Skip to content
Snippets Groups Projects
Commit 81ef3303 authored by bovy89's avatar bovy89
Browse files

add sysinfo contribution

parent 2defc1be
No related branches found
No related tags found
1 merge request!3add sysinfo contribution
......@@ -112,7 +112,7 @@ build_from_source virgo AdV_computing_CNAF.tex
#build_from_source na62 na62.tex
#link_pdf padme padme.pdf
#build_from_source xenon xenon.tex xenon-computing-model.pdf
#build_from_source sysinfo sysinfo.tex pres_rundeck.png deploy_grafana.png
build_from_source sysinfo sysinfo.tex *.png
#link_pdf virgo VirgoComputing.pdf
#build_from_source tier1 tier1.tex
......
......@@ -191,7 +191,7 @@ Introducing the sixth annual report of CNAF...
%\ia{Cooling system upgrade and Power Usage Effectiveness improvement in the INFN CNAF Tier 1 infrastructure}{infra}
%\ia{National ICT Services Infrastructure and Services}{ssnn1}
%\ia{National ICT Services hardware and software infrastructures for Central Services}{ssnn2}
%\ia{The INFN Information System}{sysinfo}
\ia{The INFN Information System}{sysinfo}
%\ia{CNAF Provisioning system: On the way to Puppet 5}{cnprov}
......
contributions/sysinfo/container_ci.png

