Architecture
In an environment dominated by monoliths, agility is key to the success of this and any FACET-Acq project. This is the single guiding principle.
- UI/UX VueJS Framework
- Single page application design to provide best in class responsiveness and better decouple codebase
- Styling Bulma CSS framework
- Dynamic Updates Socket.io web sockets to avoid polling
- Authentication with X.509 certificates to leverage exiting multi-factor autentication
- Authorization with JWT for statesless management of authorization and user recognition
- Laravel MVC framework for the application layer/backend
- Php 7.1+ Server Side Scripting
-
Php-FPM Interpreter
- This can be deployed within a UNIX socket interface to comply with all security requirements for network interfaces
-
NGINX 1.11+ Web Server
- This can be swapped with Apache2 if deployment standards have not yet been developed for this modern and extremely high-performance web server
- PostgreSQL 9.6.x+
- Redis 3.8+
- AWS S3 persistent file storage with 11-nines durability
- Travis-CI
- Automated test coverage
- Laravel Dusk Browser based testing
- PHPUnit Unit, Service, API and Application Testing
- Vue Unit Testing UI component testing
- Codacy Static Code Linting
Given that many agencies struggle with cloud procedures and adoption, as well as the anticipated need for realistic deployment for testing and security review; the project maintains an 'infrastructure' directory with Terraform infrastructure as code. This provides out of the box idempotent infrastructure deployment and can be geared toward the AWS platform.
Linux configuration is a complex topic and requires can require both advanced competency and attention to detail when applying it to multiple servers. While many tools seek to solve this issue, they often require significant overhead including installed clients and polling processes that cost CPU cycles and can contribute to poor performance. Immune to this and leveraging SSH secure access is Ansible which allows simple declaration of target state and will then will SSH to the server, determine current state and then apply only the changes needed to ensure the state moves to match the target.
This is a powerful concept that allows
- provisioning as code
- full tracking version control system
- full audit trail of system configuration
- changes over time on a push basis
- a well-controlled deployment path
- fully testable
- repeatable
- idempotent deployment works on any server of the same distribution
While this project is not directly endorsing AWS, it is the dominant cloud services provider and includes a FedRAMP certified infrastructure set as well as ISO-27001 & ISO-9001:2015 certification.
While the application stack can be deployed on bare metal, on-premise virtualization, or in a custom air-gapped network, the cost and security benefits of AWS make it a compelling option and convenient testing paradigm. As such Terraform configuration for AWS is included in this repository.
The security advantages of a well-architected Docker container deployment of application components make this a worthwhile option to explore. Additionally, in a cloud-based environment, such containers allow for faster scaling during high volume transaction processing and pay for this increased capacity only when necessary.
To maximize scalability and resiliency, application containers are designed to be stateless and independent. The application is designed to sustain 99.99% availability and maintain data integrity with 99.999999999% durability including the simultaneous loss of two data centers within a single region without processing or user impact.
While data will be processed by Post Award itself as RESTful API calls, most data today is handled as some form of EDI including X12 and XML data. To provide parity, the application supports this structure and has been designed for 99.99% availability across two geographic regions and two isolated/distinct data centers within each region.
