kuvituskuva autotehdas

Cloud software system solutions from “assembly lines”

A hybrid development approach is carried out at the State Treasury when new software systems services are exported to the cloud. Innovative renewal often requires the courage to try something new and sometimes even take controlled risks. However, innovative renewals get inspiration, for example, from the existing best practices, frameworks, methods, and operating models. The sample solution for clouding the service, the RRP software system, is the Azure cloud service solution that complies with the authority requirements and was created in nine months – like from an assembly line.

Adapted voices of authorities

The RRP cloud service solution is used to monitor and report the implementation of the measures and their milestones financed by the EU Recovery and Resilience Facility (RRF) and the proper use of funds. The condition for the service is that it meets the several authority requirements required of it. So why is it worth structuring the official requirements into a model from which a cloud service solution can be generated? Authority requirements change and become more specific and require rapid changes to information systems verifying compliance.

It is in the interests of the State Treasury and other authorities to ensure compliance. The obstacles concern not primarily technology but different interpretations of the same requirements and different solutions to meet compliance.

The example solution is outwardly like any other application – the magic is in the way of production.

Authorities such as the State Treasury are mandated to issue national regulations and recommendations to ensure the consistency of these interpretations and implemented solutions. At best, these can be models in a structured form, which can be implemented in different ways, but whose data enumerated and queried content and formed structure, as well as processing rules remain the same when derived from the authority documents.

The example solution is outwardly like any other application – the magic is in the way of production. However, in the solution, the voices of the authorities are in a structured form in one file, from which a service solution operating on the Azure cloud platform is generated. The new development method was assisted by “the solver” (i.e., a modelling tool called LeBlanc).

An analogy from the Ford assembly line method

Henry Ford invented the assembly line method in 1914. The method used the assembly line, making car manufacturing faster, cheaper, and of higher quality. Quality comes from minimizing variation caused by various factors. Ford’s idea can also be applied and mirrored in the configuration of a cloud service solution.

In model-based or -driven development, the variability of the code generated from it has been removed. For example, UI forms and routine functionalities (i.e., CRUD) are generated without manual coding. Moreover, both client and server capabilities are generated from the JSON model, the outcome of the LeBlanc modelling tool.

Culture matters – a modelling culture that respects substance experts and an implementing culture that respects engineers

The development work of the RRP cloud service solution that meets the official requirements started in November 2021, when we did the first survey on the suitability of the tool called LeBlanc. The State Treasury took a controlled technology risk when introducing a new modelling tool and was prepared for the growing pains caused by the change in the development culture.

The experiences can be summed up in a few recommendations for others who choose a model-oriented development method:

  • First, model the key basic data and export them to the database generated according to the model. Then, compliance is illustrated with a generated user interface that retrieves and stores information from the generated database. At the same time, substance experts are involved in clarifying the requirements that comply with the authority documents.
  • Emphasize to the engineers that their expertise can be used to solve problems. For example, bulk code can be generated; logical reasoning and technical programming skills typical of engineers are needed to solve problems.
  • Apply the gems of an agile development culture. The development phase, from requirements to model, is a dialogue with substance experts. Agility comes to the fore in that the definitions are illustrated immediately with the help of user interfaces generated from the definitions. Sprint thinking and ceremonies of agile development are suitable for implementing customized things agreed upon together with engineers.
  • Set indicators, monitor, and commit to code quality issues and meeting information security requirements immediately. When the quality indicators of SonarQube or a similar product show a round zero in code quality errors, professional pride grows strikingly. Likewise, when Azure Compliance Manager metrics change from red to green, you can safely communicate to different stakeholders about the information security compliance of the cloud service solution (a long word, but so is the list of information security requirements).
  • Remember further development and maintainability if something could temporarily be faster to code manually instead of model-based production. In the model, data enumerated and queried content, linked structure, and processing rules are specified coherently and are generated into the building blocks to be integrated, which make up the cloud service solution.

Towards FinModDevSecOps

The models made with the LeBlanc tool are used to generate database tables, user interfaces and other building blocks needed for utilizing cloud resources on the Azure cloud platform. The DevSecOps development model has included a Mod prefix (i.e., Model). When cloud resources are used as optimally as possible, the Fin prefix (i.e., Financial) illustrates cost efficiency.

FinModDevSecOps is a way of creating and monitoring cloud solutions in the target state, where the financial verifications can be found on Azure Dashboard, information security compliance on Azure Compliance Manager, and the quality of both generated and customized code on SonarQube reports. And best of all – compliance is in a structured form from which cloud service solutions can be generated.