SATURN 2020: Full Schedule

8:30am EDT

DevSecOps: Align with the Right Architecture to Deploy Securely

DevOps is a set of software development principles that emphasize collaboration, communication and automation among all stakeholders, including IT operations, testers, developers, customers, and security personnel at the inception of a project. There are a variety of tools to make collaboration between all stakeholders easy. It is also important to make sure that everything that can be automated is automated. When our system architecture and cyber security controls limit what can be automated and deploy on demand, we can’t move at DevOps speed. This has to be considered at the beginning of a project and addressed throughout the DevOps pipeline. This one-day course is designed for managers, architects, developers, security, and operational teams and covers DevOps principles and processes for designing and building a secure development pipeline for project planning, gathering and meeting cyber security requirements, development, testing, and deployment from start to finish. This workshop will expose attendees to reference architectures and uses cases for architectural design principles on continuous integration (CI), continuous delivery/deployment (CD), and continuous authorization (CA) tools and practices, including technical demonstrations and practical scenarios.

Course Outline

Session 1: DevOps Foundations
- Business, Culture, Communication, Architecture
Session 2: Infrastructure in DevOps
- Environments, Tooling, Containers, Pipeline
Session 3: Continuous Process
- Integration, Delivery and Deployment, Monitoring
Session 4: Security in DevOps
- Process, Implementation and Demos
Takeaways

Speakers

Hasan Yasar

Software Engineering Institute

Hasan Yasar is the Technical Director of the Continuous Deployment of Capability group in the SSD Division of the Software Engineering Institute, CMU. Hasan leads an engineering group to Enable, Accelerate and Assure Transformation at the speed of relevance by leveraging, DevSecOps... Read More →

Monday May 11, 2020 8:30am - 4:30pm EDT
Salon 11 Rosen Plaza Hotel

Course

8:30am EDT

Essential Microservice Architecture

Many organizations are adopting microservices, but often their developers are not aware of the tradeoffs involved and the many design strategies available. This course will cover the essential knowledge for successful microservice designs.

In this one-day course we will look at four basic microservice design guidelines and the main strategies we can use to realize each design guideline. These strategies include Event-Driven Architecture (EDA), the Saga pattern, the Service Data Replication pattern and eventual consistency, CQRS, API gateway, serverless architecture, service mesh, asynchronous messaging patterns, and the use of DDD to model services to avoid distributed transactions.

We developed a simple and consistent design notation for the more than 45 design diagrams that convey and exemplify the design guidelines and strategies. But you don't just get to listen and read. Participants will share their experience throughout the course. The class ends with a hands-on design lab, in which attendees evaluate an existing design based on the design guidelines, and create a new design using different patterns and other design strategies.

Speakers

Paulo Merson

Brazilian Federal Court of Accounts (TCU)

Paulo Merson has been programming in the small and programming in the large for over 30 years. Paulo is a software developer at the Brazilian Federal Court of Accounts. He is a Visiting Scientist with the Software Engineering Institute (SEI), a certified instructor for Arcitura, and... Read More →

Monday May 11, 2020 8:30am - 4:30pm EDT
Salon 10 Rosen Plaza Hotel

Course

8:30am EDT

Machine Learning and Software Systems

Artificial Intelligence (AI) refers to the ability of machines to perform tasks that normally require human intelligence; for example, translating a document. Machine Learning (ML) is the science of getting computers to act by learning from data. In this course, you will get an introduction to ML focused on the principles that underly these systems. We’ll end with a discussion of how these ideas impact software engineering for ML systems. Is an ML system a fundamentally different thing? Or is it just another software system? This course will help you answer that question.

Speakers

April Galyardt

Machine Learning Research Scientist, Software Engineering Institute

April Galyardt is a statistician and data scientist specializing in applications of statistical machine learning tools to cognitive science, learning analytics, and educational data mining. Her work at the SEI has included a number of learning-related projects, with a specific focus... Read More →

Monday May 11, 2020 8:30am - 4:30pm EDT
Salon 9 Rosen Plaza Hotel

Course

5:30pm EDT

Welcome Reception and Speed Networking Fun

Want to get acquainted with other SATURN attendees before the conference begins? Want to meet those with the same interests as you? Join us for the first Speed Networking Fun event at SATURN! As part of our Welcome Reception on Monday, May 11, we will be organizing a speed networking event to help attendees get to know one another, exchange information, and generally have fun. Simply show up for the reception, and we’ll do the rest. And don’t worry if this is new to you – we’ll have some starter questions and materials to get everyone started on the right foot!

