$30 off During Our Annual Pro Sale. View Details »

Nua - a self-hosted, resilient PaaS

Nua - a self-hosted, resilient PaaS

Stefane Fermigier

January 05, 2023

More Decks by Stefane Fermigier

Other Decks in Technology


  1. Project By
    “DevOps in a box™ for your Web apps”

    View Slide

  2. 1-Slide Summary

    • State of the art = PaaS, SaaS,

    • Increasing need and demand of
    European market for more “sovereign”


    • "Self-hosted PaaS" : technical oxymoron,
    but disruptive response to market and
    strategic needs

    • Expected huge impact on open source
    adoption and other positive externalities


    • See detailed roadmap


    • Internal resources (proven experience in
    required areas of expertise)

    • Set up collaboration with an open source

    View Slide

  3. Vision & Strategy

    View Slide

  4. Open Source Software & The Cloud - It’s complicated 💔

    View Slide

  5. The Problems with Cloud Computing

    View Slide

  6. Issues - GAFAM as judge, jury and executioner

    View Slide

  7. Issues - Data Privacy and Competition

    View Slide

  8. Issues - Sh*t Happens

    View Slide

  9. Alternative: Self Hosting ?

    View Slide

  10. SGDSN (French Ministry of Defense), Revue stratégique de cyberdéfense, 2018
    « An industrial strategy based on open source, provided
    that it is part of a well thought-out commercial approach,
    can enable French or European businesses to win market
    shares where they are currently absent and thereby enable
    France and the European Union to regain sovereignty. »

    View Slide

  11. The 1000 B$ Question
    "Can we - the open source ecosystem - signi
    cantly displace
    ubiquitous proprietary cloud applications such as: O
    ce365, MS
    Teams, Google Workspace, Google Analytics, Zoom, SalesForce,
    Freshbooks, Xero, MailChimp, Zendesk, SurveyMonkey, GitHub,
    Blackboard, Slack, Heroku, Trello, Airtable, Datadog, Tableau... -
    by open source alternatives?"

    View Slide

  12. But… - Problems with Self-Hosting
    • The “Linux Distribution” model invented by Slackware, Red Hat,
    SuSE and Debian in the 90s has been highly successful for
    infrastructure services and desktop applications, but has not been
    extended to Web applications

    • Installing and maintaining Web applications on top of a Linux
    distribution can become a time-consuming and operationally risky

    • There must be a better way…

    View Slide

  13. Our Solution
    “Nua streamlines the development,
    selection, installation and resilient
    operations of Web applications in a
    self-sovereign cloud environment”

    View Slide

  14. Nua & the Dev(Sec)Ops Lifecycle
    Develop & Package
    A methodology and technical
    specifications to define running
    application from a source code base
    Build & Test
    Developers tools to help app
    vendors and package makers easily
    build robust application images
    A server platform (“orchestrator”)
    ensures that applications run
    according to the stated intent
    Backups & Disaster Recovery,
    Firewall, WAF, IDS, extra
    authentication, RBAC…
    Monitor & Governance
    Tools to monitor system performance and
    resources consumption + alerts + dashboards
    “One click” or one-line CLI deployment of applications,
    according to use cases relevant to each target use group

    View Slide

  15. Concept Map

    View Slide

  16. Initial Target Users / Customers
    Start-Ups and SDOs
    Software developing organisations
    (SDOs) will use Nua to benefit from
    Web-based development tools (forge,
    bug tracker, etc.) and streamline the
    deployment and management of their
    prototypes and applications
    Non-profit & Local Gov.
    Non-profits (associations, local
    governments) will benefit from a self-
    sovereign platform to provide “GAFAM-
    free” services to their members or
    SOHOs and SMEs
    Small businesses that value data
    sovereignty and technological
    autonomy, but don’t want to spend
    hours installing and managing their IT
    system, will use Nua to run their

    View Slide

  17. Meet Our Team Member
    40+ combined years of experience with professional open source projects, Python programming and Web technologies
    Stefane Fermigier
    Founded Nuxeo, open source ECM management pioneer,
    in 2000 (scaled form 1 to 50 employees in 6 years, sold for
    M$200 in 2020).

    F/OSS and digital sovereignty activist since 1998.

    Experienced with managing businesses and R&D projects.

    Develops primarily in Python and HTML5.
    Jérôme Dumonteil
    Tech Lead
    Senior software engineer and consultant with 30+
    years of experience.

    Was responsible at Mandriva for the corporate Linux
    server distribution and services department.

    Experienced with R&D projects, packaging
    applications, Linux servers, Python development.

    View Slide

  18. Beyond V1 - Towards Sustainability
    1 - Enhance and Expand
    Enhance the services provided byt the platform.

    Expand the number of supported or provided application in the
    marketplace (up to 100 applications).
    3 - Operationalize
    Streamline curation and maintenance of supported applications.

