In-sourcing starting point

Initial draft by Bogdan Dimitriu (EC) and Joze Rihtarsic (EC)

Introduction

This page provides a short list of tasks and steps for transitioning the eDelivery SML service to an in-sourced Peppol service. It starts with a list of required knowledge and suggestions for knowledge transfer and then continues with tasks. Given the lack of familiarity with other SML implementations, the below is created with DomiSML in mind. The entries which are DomiSML specific are prefixed with [DomiSML]. They should be replaced with equivalent ones in case a different implementation is used.

Infrastructure and Technology

In-depth knowledge of the:

  •  Bind9 server and DNS in general, including:

    • DNSSEC

    • NSUpdate with SIG(0)

    • Mirroring (Incremental update)

  • [DomiSML] Oracle Database 19C

  • [DomiSML] Weblogic 12c/14c with clustering

  • Reverse proxy /LoadBalancer with mTLS  (Returning X509Certificate with SSLClientCert header, + X-FORWARD headers)

Resource planning

  • Servers:

    • Database server,

    • [DomiSML] Weblogic servers (Admin + 2 nodes),

    • DNS servers (Master + 2 replicas)

    • others: WAF, RP, LB...

  • Human resources: 

    • [DomiSML] Oracle Database/Weblogic Administrators

    • DNS Bind9 specialist

    • System/security admin (deploying RP, LB)

    • User support

Preparation Tasks 

The preparation tasks are to set up Peppol SML service.

Start with: Get familiar with the DomiSML (or some other target implementation) and DNS (See the documentation and test Docker plans with simple environment setup. The provided docker files are only for Demo and integration tests purposes.)

 

Tasks:

  1. Set up DNS:

    • Choose (and buy if needed) top DNS domain

    • Configure Bind9 DNS server: 

      • DNSSEC enabled

      • Master/Replica(s) integration with incremental update

      • Optionally: SIG(0) NSUpdate for SML integration

  2. [DomiSML] Set up DomiSML:

    • Setup Database (Oracle 19c)

    • Setup Weblogic in cluster

    • Deploy DomiSML

    • Configure and test DNS integration

  3. Configure WAF / RP

    • Limit access to subsystems

  4. Deploy Data

    • Get Data from eDelivery

    • [DomiSML] Database data (Export/import database tables)

    • [DomiSML] DNS Zone file (Non signed zone file can be generated from the database data)

  5. Import database data:

    • Sign DNS zone file with new DNS keys and deploy zone

    • [DomiSML] Run inconsistency report to validate the data

  6. Execute tests

    • Test all functions

    • Stress tests/load tests of environment

  7. Organize the operational and maintenance workflows

    • Support office/ User help (Ticketing system for tracking user requests/issues, reporting)

    • Operational and maintenance (Establishment of operational incident management and security patches, 24/7 service...) 

    • Monitoring: setup system monitoring/alerting to ensure 24/7 operations

  8. Establish procedures for synchronization of changed data. Note: DomiSML does not have any automatic function to do that

Go-live tasks

The go-live assumes gradual migration. The SMP service providers and AP clients use both system for the period of time of the migration (2 weeks to a couple of months) 

  1. Make sure eDelivery SML service and Peppol SML service synchronization works OK

  2. Set deadlines and inform users to migrate their acceptance environments to the acceptance environment of the new Peppol SML service

  3. Review the migration to the new acceptance environment and implement lesson learned

  4. Set deadlines and inform users to migrate their production environments to the production environment of the new Peppol SML service

  5. Remove records from eDelivery SML service

 

TODO 

  1. Implement functionality to Incremental synchronize changed data between the eDelivery SML and Peppol SML or request the APs to implement "fallback" discovery option.