In 2016 we were contracted to build an application orchestration system. It enables complete deployment automation across infrastructure, network, security and application components of a product/application. It is available on AWS, Azure and Google Cloud. It provides a single pane of glass to configure, execute and monitor application deployments across data centers. Security postures and operational controls can be setup, enforced and tracked for compliance.
The platform is composed of:
Web UI console, based on primefaces technology.
J2EE-based modular application backend
SQL database (MySQL) as an identity and object permissions store
MongoDB database as a primary data store
J2SE remote agent (optional) which is capable of delivering the provisioning commands over the firewalls or network boundaries
Key system features
Supported resource providers: AWS, Azure, Google cloud, Docker, Existing VMs (for cloud providers - compute, network and more)
Cloud resources management: Compute, network, security groups, DNS (Route53), S3, IAM
Provisioning methods: chef, userdata, ansible
Deployment specification: Yaml blueprints
CI/CD pipeline, Jenkins integration plugin
UI features: interactive graphical representation of the deployment structure and deployment actions graph, structured deployment logs, dashboard, datacenters view with node/component statuses, upload and manage blueprints, manage organizations, users, permissions
Update/remove capability: can incrementally apply updates to existing deployments. Can completely undeploy with full resource cleanup.
Security features: Disk encryption, store credentials in vault, security components catalog, IAM policies/profiles defined in the security blueprint, security compliance scan, cloudwatch logs
Role separation / authorization model: separate blueprints for network/app/security. Application roles, object permissions and organization units are available.
Monitoring: runtime state, compliance, drift, security components state, chef status
Container management: Docker, Docker Swarm (including network features for container interactions, building docker images from source code, docker registry integration)