From Monolith to Microservices: A Classification of Refactoring Approaches

While the recently emerged Microservices architectural style is widely discussed in literature, it is difficult to find clear guidance on the process of refactoring legacy applications. The importance of the topic is underpinned by high costs and effort of a refactoring process which has several other implications, e.g. overall processes (DevOps) and team structure. Software architects facing this challenge are in need of selecting an appropriate strategy and refactoring technique. One of the most discussed aspects in this context is finding the right service granularity to fully leverage the advantages of a Microservices architecture. This study first discusses the notion of architectural refactoring and subsequently compares 10 existing refactoring approaches recently proposed in academic literature. The approaches are classified by the underlying decomposition technique and visually presented in the form of a decision guide for quick reference. The review yielded a variety of strategies to break down a monolithic application into independent services. With one exception, most approaches are only applicable under certain conditions. Further concerns are the significant amount of input data some approaches require as well as limited or prototypical tool support.Comment: 13 pages, 4 tables, 2 figures, Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment, First International Workshop, DEVOPS 2018, Chateau de Villebrumier, France, March 5-6, 2018, Revised Selected Paper

Microservices suite for smart city applications

Smart Cities are approaching the Internet of Things (IoT) World. Most of the first-generation Smart City solutions are based on Extract Transform Load (ETL); processes and languages that mainly support pull protocols for data gathering. IoT solutions are moving forward to event-driven processes using push protocols. Thus, the concept of IoT applications has turned out to be widespread; but it was initially “implemented” with ETL; rule-based solutions; and finally; with true data flows. In this paper, these aspects are reviewed, highlighting the requirements for smart city IoT applications and in particular, the ones that implement a set of specific MicroServices for IoT Applications in Smart City contexts. Moreover; our experience has allowed us to implement a suite of MicroServices for Node-RED; which has allowed for the creation of a wide range of new IoT applications for smart cities that includes dashboards, IoT Devices, data analytics, discovery, etc., as well as a corresponding Life Cycle. The proposed solution has been validated against a large number of IoT applications, as it can be verified by accessing the https://www.Snap4City.org portal; while only three of them have been described in the paper. In addition, the reported solution assessment has been carried out by a number of smart city experts. The work has been developed in the framework of the Select4Cities PCP (PreCommercial Procurement), funded by the European Commission as Snap4City platform

A software development framework for secure microservices

Abstract: The software development community has seen the proliferation of a new style of building applications based on small and specialized autonomous units of computation logic called microservices. Microservices collaborate by sending light-weight messages to automate a business task. These microservices are independently deployable with arbitrary schedules, allowing enterprises to quickly create new sets of business capabilities in response to changing business requirements. It is expected that the use of microservices will become the default style of building software applications by the year 2023, with the microservices’ market projected to reach thirtytwo billion United States of American dollars. The adoption of microservices presents new security challenges due to the way the units of computation logic are designed, deployed and maintained. The decomposition of an application into small independent units increases the attack surface, and makes it a challenge to secure and control network traffic for each unit. These new security challenges cannot be addressed by traditional security strategies. Software engineers developing microservices are facing growing pressure to build secure microservices to ensure the security of business information assets and guarantee business continuity. The research conducted in this thesis proposes a software development framework that software engineers can use to build secure microservices. The framework defines artefacts, development and maintenance activities together with methods and techniques that software engineers can use to ensure that microservices are developed from the ground up to be secure. The goal of the framework is to ensure that microservices are designed and built to be able to detect, react, respond and recover from attacks during day-to-day operations. To prove the capability of the framework, a microservices-based application is developed using the proposed software development framework as part of an experiment to determine its effectiveness. These results, together with a comparative and quality review of the framework indicate that the software development framework can be effectively used to develop secure microservices.Ph.D. (Computer Science

Exploración de técnicas de machine learning para migración de sistemas legados hacia microservicios

Actualmente, cada vez más empresas están adoptando microservicios para modernizar sus productos y tomar ventaja de sus prometedores beneficios como: agilidad, escalabilidad e integración continua, entre otros. Por un lado, los sistemas basados en microservicios presentan una arquitectura flexible y con alta capacidad de evolución. Sin embargo, por otro lado, hay desafíos técnicos (por ej. automatización de la infraestructura y debugging distribuido) y organizacionales (por ej. creación de equipos de trabajos cross-functional) que necesitan ser abordados. Lamentablemente, migrar una arquitectura orientada a microservicios no es una tarea simple. En este proceso, los servicios pueden escalar más eficientemente y los ciclos de entregas se acortan debido al continuo despliegue. Normalmente, estas decisiones de diseño quedan sujetas a la intuición de desarrolladores y/o arquitectos, pero carecen de un análisis sistemático que les facilite la evaluación de alternativas y toma de decisiones. En este contexto, las técnicas de machine learning podrían contribuir a facilitar la exploración de diferentes alternativas de descomposición de arquitecturas de software en microservicios.Eje: Ingeniería de Software.Red de Universidades con Carreras en Informátic

IoT-Enabled Smart Cities: A Review of Concepts, Frameworks and Key Technologies

In recent years, smart cities have been significantly developed and have greatly expanded their potential. In fact, novel advancements to the Internet of things (IoT) have paved the way for new possibilities, representing a set of key enabling technologies for smart cities and allowing the production and automation of innovative services and advanced applications for the different city stakeholders. This paper presents a review of the research literature on IoT-enabled smart cities, with the aim of highlighting the main trends and open challenges of adopting IoT technologies for the development of sustainable and efficient smart cities. This work first provides a survey on the key technologies proposed in the literature for the implementation of IoT frameworks, and then a review of the main smart city approaches and frameworks, based on classification into eight domains, which extends the traditional six domain classification that is typically adopted in most of the related works

Software in the Manufacturing Industry: A Review of Security Challenges and Implications

Software defines digital infrastructures in the manufacturing industry, connecting services and computation resources to machines and devices. These infrastructures aim at increased flexibility, scalability, and a wider application portfolio for automated manufacturing processes. At the same time, the complexity of securing software increases dramatically. Threats to confidentiality, integrity, and availability of software can result in critical losses for automated industrial production and impact manufacturing companies. In order to map existing and emerging security challenges, we present the results of a hermeneutic literature review structured along abstraction levels and vertical integration of software. Based on this structure, we derive implications for academia and practice focused on operators, developers, and security auditors of digital infrastructures. Thereby, we discuss courses of action mapped to software security black boxes, infrastructure heterogeneity, and the adaptation of security for operational usage

Microservice security: a systematic literature review

International audienceMicroservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus : it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges