Nokia is one of the world’s leading communications service providers and is involved in constructing and maintaining communications networks. Furthermore, Nokia is currently strong in research and development of 5G networks. Nokia has 155 years of experience and currently employs approximately 98000 people around the world.
Situation and challenges
The Software Monetization Platform department is responsible for providing various software packages to Nokia customers. The focus is on the highest possible degree of automation of the process from upload to deployment. A JFrog Enterprise+ installation takes over the central administration of the individual software packages. Nokia extends this platform with additional services for better adaptation to the rest of the environment. The task of digatus was to integrate new features into the system through different services and provide advice on technical issues.
The first requirement was to create a possibility to provide the software packages via an SFTP server. The SFTP server should be secured by engaging certificate-based authentication. Customers should receive the current software packages from the SFTP server without having to access an Artifactory instance.
The second requirement was establishing a malware scanning process to scan all software packages for unintentionally introduced viruses or other malware before delivery and to interrupt the delivery process if infections are found.
Another task that digatus took on was establishing new JFrog Enterprise+ environments on Microsoft Azure Cloud, in order to increase the coverage of software deliveries to additional key customers of Nokia, as well as to provide internal build pipeline verification possibilities for multiple development units in Nokia.
“To summarize, all team members have been providing excellent performance and managed to fulfill the expectations defined towards the team. It has been a pleasure to work with the high-performing digatus team, and I look forward to continue the cooperation with them in the upcoming period as well.”
Andor Fauszt – SW Monetization Product Owner, Nokia
The digatus crew was integrated into the existing team by a product owner on the Nokia side. The project was organized according to the SAFe Framework.
When it comes to the first requirement, the following solution has been agreed upon and implemented by the team: the release bundle should be delivered to the SFTP server. After that, a publishing process is initiated, which usually transfers the release bundle to a so-called Artifactory Edge Node. An Artifactory plugin intercepts this request and forwards it to a Golang service on the SFTP server. This service authenticates itself against Artifactory and downloads the required files into a folder shared with the SFTP service. Installing the services in separate containers ensures that in case of a compromised SFTP server, Artifactory cannot be accessed.
A plugin and additional service realized the mal- ware scanning in Artifactory. Every single upload to Artifactory happens in a separate area, which is not accessible by customers. The service downloads the files for scanning and forwards the request to a malware scanner. Based on the scan result, the file is either being quarantined or published. This way, it is ensured that no file can be delivered to the customer without being scanned.
The digatus team also took over the installation of two new JFrog Enterprise+ instances in an Azure environment. Artifactory is executed in a high-availability configuration to ensure increased reliability and fault tolerance.
digatus was able to contribute to increase software delivery coverage to customers and internal verification possibilities, ensuring faster feedback loops, better quality of software deliveries and hence achieving increased customer satisfaction. Through the SFTP service an important customer of Nokia can be served via the SFTP protocol. Furthermore, the malware scanning process ensures the security and integrity of the delivered software.
The implemented improvements as well as the technical advice provided by digatus, enhance the progress on the way to the automated software monetization platform.