You are welcome to come to the reception even if you don't want to participate in this activity. Members of the SATURN Technical Committee and staff will be on hand during the reception to answer any questions you may have about the upcoming conference. Complimentary snacks and drinks will also be available.

Monday May 11, 2020 5:30pm - 6:30pm EDT
Mezzanine Balcony Rosen Plaza Hotel

Reception

6:30pm EDT

Software Architecture Boot Camp: Architecture 101

The right architecture can make or break a project, or an entire company. Participants will learn what architects do, why it is important, and some tips on how to talk about architecture with stakeholders. We'll start with some definitions and case study examples of how architecture supports business goals. Then we'll dig into how an architecture's separation of concerns helps us deal with complexity. We'll also look at some rules of thumb for creating good architectures, consider how to incorporate architecture into agile projects, and finish up with a map of architecture-centric processes.

Speakers

John Klein

SATURN 2020 Technical Co-chair, Software Engineering Institute

John Klein is a senior member of the technical staff at the Software Engineering Institute, doing consulting and research in software architecture practices. He came to the SEI from industry, where he was a chief software architect at Avaya. Klein has experience leading architecture... Read More →

Monday May 11, 2020 6:30pm - 8:00pm EDT
Salon 9/10 Rosen Plaza Hotel

Boot Camp

Host Organization Software Engineering Institute

8:30am EDT

Welcome and Opening Remarks

Speakers

John Klein

SATURN 2020 Technical Co-chair, Software Engineering Institute

Humberto Cervantes

SATURN 2020 Technical Co-chair, Universidad Autónoma Metropolitana Iztapalapa

Humberto Cervantes is a professor at Universidad Autónoma Metropolitana Iztapalapa in Mexico City. His primary research interest is software architecture and, more specifically, the development of methods and tools to aid in the design process. He is active in promoting the adoption... Read More →

Tuesday May 12, 2020 8:30am - 9:00am EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

9:00am EDT

Keynote: The Human Dimension of Cloud Computing

The Open Source Foundation for Application Security (OWASP) reports misconfiguration as one of the top 10 most critical web security risks. While various fault tolerance and recovery mechanisms are useful in handling hardware and software failures, they are less effective in handling system administrators' human errors. For example, the March 13th, 2019 Facebook outage affecting millions of users was caused by a server configuration error. In addition to reliability, configuration errors also can lead to security issues. In 2017, a configuration error of Amazon S3 storage exposed the personal information of 200 million users. As cloud infrastructure becomes increasingly more complex with integrated AI and advanced data processing, human errors have become one of the major causes of failures in cloud and Internet systems. In this talk, Yuanyuan Zhou will focus on a few current challenges of the human dimension of cloud computing and management. Due to legacy solutions and other reasons, most of today's data center system management requirements (in particular system configuration) do not follow the primary design principles of human-computer interaction (HCI) – namely simplicity, feedback, and consistency – making cloud management error prone for system admins.

Keynotes

Yuanyuan (YY) Zhou

Professor, University of California, San Diego (UCSD)

YY is a Qualcomm Chair Professor in Mobile Computing at University of California, San Diego (UCSD) since 2009. Her area of expertise includes computer reliability, data center management, and mobile systems. She obtained her MS and Ph.D from Princeton University. She is an ACM Fellow... Read More →

Tuesday May 12, 2020 9:00am - 10:00am EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

10:00am EDT

Mid-morning Break

Tuesday May 12, 2020 10:00am - 10:30am EDT
Mezzanine Foyer Rosen Plaza Hotel

Refreshments

10:30am EDT

Building the Right System to Manage Drone Traffic

Leveraging a history of airspace management innovation, NASA recognized the need to manage disparate drone operations at a scales never before seen. Thus, we invented the UAS Traffic Management (UTM) System. I will describe the evolution of UTM from its white paper phase around 2014 through flight tests this summer with dozens of industry partners in Reno and Corpus Christi. We had to juggle deadlines, budgets, public visibility, and the expectations of multiple stakeholders. All the while trying to build a software-heavy system that a) met stakeholder goals and b) was feasible for operational deployment (two surprisingly different things). Our plan was to roll out UTM based on the operational environments the system needed to manage, starting with low-risk operations and progressing to dense, urban drone traffic. What we ended up with, namely a federated architecture of multiple service suppliers collaboratively managing the airspace, was definitely not what we started with. It also was not something that any of us could have imagined from the outset. Only through building out an MVP, iterating with stakeholders, and testing the system in the field could we have reached our end product. This presentation is the story of that journey from an architectural perspective.

