Predix GA: GE Is Working on Security, Mobile Services, and Automating Ops
Just before announcing the general availability of Predix—a PaaS for the Industrial Internet built on Pivotal Cloud Foundry—GE hosted the Predix Developers Meetup at Plug and Play Tech Center in Sunnyvale, CA. The event speakers provided its attendees with important insights into GE’s cloud platform for developing and running industrial applications.
The meetup agenda was mainly built around mobile development, security, and DevOps problems.
Predix Mobile
In his talk, , Head of Predix Mobile Engineering, spoke about Predix mobile services and how they help to develop high-performance applications that work regardless of network connectivity.
Michael presented a Mobile Backend as a Service (MBaaS)—the Predix Mobile service—for applications built with the Predix Mobile SDK. The Predix Mobile service runs on Cloud Foundry and provides offline support so that applications can access data nonstop. It also integrates with enterprise systems.
The illustration below shows the architecture of Predix Mobile.
Characteristics of the mobile framework from Michael’s presentation:
He also explained what is behind the “offline first” term as well as the importance of this approach to developing applications that work in places where connectivity is an issue.
“So what is ‘offline first’? What do I mean by this?
- We start with Mobile First.
- We accept connectivity as an issue.
- Enterprise apps need to sync with existing systems.
- Data on the device needs to be secured. Offline login is required.
- Prepare to work offline.
- Design the UI to support offline.”
With such an approach, an application accesses the necessary data directly on the mobile device. According to Michael, implementing the “offline first” model required migration:
- From a request/response to a distribute/replicate model
- From a relational to a NoSQL database
- From strong to eventual consistency
He also shared his perspective on what is going on in the industrial world.
“Machines are getting smarter…and smarter because they are getting sensors. Data that’s being collected is enormous, and the market is gonna grow tremendously.” —Michael Hart
Security services for IIOT applications
gave an introductory talk on managed security services for the Predix platform that he as a senior software manager and his team are working on.“IIoT needs more than just a PaaS.” —Vineet Banga
Precisely, the two key Predix offerings that help application developers to solve authentication and authorization problems include the User Account and Authentication (UAA) service and Access Control Services (ACS). Both are available as discrete services for Predix users.
The code base of the UAA service was forked from the Cloud Foundry project for identity management and authentication, modified for Predix, and then pushed back to the community.
Among UAA features are:
- Identity management through SCIM APIs
- An OAuth 2.0 authorization server
- Login and logout services
- SSO: SAML SP support
Certificate-based authentication for machines and SAML IdP support are planned for the future.
For more complex use cases and authorization mechanisms, Predix offers ACS. The following image illustrates how attribute-based access control works in ACS.
DevOps and the Industrial Internet
, Director of Cloud Services at GE Digital, shared Predix’s take on DevOps, or “automation by design.” In the presentation, he talked about approaches his team has taken to automate the operations of multiple Predix deployments across the globe.
Some of the guidelines from Jake’s presentation are:
- “Model infrastructure code like ‘real’ code.”
- “Dynamically assemble deployments using reusable artifacts.”
- “Keep your infra code dry.”
- “Once you have the process sorted, then pick a tool.”
To “sort” the process, infrastructure artifacts related to a Predix deployment were divided into three main groups:
- Global Stuff (“infra code that goes everywhere”)
- IaaS Stuff (things “important for a specific operating environment”)
- Env Stuff (regional environment configuration)
Speaking about tools that help to manage complexity, Jake named Spruce for infrastructure code generation and Concourse as a CI tool that has “very specific bindings and integrations with Cloud Foundry.”
He also pointed out that using logging, telemetry, and infrastructure and application monitoring tools minimizes Dev/Ops interaction.
Predix went into general availability on February 18, 2016. Congratulations to the team!