54 KiB

contributions/sysinfo/cronjob_annotation.png

40.1 KiB

contributions/sysinfo/deps_scan.png

108 KiB

contributions/sysinfo/presenze_kibana.png

22.4 KiB

\documentclass[a4paper]{jpconf}
\usepackage{graphicx}
\usepackage{hyperref}
\begin{document}
\title{The INFN Information System}
\author{
Stefano Bovina$^1$,
Marco Canaparo$^1$,
Enrico Capannini$^1$,
Fabio Capannini$^1$,
Claudio Galli$^1$,
Guido Guizzunti$^1$,
Barbara Demin$^1$
}
\address{$^1$ INFN CNAF, Viale Berti Pichat 6/2, 40126, Bologna, Italy}
\ead{
stefano.bovina@cnaf.infn.it,
marco.canaparo@cnaf.infn.it,
enrico.capannini@cnaf.infn.it,
fabio.capannini@cnaf.infn.it,
claudio.galli@cnaf.infn.it,
guido.guizzunti@cnaf.infn.it,
barbara.demin@cnaf.infn.it
}
\begin{abstract}
The Information System Service's mission is the implementation, management and optimization of all the infrastructural and application components of the administrative services of the Institute. In order to guarantee high reliability and redundancy, the same systems are replicated in an analogous infrastructure at the National Laboratories of Frascati (LNF).
The Information System's team manages all the administrative services of the Institute, both from the hardware and the software point of view and they are in charge of carrying out several software projects.
The core of the Information System is made up of the salary and HR systems.
Connected to the core there are several other systems reachable from a unique web portal: firstly, the organizational chart system (GODiVA); secondly, the accounting, the time and attendance, the trip and purchase order and the business intelligence systems. Finally, there are other systems which manage: the training of the employees, their subsidies, their timesheet, the official documents, the computer protocol, the recruitment, the user support etc.
\end{abstract}
\section{Introduction}
The INFN Information System project was set up in 2001 with the purpose of digitizing and managing all the administrative and accounting processes of the INFN Institute, and of carrying out a gradual dematerialization of documents.\\
In 2010, INFN decided to transfer the accounting system, based on the Oracle Business Suite (EBS) and the SUN Solaris operating system, from the National Laboratories of Frascati (LNF) to CNAF, where the SUN Solaris platform was migrated to a RedHat Linux Cluster and implemented on commodity hardware.\\
The Service “Information System” was officially established at CNAF in 2013 with the aim of developing, maintaining and coordinating many IT services which are critical for INFN. Together with the corresponding office in the National Laboratories of Frascati, it is actively involved in fields related to INFN management and administration, developing tools for business intelligence and research quality assurance; it is also involved in the dematerialization process and in the provisioning of interfaces between users and INFN administration.\\
The Information System service team at CNAF in 2018 was composed of 8 people, both developers and system engineers.\\
Over the years, other services have been added, leading to a complex infrastructure that covers all aspects of people's life working at INFN.
\section{Infrastructure}
In 2018, the infrastructure-related activity was composed of various tasks that can be summarized as follows: firstly, the consolidation of the Disaster Recovery site in Bari and the restore of CNAF as primary site; secondly, the finalization of Puppet 3 phase out and related Foreman upgrades; thirdly, the improvement of our ELK (Elasticsearch/Logstash/Kibana) and monitoring infrastructure and finally, several "Misure Minime" AGID and GDPR compliance adjustment.
\newline
After the complete revisiting and upgrade of the ELK stack to version 5 last year, many activities have been done to enhance systems and applications monitoring using this set of tools. To improve the discovery and resolution of problems, several views and dashboards (see Fig.~\ref{fig:presenze_kibana}) have been created on Kibana, as well as a deep analysis and customizations of application logs to introduce useful information.
\begin{figure}[htbp]
\begin{center}
\includegraphics[scale=0.5]{presenze_kibana.png}
\end{center}
\caption{\label{fig:presenze_kibana} Time and attendance system manual squaring statistics on Kibana (ELK)}
\end{figure}
With the aim of enhancing our cronjobs management, improving its monitoring and management, avoiding cronjob overlap and in order to identify "dead-man-switches" a new cronjob management tool has been adopted.
Cronjob executions are available both on Kibana and Grafana (as annotation), so they can be used to be correlated with system events (see Fig.~\ref{fig:cronjob_annotation}); In the same way, software releases are also displayed on Grafana.
\begin{figure}[htbp]
\begin{center}
\includegraphics[scale=0.5]{cronjob_annotation.png}
\end{center}
\caption{\label{fig:cronjob_annotation} Annotations for cronjobs on Grafana}
\end{figure}
\newpage
Because of the recent regulations that came into force ("Misure Minime" AGID and GDPR), many audits and related adjustments were made, also relying on both official Center for Internet Security (CIS) guides and Openscap scan, using the Payment Card Industry - Data Security Standard (PCI-DSS) profile.
Afterwards, we introduced a proactive security model on some pilot projects, adopting tools for static code analysis and dependency scanning (see Fig.~\ref{fig:deps_scan}).
\begin{figure}[htbp]
\begin{center}
\includegraphics[width=1.0\textwidth]{deps_scan.png}
\end{center}
\caption{\label{fig:deps_scan} Dependencies scan tool in action on Gitlab-CI}
\end{figure}
In addition to this, the Platform as a Service (PaaS) infrastructure based on RedHat Openshift Origin (3.x) was upgraded to release 3.11 and for all container-based projects, a signature/scan services was deployed at container registry level (see Fig.~\ref{fig:container_ci}).
\begin{figure}[htbp]
\begin{center}
\includegraphics[width=1.0\textwidth]{container_ci.png}
\end{center}
\caption{\label{fig:container_ci} Container registry details and related Gitlab-CI pipeline}
\end{figure}
\newpage
In 2018, Oracle databases related activities concerned their maintenance, an initial analysis about the necessary activities to upgrade to Oracle to databases’ later versions and the study about how to achieve real time replication between the Oracle databases of the Accounting application. Periodic recovery tests were also conducted on the Bari Disaster Recovery site.
\section{Time and attendance system improvements}
The time and attendance system allows employees to clock in and out electronically via swipe card. The data is instantly transferred into a database and shown in a web-based application. This system tracks the working hours and offers employees self-service that allows them to handle many time-tracking tasks on their own all subjected to customizable approval workflows and which include reviewing the hours they have worked, the current and future schedule and requests of paid or unpaid leaves.
In 2018, the Time and Attendance system related activities concerned both the introduction of new features and the modifications of the existing ones. Furthermore, developers focused on the performance improvement of the system through the optimization of some common procedures.
The Time and attendance system was enabled to "read" codes introduced together with the clock in/out: through this mechanism, employees can specify the reasons for their leave of absence without using the web-based application.
Some modifications have been carried out to implement some changes occurred in the national collective agreement. This activity included two new leaves of absence and an extension from three to four months of the period for the check of the average weekly working hours.
As concerns performance, the developers' team have optimized the procedure that manages the clock in/out by web portal, and the report that shows the paid overtime aggregated in sectors, employees and months.
\section{Oracle EBS improvements}
In 2018, a new Electronic Payments and Receipts (EPR) Framework was introduced, in compliance with the standard set by the Agency for Digital Italy (Agenzia per l'Italia Digitale, AgID) and transmitted through SIOPE+.
SIOPE+ is the new infrastructure that enables general government entities and banks that provide treasury services to exchange information with the objective of improving the quality of the data used for monitoring government expenditure and tracking the payment times to firms that supply general government entities.
SIOPE+ responds to the following needs:
\begin{itemize}
\item Availability of detailed information on payments made by general government bodies without burdening the entities involved in the flow of outlays and collections. This will make it easier to obtain information on the payments of trade receivables and, more broadly, to monitor public sector financial flows in real time.
\item Standardization of information exchange between government bodies and treasury service providers by adopting a single digital standard OPI (Ordinativo di Pagamento e Incasso) in place of the previous local standard OIL (Ordinativo Informatico Locale), with the aim of raising the quality of treasury services, facilitating further integration between the accounting systems of the entities and between payment processes, and supporting the development of electronic payments services.
\end{itemize}
\section{Business Intelligence improvements}
In 2018, the main task was investigating technical solutions as alternatives to the current Business Intelligence installation, with the aim of reducing licensing costs, while remaining on an open source solution, preserving functionalities and compatibility with other INFN tools and platforms.
At the end of this activity, the current solution, based on TIBCO platform, was confirmed the best one.
%At present, we are converting reports that are using deprecated features. Once all reports are converted, the Business Intelligence infrastructure will be upgraded to the last version.
\section{Contratti}
Contratti (previously named Repertorio Contratti) is a new Java application (in test phase) for long term preservation of contract made between INFN and an external supplier, based on Alfresco and mDM protocol.
Each contract is enriched with a full set of metadata which describe the Contract in its relevant parts and suppliers are extracted automatically from the central supplier registry, together with details of the contract signer.
Last year, several bugfix and improvements has been made, in order to respect our customers requirements. Improvements, can be summarized as following:
\begin{enumerate}
\item integration with mDM protocol:
\begin{itemize}
\item it is now possible to manage a set of folder where to store the contract file, as if it was a complete folder explorer;
\item before the contract file is stored in mDM, a protocol signature is written onto the document, without invalidating PAdES signature of the issuer.
\end{itemize}
\item complete refactoring of ACLs mechanism, used to manage document and app permissions;
\item added email notification in order to send a contract link to a set of recipients, extracted automatically from Godiva;
\item it is now possible to print a label containing the relevant characteristics of the contract;
\item complete UI restyling in order to improve both readability and usability of the product.
\end{enumerate}
\end{document}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment