State of Geneva: application integration layer modernisation

The Republic and Canton of Geneva is a French-speaking state in the western-most part of Switzerland. The Directorate General for Information Systems, or DGSI, oversees all information systems for the Canton of Geneva. A Governing Board supervises its work and this body is comprised of: the Department for Security and Special Events (DSES); the Department of Administration and Management (DAG); the Centre for Expertise in Information Systems (CESI); and the Technological Observatory (OT). The information system includes 1’700 potential service providers and 100 new integration projects per year.

The Canton wanted to modernise the integration layer of its information system by creating an organisation-wide integration platform. This project had several key objectives. First, it had to ensure the Canton would be able to reduce the cost of future integration projects by using standards and best practices. Second, it had to provide better visibility of the activities performed within this layer through monitoring and process governance. Finally, it had to improve the organisation’s business agility by decoupling systems and solutions, which is common for today’s business standards.

 

Challenges

Migrate a file-based integration layer orchestrated by a simple scheduler.
Enable information sharing between multiple isolated information systems.
Set up a platform with stringent requirements regarding High Availability (HA) and security.
Adapt solution to a complex segregation of duties.

Our solution
Application & Cloud Integration

We put in place an Oracle Fusion Middleware platform based on the Oracle reference architecture, taking account of the organisational and technical constraints of the Canton of Geneva.
The first phase of the project began with workshops to introduce stakeholders to the best practices of Service Oriented Architecture (SOA) and formalised requirements in terms of security and integration with the Canton’s systems. This allowed us to define clearly an architecture for the solution which conformed to the client’s needs and which could evolve: a centralised federated bus. The central bused was charged with security validation and message routing while each business domain received its own dedicated bus. In this way we selected the technical architecture and completed the installation of the necessary platform components in the various environments.
The second phase of the project aimed at validating the solution’s capacity for integration in a real environment. We implemented a series of specific integration flows using the same technologies as our client: secure Web Services, secured JMS Queues, and validation of user permissions for a secured transaction. This phase was completed with targeted training on the bus technology for developers, administrators and architects.
The final phase of the project was given over to developing key “pilot” flows to be used directly in production. One part of this dealt with integrating the Canton’s other key applications: electronic publishing; document control; and Oracle e-Business Suite’s Enterprise Resource Planning (ERP). We completed the project by putting in place generic bus level flows to validate the security model and call level authorisations of users across the various components of the Canton’s systems.

Benefits

HIGHLY SCALABLE PLATFORM

We installed all of the Oracle Fusion Middleware products, including an Oracle Service Bus and the Oracle SOA Suite, in a cluster to provide a high level of availability and fault tolerance. We configured the live migration of components such that, in the case of a server failure, the component would be restarted on the remaining server, thus mitigating the problem of singleton processes. Additionally we configured the JMS queues to be accessible from all of the servers.

VERSATILE INTEGRATION PLATFORM

The architecture of this solution anticipated the need to support a large number of integration patterns. Since the Oracle Service Bus can handle party mediation, routing, transformation and service visualisation, we developed the orchestration needs and business rules using the Oracle SOA Suite, with service management delegated to the Oracle Enterprise Repository. Because these components are rich, we were able to respond to all of our client’s needs for integrating the application.

AUTONOMOUS IT TEAMS

As part of the installation, we trained developers and administrators. We also developed a pilot use case to define best practices and coached teams to improve their ability with the product and allow them to be more autonomous. On completion of the project, the Canton was able to administrate and develop new message flow without our involvement.

SUPPORT OF CUSTOMER SPECIFIC SECURITY MODEL

We configured the Oracle administration console component to support the identity provider of the customer. After several workshops to understand their security constraints, we described security best practices in a document guide where we defined how to use SAML 2.0 or how to support the custom security provider of the Canton.

UNIFIED GOVERNANCE FOR INTEGRATION

Installing the Oracle Enterprise Repository provided us with a great opportunity to document the service. This document is now used for preparing and monitoring service lifecycles from the design phase to development by architects across all environments.

Partners