Dunstan Thomas Consulting Cloud services deployment of Sparx Enterprise Architect for ATOC
Dunstan Thomas Consulting (DTC) worked with ATOC to install and configure Sparx Systems Enterprise Architect to enable them to work in a collaborative environment using a MySQL hosted model repository.
This model repository was located on a server within the ATOC premises and accessed via LAN and ODBC and remotely via a VPN.
During this engagement, Dunstan Thomas Consulting not only worked with ATOC but also ensured that they had gained the skills necessary to perform all repository administration tasks (such as creating new Groups and Users) by themselves.
They made a strategic decision to move all servers to the cloud and dispense with VPN connections for remote working.
ATOC contacted Dunstan Thomas Consulting to work with them to perform a migration of their existing Enterprise Architect infrastructure to the cloud.
ATOC are relative newcomers to Enterprise Architect and have been using the tool to model, primarily, business processes using BPMN 2.0.
ATOC have a number of modelling teams allocated to specific groups and have a number of floating licenses. Dunstan Thomas Consulting worked with them to create a collaborative modelling environment using a shared model repository hosted using MySQL, together with a repository structure and the necessary Groups and Users which were authenticated using Windows Authentication.
The initial modelling infrastructure was as illustrated below:
While this infrastructure was very successful, ATOC made a strategic decision to move all servers to the Cloud, thus allowing access via HTTP or HTTPS protocols from any location. After some trials, they decided upon using Amazon Web Services (AWS) as the cloud hosting platform.
ATOC contacted Dunstan Thomas Consulting to provide consultancy services to:
- Install and configure an AWS hosted MySQL repository suitable for use as an Enterprise Architect repository.
- Install and configure Sparx Cloud services to use HTTPS protocol for connection to this AWS hosted MySQL repository.
- Install and configure secure access to Enterprise Architect floating licenses also hosted on AWS cloud.
- Create a set of Groups and Users for the AWS hosted MySQL repository, ideally using Windows Authentication.
- Migrate the existing model repository from the ATOC hosted MySQL database to the AWS hosted MySQL repository.
This new infrastructure is illustrated below:
In January 2016, Dunstan Thomas Consulting worked with ATOC to perform the installation, configuration and migration of their model repository.
ATOC had already created the necessary server images on AWS for the MySQL database and a Windows Virtual Machine for hosting the Sparx Cloud Services and floating licenses.
The challenges posed by this installation and configuration were:
- Creation of the database structure on MySQL.
- Configuring the Sparx Systems Web Services.
- Creation of a certificate for HTTPS protocol connections.
- Testing the connection.
- Allowing access to the AWS hosted Sparx Systems Web Services via specific TCP ports.
- Providing an alternative to Windows Authentication since the ATOC active directories cannot be migrated to AWS.
- Ensuring access to the AWS hosted floating licenses were protected from unauthorised access.
- Performing the migration of the existing ATOC model repository to the new AWS hosted model repository.
Why ATOC chose to use Enterprise Architect and Dunstan Thomas
“For many years here at ATOC we had been using a number of modelling tools. The office was comprised of a mish-mash of modelling tools raging from Microsoft Visio to Rational System Architect this often resulted in interoperability issues and a lack of standards across the enterprise. As the Lead Data Architect I was given the task of procuring a new modelling tool which was affordable and fit for purpose across the ATOC enterprise. After tediously trawling through a labyrinth of Modelling tools it was decided that Sparx’ Enterprise Architect (EA) was the best tool that would meet ATOC’s needs and after a further careful selection Dunstan Thomas was chosen to carry out the installation and customisation.
DT showed professionalism and very importantly grasped and understood ATOC’s business needs. DT have provided ATOC with both the skills and expertise to productively use and administer EA over the last year. It was therefore a given that when I was asked to move our entire EA infrastructure into the Cloud I selected DT for the job a decision that once again proved to be the right one. The entire EA infrastructure was successfully moved into the Cloud on time and on budget.”
Enterprise Data Architect, ATOC
Creation of the database structure on MySQL
This was a simple matter of executing the SQL script as provided by Sparx Systems. Only a single user (with DBA privileges) needs to be created, since all access to the MySQL database is via the Sparx Systems Cloud Services.
Configuring the Sparx Systems Web Services
The installation of the Sparx Systems web services presented no issues. ATOC decided on using the default settings for the Cloud Services including the use of the default ports for Cloud Services administration, HTTP and HTTPS protocols.
Using the Cloud Services administration tool, DTC created an ODBC connection to the MySQL database.
Creation of a certificate for HTTPS protocol connections
This wasn’t complicated, as a batch file is provided by Sparx Systems for the creation of a Self-signed certificate using OpenSSL. This did require downloading an openssl config file which again presented no issues.