    Provide adequate support and value-added services to our
    customers, partners and community.
    2 - Integrate
    Integrate applications with platform services and with each other.

    Provide coherent and comprehensive packages of services and
    applications that address the needs of identified target markets.
    A key part of our value proposition is the continuous operation of the services we provide

    View Slide

  19. Current Architecture & Technical Roadmap (V1)

    View Slide

  20. Concept Map (reminder)

    View Slide

  21. Detailed (!) Mind Map

    View Slide

  22. Server Stack and Main Use Cases

    View Slide

  23. System Landcape Diagram (C4 - Level 1)

    View Slide

  24. Container Diagram (C4 - Level 2)

    View Slide

  25. Technical Challenges - Build
    • Simplicity

    • Developer experience that improve developers onboarding and productivity

    • Simple metadata format - "conventions over con

    • Versioning of format and data model

    • Reproductibility

    • Provide reproductible build environments (containers)

    • Safety

    • Provide infrastructure and utilities to enable logging, monitoring and testing, as well as
    entry points in the containerized applications for these services

    • Evolutivity

    • Anticipate future support of additional technologies and use cases

    View Slide

  26. Technical Challenges - Run
    • Resiliency

    • Provide external monitoring capabilities, alert on failures, and provide recovery plans

    • Facilitate restart and upgrade of components and apps

    • Check the system using “chaos engineering” methods

    • Security

    • Produce “Minimum Viable Secure Product” and apply security best practices and norms

    • Restrict access by “smart”
    rewalling and data encryption

    • Respect current regulations (ex: GDPR, CCPA…) and anticipate security audits or certi
    cations (ex: SOC 2,
    ISO 27001…)

    • Maintainability

    • Design a layered and evolutive architecture

    • Apply Infrastructure as Code best practices

    View Slide

  27. Development Roadmap
    Q1 ‘23 Q2 ‘23 S2 ‘23
    M1 - Tech Preview
    • Minimal platform

    • 5 packaged apps

    • No marketplace

    • Suitable for dogfooding

    • Goal: gather feedback
    from developers
    M2 - Beta
    • Basic services

    • 10 packaged apps

    • Static marketplace

    • Usable by open source
    technology enthousiasts

    • Goal gather feedback
    from early adopters
    M3 - V1 (MVP)
    • Full set of core platform

    • 20 packaged apps

    • Usable by the initial
    target markets

    • Goal: validate product/
    market fit hypotheses
    and start initial user
    S1 ‘24 2025
    • Additional services (ex:

    • 40+ packaged apps

    • Partnerships with IaaS
    and SaaS vendors

    • Goal: initial revenue
    creation via support /
    subscription services
    • Multi-server deployments

    • Enterprise services
    (SAML, additional

    • “Stacks” of apps for
    specific market segments

    • Goal: expand market to
    demonstrate financial
    See also: https://github.com/abilian/nua/projects/1

    View Slide

  28. Deliverables: Milestone 1 (Tech Preview)
    • File format (metadata,

    • Build plugins

    • Build image and helpers

    • Orchestrator (Framework)

    • Core backing services
    (databases, storage...)

    • App installation&con

    • Build commands

    • Run commands

    • First 5 packaged applications
    See also: https://github.com/abilian/nua/projects/1

    View Slide

  29. Deliverables: Milestone 2
    • Test framework

    • UI framework / Web App

    • User management (+ groups,

    • Upgrades

    • Backups

    • Resilience testing (upgrades &
    disaster recov.)

    • Firewall (basic)

    • Additional 10 applications

    • Web site

    • "Marketplace" (basic)

    • Doc (multi-audiences)
    See also: https://github.com/abilian/nua/projects/1

    View Slide

  30. Deliverables: Milestone 3 and 4 (V0.9 and V1.0)
    • Bug
    xes / tweaks

    • Installer (.deb package or Ansible scripts)

    • Cron jobs

    • Monitoring

    • Conferences, webinars, workshops
    See also: https://github.com/abilian/nua/projects/1

    View Slide

  31. Development Methodology
    • The development will follow best practices of Python development

    • Use of type checker (mypy) and linters (

    • Dependencies managed with Poetry

    • Documentation generated by mkdocs (including API)

    • Unit test with Pytest

    • Trunk-based git development

    • Details in https://abilian-developer-guide.readthedocs.io/

    View Slide

  32. Community Engagement
    • Development will happen in the open, on GitHub (yes, it’s problematic,
    but hard to avoid at this point)

    • Repository: https://github.com/abilian/nua

    • Interested parties will be encouraged to:

    • Contribute additional application pro

    • Contribute additional platform plugins (builders, services…)

    • Comment on feature and application requests (via RFCs)

    • The platform will support third-party (“uno
    cial”) or
    rst-party “beta” or
    “unsupported” package repositories

    View Slide

  33. www.abilian.com

    [email protected]


    View Slide