Speakers

Joseph Rios

NASA

Dr. Joseph Rios currently serves as the Chief Engineer for NASA’s UAS Traffic Management (UTM) project. He has been with NASA since 2007 and his work generally focuses on computational and data issues related to the National Airspace System. He has worked on large-scale optimization... Read More →

Tuesday May 12, 2020 10:30am - 11:15am EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

10:30am EDT

Moving from Cloud to On-Prem and Back Again…

When you design a system for the cloud there are certain characteristics that are important. Some of these characteristics are there from day one and some are added because of experiences encountered over time. Managing a live system sometimes leads to architectural decisions that are there to not only protect customers but to also protect the developers that work on these systems. Microservices-based architectures are great when your system is deployed on the cloud for a bunch of reasons. But what happens when you need to move your cloud-based architecture to an on-prem system? Platforms such as OpenShift are making the transition easier, but there are major differences that architects need to consider. The architecture constraint differences alone are enough to give a systems architect the shivers.

In this presentation we will talk about our experiences moving a cloud-based architecture on Kubernetes to an on-prem solution on OpenShift. We will talk about the differences in architecture constraints, quality attributes, and the developer experience. We'll also talk about the challenges we faced and things we didn't get right.

By the end of the presentation, you will have the knowledge necessary to understand the architectural differences between on-prem and cloud-based systems and the effort required to transition from one to the other. You will also have the knowledge necessary to understand how to build the right way for a hybrid cloud world.

By the end of this session you will also be able to understand the following:

• What architectural considerations to think about when moving a product from cloud to on-prem - or vice-versa
• How to think about reusability when designing systems to enable yourself for moving to a different architecture
• How to mitigate risk when designing features, for future use
• Knowing what it takes to do this kind of work
• What the differences are in API design when transitioning to a new platform, and a new user persona focus

Speakers

Naga Katreddi

IBM Watson

Naga Katreddi is Tech Lead for the Watson Discovery Connectivity team at IBM where she works with bringing data from various data sources into Discovery. Naga has worked on integration technologies for more than 10 years. She previously worked for Vivisimo as a SharePoint Integration... Read More →

Will Chaparro

IBM Watson

Will Chaparro is a Development Manager at IBM Watson focused on improving information retrieval for the enterprise. He has managed software development teams for over five years for both on-prem and cloud-based solutions, and prior to that spent 5 years designing and building complex... Read More →

Tuesday May 12, 2020 10:30am - 11:15am EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

10:30am EDT

A Risk-Based Approach for Assuring the Trustworthiness of AI Embedded in Defense Systems

Prompted by the successful application of Artificial Intelligence (AI) and specifically Machine Learning (ML) in the commercial sector, the Department of Defense (DoD) seeks to leverage these technologies in military systems. AI offers the potential to solve a wide variety of DoD problems, increasing levels of autonomy and offering improved human-machine collaboration for our warfighters. However, the trustworthiness we place in such systems to function safely and ethically is a critical concern. The “black box” nature of ML combined with well-known sensitivities to the data sets used to develop (train) ML models raises many legitimate questions related to this trustworthiness question. The recent 2019 update to the National AI Research and Development Plan continues to acknowledge this gap.

We present a risk-based approach that considers the full system context and the full system life cycle, from initial concept through sustainment. While investment in research programs, such as DARPA’s Explainable AI (XAI) and Guaranteeing AI Robustness against Deception (GARD), is critical to achieving our long-term trustworthiness of AI goals, we believe it is also worth looking at the problem from a broader perspective. Our approach acknowledges (and leverages) the fact that AI algorithms are but one part of a complete system, and that decisions made as early as CONOPS and architecture development affect the system-level trustworthiness. Our approach focuses attention on the risks associated with AI algorithms embedded in a system producing incorrect results (e.g., classifications, decisions). To mitigate those risks, we use a collection of techniques applied to the system-level CONOPS and architecture, to validate and verify the AI algorithms and models embedded within the system, and to support a comprehensive test hierarchy supported with an automated DevOps pipeline. Our approach also leverages a collection of advanced techniques to mitigate the most significant AI trustworthiness risks.

