maintenance of supported applications. Provide adequate support and value-added services to our customers, partners and community. V2+ 01 02 03 2 - Integrate Integrate applications with platform services and with each other. Provide coherent and comprehensive packages of services and applications that address the needs of identified target markets. A key part of our value proposition is the continuous operation of the services we provide
  10. Technical Challenges - Build • Simplicity • Developer experience that

    improve developers onboarding and productivity • Simple metadata format - "conventions over con fi guration” • Versioning of format and data model • Reproductibility • Provide reproductible build environments (containers) • Safety • Provide infrastructure and utilities to enable logging, monitoring and testing, as well as entry points in the containerized applications for these services • Evolutivity • Anticipate future support of additional technologies and use cases
  11. Technical Challenges - Run • Resiliency • Provide external monitoring

    capabilities, alert on failures, and provide recovery plans • Facilitate restart and upgrade of components and apps • Check the system using “chaos engineering” methods • Security • Produce “Minimum Viable Secure Product” and apply security best practices and norms • Restrict access by “smart” fi rewalling and data encryption • Respect current regulations (ex: GDPR, CCPA…) and anticipate security audits or certi fi cations (ex: SOC 2, ISO 27001…) • Maintainability • Design a layered and evolutive architecture • Apply Infrastructure as Code best practices
  12. Development Roadmap Q1 ‘23 Q2 ‘23 S2 ‘23 M1 -

    Tech Preview • Minimal platform services • 5 packaged apps • No marketplace • Suitable for dogfooding • Goal: gather feedback from developers M2 - Beta • Basic services • 10 packaged apps • Static marketplace • Usable by open source technology enthousiasts • Goal gather feedback from early adopters M3 - V1 (MVP) • Full set of core platform services • 20 packaged apps • Usable by the initial target markets • Goal: validate product/ market fit hypotheses and start initial user base S1 ‘24 2025 V1+ • Additional services (ex: DevSecOps…) • 40+ packaged apps • Partnerships with IaaS and SaaS vendors • Goal: initial revenue creation via support / subscription services V2 • Multi-server deployments • Enterprise services (SAML, additional DevSecOps…) • “Stacks” of apps for specific market segments • Goal: expand market to demonstrate financial sustainability See also: https://github.com/abilian/nua/projects/1
  13. Deliverables: Milestone 1 (Tech Preview) • File format (metadata, callbacks)

    • Build plugins • Build image and helpers • Orchestrator (Framework) • Core backing services (databases, storage...) • App installation&con fi guration • Build commands • Run commands • First 5 packaged applications See also: https://github.com/abilian/nua/projects/1
  14. Deliverables: Milestone 2 • Test framework • UI framework /

    Web App • User management (+ groups, roles…) • Upgrades • Backups • Resilience testing (upgrades & disaster recov.) • Firewall (basic) • Additional 10 applications • Web site • "Marketplace" (basic) • Doc (multi-audiences) See also: https://github.com/abilian/nua/projects/1
  15. Deliverables: Milestone 3 and 4 (V0.9 and V1.0) • Bug

    fi xes / tweaks • Installer (.deb package or Ansible scripts) • Cron jobs • Monitoring • Conferences, webinars, workshops See also: https://github.com/abilian/nua/projects/1
  16. Development Methodology • The development will follow best practices of

    Python development • Use of type checker (mypy) and linters ( fl ake8) • Dependencies managed with Poetry • Documentation generated by mkdocs (including API) • Unit test with Pytest • Trunk-based git development • Details in https://abilian-developer-guide.readthedocs.io/
  17. Community Engagement • Development will happen in the open, on

    GitHub (yes, it’s problematic, but hard to avoid at this point) • Repository: https://github.com/abilian/nua • Interested parties will be encouraged to: • Contribute additional application pro fi les • Contribute additional platform plugins (builders, services…) • Comment on feature and application requests (via RFCs) • The platform will support third-party (“uno ff i cial”) or fi rst-party “beta” or “unsupported” package repositories