The ALFIS project
The ALFIS Project of the Albanian Ministry of the Environment and Tourism (MTE) was financed by the World Bank (WB) and consists in the design and construction of the Albanian National Forest System.
To achieve the goal of creating an integrated system for the cooperation and management of forest data in the Albanian territory, an application has been developed that integrates custom modules in a web-based environment (Gnext).
Gnext is the next generation webgis developed by ARCADIA SIT, it is based on the experience gained with the use of G4VIEW but it’s a totally new system with a different architecture designed to use the up to date technologies in the field. In the ALFIS project ARCADIA launch this new webgis that have proved its reliability and its capacity to be extended with the addition of custom modules.
The ALFIS Logical Layer is built atop of a Container Orchestration Layer, the Orchestrator will be Kubernetes, which is a project maintained by Google. We use Kubernetes through OKD which is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. OKD project is maintained by Red Hat.
The Kubernetes Layer will be the supervisor of the Containerizing Layer, a Kubernetes Pod is a group of one or more Docker containers, with shared storage/network, and a specification for how to run the containers. A pod’s contents are always co-located and co-scheduled, and run in a shared context.
The Logical Architecture Layer
The logical architecture is made from the following layers:
- Data layer
- Application layer
- Interface layer
- Security Layer
The architecture will follow the principle of the separation of the competences, every service or suite of services take charge of a specific aspect of the project, resolve it in all its aspects. Besides, that service will be the only place in the whole environment where that specific aspect will be taken into consideration.
A modern Architecture aims to isolate and group services for skills and responsibility, this level of specialization allows each service to use specific tools, techniques, patterns, structures and the most suitable language to expose each service.
Each service will expose its functionality through a REST interface to the other services that can request. A service will be treated by other services as a black box, receiving requests and sending processed data through REST. From the point of view of the team organization, each individual service will be developed and taken over by experts with specific skills, since each service will be highly specialized.
From a security point of view, the single-sign-on service is crucial, each service, regardless of the interface through which it is exposed that it is web or type REST is accessible only by authenticated and authorized users, the SSO service will be in charge the AAA aspects of the project: Authentication, Authorization and Audit. It means that each user will have a specific profile giving her/him grants to access the ALFIS resources, or subset of the resources, with read rights, write rights or both.
ALFIS has 4 hardware servers as a primary site , 2 for Database and 2 for Services, in ALFIS project we have to balance the Disk usage (mainly due to GIS and Documents) and the CPU Usage (mainly due to GIS environment), a hypothetical solution to optimize the use of RAM and CPU, of each server, depending on the greater / less load of each application / service.
The performance advantage is that this layout cuts off the traffic among servers, since we know that the biggest part in terms of traffic is due to GIS and Document management, so if we isolate those domains to their respective dedicated servers we cut the traffic.
The Architecture run on Linux servers, all containers will run on a Docker abstraction layer, and most services will run on a Java Virtual Machine. It means that that the running code will be fundamentally host agnostic.