Speakers

Rick LaRowe

Raytheon Integrated Defense Systems

Dr. Richard LaRowe is a Principal Engineering Fellow and has been with Raytheon Integrated Defense Systems (IDS) for 17 years. He is currently the IDS Software Engineering Technical Director and leads the IDS strategy and roadmaps for applying Artificial Intelligence and Machine Learning... Read More →

Tuesday May 12, 2020 10:30am - 11:15am EDT
Salon 11/12 Rosen Plaza Hotel

Technical Talk

10:30am EDT

A Pattern Language for Functional Programming in IT Systems

This is a synthesis of my practices over the past few years plus what I've collected from a few books on combining functional programming idioms with business systems.

This review of pattern language will discuss the following:

• Dataflow style programming
• Contracts in the small: Design by Contract
• Building up from: Predicates, definitions, pure functions
• Separate the immutable domain classes from infrastructure
• Separate decision from action
• Overall architecture: the V-model

Speakers

George Fairbanks

Google

George Fairbanks has been teaching software architecture and design since 1998, is the author of the book Just Enough Software Architecture, has a PhD in Software Engineering from Carnegie Mellon University, and is a software engineer at Google.

Tuesday May 12, 2020 10:30am - 12:00pm EDT
Salon 4 Rosen Plaza Hotel

Tutorial

11:15am EDT

Autonomous Multi-Cloud Serverless Deployment and Optimized Management

The dynamic development of Cloud Computing with the introduction of novel Cloud computing models like serverless creates new challenges for Cloud deployment. This presentation describes how to implement Multi-Cloud native strategies using advanced an open source framework that allows for Cloud-agnostic Multi-Cloud deployment and optimized management of the serverless applications based on flexible monitoring, context-aware maximization of the application owner’s utility of the deployed serverless components, and autonomic reconfiguration based on the application’s current execution context.

All stages of the cloud deployment planning and designing process will be shown. Also, the key execution steps will be provided.
The design and architecture details decisions will be presented along with additional sources of information (detailed design is published as paper on Tools50+1 conference). Also, the use case applications will be briefly presented with the benefits of using MELODIC platform.

Speakers

Paweł Skrzypek

Melodic

Paweł Skrzypek is an experienced architect of IT solutions, in particular in the field of processing large data sets and machine learning solutions. In the years 2006-2015 he co-created the architecture of IT systems solutions for the biggest companies in Poland. In the years 2016-2019... Read More →

Tuesday May 12, 2020 11:15am - 12:00pm EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

11:15am EDT

Cyber-Risk Analysis in System-of-Systems (SoS) Environments

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their missions are also increasing. Traditional cybersecurity approaches rely on addressing security risks during the operation and maintenance of software systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible.

Software programs should start managing cybersecurity risk early in the system's software lifecycle (e.g., during the requirements, architecture, and design phases). A complicating factor is that most software-intensive systems are networked and must operate within system-of-systems (SoS) environments. While networking offers many operational efficiencies to a system’s stakeholders, it also expands a system’s cyber-risk profile. Cyber attacks with the potential for mission impact can target any system within an SoS environment, creating complex attack vectors that must be considered during cyber-risk analysis. Software-intensive systems must be designed and architected with the knowledge that they must function as intended in an increasingly contested, challenging, and interconnected cyber environment.

For several years, researchers from the CERT Division of Carnegie Mellon University’s Software Engineering Institute (SEI) have been investigating how to enable mission success in SoS environments. The product of this research is the Security Engineering Risk Analysis (SERA) Method, a scenario-based approach for analyzing complex cybersecurity risks early in the system's lifecycle to support development of mission-critical software systems. The SERA Method incorporates a variety of models that can be analyzed at any point in the lifecycle to (1) identify security threats and vulnerabilities and (2) construct security risk scenarios. An organization can then use those scenarios to focus its limited resources on controlling the most significant security risks.

This presentation will describe the SERA Method and provide real-world examples of applying the method to analyze architectural and design weaknesses in complex weapon systems that operate in SoS environments. Attendees will learn how learn the basics of applying the SERA method to identify potential architectural weaknesses that attackers might be able to exploit.

Speakers

Christopher Alberts

Software Engineering Institute

Christopher Alberts is a Principal Engineer / Senior Cybersecurity Analyst in the CERT® Division at the Software Engineering Institute, where he leads applied research projects in software assurance and cybersecurity. He is currently leading two projects: (1) Security Engineering... Read More →

Tuesday May 12, 2020 11:15am - 12:00pm EDT
Salon 11/12 Rosen Plaza Hotel

Experience Report

11:15am EDT

Testing for Microservices: Best Practices

Implementing test strategy for a microservice architecture is a different challenge than that of testing a monolith. This is especially true of defining test strategy after the architecture is complete. I stepped into a test architect role for a company using microservices and I implemented (and learned!) a lot.