Testing the Connection
In order to test the connection to the AWS hosted MySQL model repository, it was necessary to create a minimal structure. DTC performed this task by using the Model Transfer functionality within Enterprise Architect to transfer a local repository consisting of just a single Model Root to the AWS hosted MySQL model repository. This was achieved without encountering any issues.
Once transferred a connection was made between Enterprise Architect and the AWS hosted MySQL model repository using both HTTP and HTTPS protocols. This worked perfectly.
Allowing access to the AWS hosted Sparx Systems Web Services via specif ic TCP ports
Since access via TCP ports is usually blocked by default by the Windows Firewall, DTC created the necessary inbound and outbound rules to allow traffic through the TCP ports for HTTP and HTTPS access as specified in the Cloud Services configuration file.
Providing an alternative to Windows Authentication since ATOC active directories cannot be migrated to AWS
Authentication on the ATOC hosted MySQL model repository was performed using Windows Authentication and active directory. However, this cannot be migrated to AWS, so another method of authenticating the connection to the AWS hosted MySQL had to be found.
There is only one viable option, namely that each user has their own user id and password. ATOC found this solution perfectly acceptable, and were able to create the necessary groups, users, passwords and permissions using skills learned during the first consultancy engagement with Dunstan Thomas Consulting.
Ensuring access to the AWS hosted f loating licenses were protected from unauthorised access
Initially the solution was to install the Sparx Licence keystore manager on the same Windows Virtual machine as the Sparx Systems cloud services.
This was performed without any issues, and included modifying the Keystore services configuration to request a password for access to the keystore. However upon testing it was discovered that the Enterprise Architect client was not able to connect to the Keystore Service running on the AWS hosted virtual machine.
Several attempts at finding a solution were tried:
- Creating inbound and outbound rules on the Windows firewall to allow access to the port required by the Keystore service.
- Configuring the AWS security group settings to allow access to this port.
- Removing the request for the password to access the keystore.
Unfortunately all attempts at finding a solution failed.
Dunstan Thomas Consulting then discovered that ATOC made use of Microsoft Cloud Based SharePoint functionality, and proposed a solution to host the Sparx Systems floating licences on the Microsoft Cloud Based SharePoint.
This was performed, tested and ATOC were delighted to see that this solution worked perfectly. Furthermore, since only their staff had access to the Microsoft Cloud Based SharePoint location, access to the Enterprise Architect floating licences was provided automatically without the need for a user to supply a password.
Performing the migration of the existing ATOC model repository to the new AWS hosted model repository
As the ATOC model repository is reasonably large, Dunstan Thomas Consulting proposed that only a single section be migrated to the AWS hosted MySQL model repository. This could then be tested and once agreed that all was working successfully, the remainder of the model repository could be transferred.
Initially, Dunstan Thomas Consulting performed this using the Model Transfer functionality within Enterprise Architect, and whilst successful, it took a very long time to complete.
Once transferred successfully, ATOC with the guidance of DTC created a Group, Privileges and Users on the AWS hosted MySQL model repository. Concurrent access to the AWS hosted MySQL model repository was then tested and this test was successful.
ATOC then undertook the transfer of the remaining sections of the model repository to the AWS hosted MySQL model repository themselves, and discovered that a more timely and reliable method of migration was to use export and import via XML files. ATOC then created the remaining Groups and Users.
This was achieved on time prior to the AWS hosted MySQL model repository going live.
“ATOC’s main purpose for moving its EA infrastructure into the Cloud was twofold. Firstly floor space is at a premium and there was a need to decommission one of our primary in-house server rooms and all its contents in order to free up valuable space. And secondly a number of applications and file sharing resources have already been moved into the cloud. This move meant that key EA resources could be accessed directly over the internet and security would be provided by ATOC’s Active Directory and local client security would be provided within Enterprise Architect. Using AWS meant that we could scale our EA database in a more dynamic way.
Users have also found that when using EA across AWS it is much faster and more stable than previously. This ease of use has helped to increase and improve productivity and these improvements have all been realised within weeks of having EA installed within AWS.”
Enterprise Data Architect, ATOC
With Dunstan Thomas Consulting’s help and experience ATOC migrated their existing model repository and floating licences to the cloud, on time and without any major issues.
At a Glance
- ATOC took the strategic decision to move all servers to the cloud and required Dunstan Thomas Consulting to provide help and expertise to enable this to happen.
- The Enterprise Architect model repository was hosted successfully using AWS and MySQL.
- The Enterprise Architect cloud services was hosted successfully using AWS and a virtual machine running Windows server.
- The Enterprise Architect floating licenses could not be hosted on AWS, but were hosted successfully using Microsoft Office 365 and SharePoint.
- The migration of the existing repository was successful, but very time consuming. The most reliable means of migration was using export and import using XML files.
You can download a copy of this case study here.