I will cover the following:
• onboarding and learning: questions to ask while learning the system you will design and implement testing for
• finding quick wins to add to test coverage as early as possible
• novel testing types, such as consumer-driven contracts and mutation testing
• determining the best test modalities for the problem at hand
• working with challenges, both cultural and technical
• building the most advantageous partnerships across the organization

Join me to learn my successes and failures, the lessons I’ve taken with me, and the architecture and testing best practices created as a result of this experience.

Speakers

Kate Green

Kate Green has been writing code for over 20 years, but she’s done something with just about every aspect of software engineering in her career. Kate’s secured machines, built database applications, done print and web graphic design, and maintained large applications as a full-stack... Read More →

Tuesday May 12, 2020 11:15am - 12:00pm EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

12:00pm EDT

Lunch

Tuesday May 12, 2020 12:00pm - 1:00pm EDT
Ballroom D Rosen Plaza Hotel

Refreshments

1:00pm EDT

From Batch to Event-Driven Architecture: Modernizing an Insurance Claims System

Event-Driven Architecture (EDA) has quickly become a topic that is on the tip of the tongue of many technology professionals. With the popularization of architectural styles, such as microservices, EDA has emerged as a necessary pattern for loose coupling and increased scalability. Implementing EDA through a large, costly, big-bang approach is not the only way. EDA can be implemented through an iterative approach leveraged to drive implementation, while providing the flexibility to evolve over the life of the program. This presentation will offer a unique take on the experience of implementing changes through an EDA approach—directly from the perspective of someone in the trenches. It will identify how this approach is critical to the success of the overall solution for the multi-year program’s goal to create a new claims management system. This presentation will focus on two specific areas: how to capture events from a legacy system, and how to leverage those events as a pattern of integration for building modern business processes. It will provide an overview of the journey through transforming an aging, database-centric application to an event-based system with the ability to respond to changing business demand. It will also discuss EDA patterns such as publish/subscribe, event notification, and event-carried state transfer, which are key building blocks in defining a new ecosystem.

Speakers

Dylan Nicolini

Architect, Selective Insurance Group, Inc.

Dylan Nicolini has over 15 years of experience in the software industry. He has held various roles in both architecture and IT management. He currently holds the role of Applications Architect at Selective Insurance, Inc., with a primary focus on the modernization of the claims system... Read More →

Tuesday May 12, 2020 1:00pm - 1:45pm EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

1:00pm EDT

Architecture Design for Systems Based on Machine Learning

Most of the time, machine learning (ML) is strongly viewed from a data science perspective. This means, you can find tons of information on algorithms and the treatment of data. However, what it actually means to architect systems, in which ML plays a role, is rather rarely found. Our focus is on the engineering of typically large systems, which are, to some degree, basing their functionality on machine learning. As such systems often serve in production large amounts of users, the fulfillment of quality attributes is critical and needs consideration in architecture design.

In this talk, we systematically decompose in the language of software architects what it means to build a system based on machine learning. We outline an architectural design space and discuss central architecture decisions an architect has to make when designing a system based on ML.

• This includes a perspective on both, the development time, and the runtime.
• We show how a system can be decomposed and how machine learning components look like and behave in the context of an overall system.
• Machine learning is fundamentally depending on data: ; Thus, the data aspect is central in our architectural considerations.
• As neural networks are very widespread nowadays for the realization of ML-based systems, we take a closer look at their architectural implications.
• We include a perspective on the activities around data collection, preparation, model selection and training, and model inference.
• We discuss deployment options for model training and model inference.
• We discuss different types of technologies available for machine learning, from as-a-service APIs over pre-trained models down to pure libraries requiring to construct and to the train the full model.

With this overview, architects will get the big picture of designing ML-based systems and have a much better position to bridge the gaps between data scientists, data engineers, and software developers and architects.

Speakers

Matthias Naab

Fraunhofer Institute for Experimental Software Engineering (IESE)

Matthias Naab is a software architect at the Fraunhofer Institute for Experimental Software Engineering (IESE) in Kaiserslautern and has headed the department for “Architecture-Centric Engineering” for the last 5 years. Now, he is responsible for the division of information systems... Read More →

Tuesday May 12, 2020 1:00pm - 1:45pm EDT
Salon 11/12 Rosen Plaza Hotel

Technical Talk

1:00pm EDT

Software Architecture Boot Camp: Lightweight Architecture Evaluations Using the Fundamentals and Techniques of the ATAM

Architecture is critical for business success. A solid architecture helps prevent defects and system failures. It helps a development effort save money and get quality products to the market faster. Most software-reliant systems are required to be modifiable and reliable. They may also need to be secure, interoperable, and portable. Many organizations are struggling with the results of making poor architectural choices and inadequately managing architectural decisions. How do you know whether your software architecture is suitable or at risk relative to its target system qualities? This Architecture Boot Camp session covers practical and proven architecture analysis and evaluation fundamentals that should be incorporated into any software architecture evaluation process. We will demonstrate these principles that identify risks early in the development lifecycle using fundamentals and techniques from the Architecture Tradeoff Analysis Method (ATAM), a tested process that has been used in many evaluations over the past 15 years.

Speakers

Rod Nord

Software Engineering Institute

Dr. Robert L. Nord is a principal researcher at the Carnegie Mellon University's Software Engineering Institute (SEI). He is engaged in activities focused on managing technical debt, scaling agile development, and effective methods and practices for software architecture. Prior to... Read More →

Tuesday May 12, 2020 1:00pm - 2:30pm EDT
Salon 4 Rosen Plaza Hotel

Boot Camp

1:00pm EDT

Scaling Agile Architecture

In large organizations, architectural design takes place at multiple levels of abstraction and organization. At the lowest decentral level, teams make design decisions based on their local knowledge and business needs, but some decisions have impact that goes beyond the team's local context. They need to take into account 'transversal concerns' at a higher or more central level, e.g., a product family or 'system of systems' level. And more levels may exist above that, such as domain or enterprise levels. Each level has their own concerns and their own architectural design decisions to be made.

Organizing architectural design across multiple levels yields a number of common challenges, such as the following:

• how to divide mandate for design decisions between central and decentral teams
• how to deal with clashes between local and central interests
• how to document designs and rationale at each level in a way that improves exchange of information and understanding of a team's context

In this tutorial, we will discuss these questions and provide answers based on our Risk and Cost Driven Architecture approach. We will show two examples from complex, real- life organizations, and give you guidance how to scale your agile architecture function successfully in your own organization.

Speakers

Eltjo Poort

CGI

Eltjo R. Poort leads the architecture practice at CGI in The Netherlands. In his 30-year career in the software industry, he has fulfilled many engineering and management roles. In the 1990s, he oversaw the implementation of the first SMS text messaging systems in the United States... Read More →

Tuesday May 12, 2020 1:00pm - 2:30pm EDT
Salon 9/10 Rosen Plaza Hotel

Tutorial

1:45pm EDT

Selecting Appropriate Big Data Technologies

MongoDB, Cassandra, DynamoDB, MarkLogic, Couchbase, HBase, Redis, and many more NoSQL data stores; Hadoop and its vast ecosystem, Storm, Spark. These are some of the prominent platforms for big data storage and processing. Each of these platforms has its own unique strengths, architecture, and use cases for which they are a good fit.

In this session, we’ll look at the key architecturally-significant characteristics of some of the leading solutions and their categories, and discuss:

• key concepts
• essential architecture elements
• important characteristics in terms of performance, data volume, scalability, availability, etc.
• use cases where each platform is a good fit
• some prominent usage examples
• current state; the likely future direction

Speakers

Pradyumn Sharma

Pradyumn Sharma has 35 years of experience in IT industry as a programmer, designer, architect, project manager, DBA, tester, business analyst, and now mostly trainer, coach and consultant. He has worked on the architecture, design and implementation of many applications, in various... Read More →

Tuesday May 12, 2020 1:45pm - 2:30pm EDT
Salon 11/12 Rosen Plaza Hotel

Experience Report

1:45pm EDT

Using Mission Threads for Migrating Legacy Applications to Microservices Architecture in a DevSecOps Platform

Application migration is the process of moving an application from the existing operating environment to a new one. Application migration is a complicated process because the new environment can be substantially different from the old one. The important part of this process is moving application data and relevant application logic while delivering the key application capabilities without any sacrifice to their service levels and taking advantages on the capabilities of a new platform. The migration is usually driven by a strong operational need to add features, add scale, or improve performance that would be difficult to achieve in the existing environment. If we are dealing with a legacy application, it is often the case that some of its parts, modules, data or capabilities are no longer useful and should be retired. At the same time, application parts still could be retained and migrated if they are needed to support the application’s functionality and can operate in the new environment.

Despite providing multiple benefits, moving legacy applications to Microservices Architecture (MSA) poses its own set of additional challenges due to the distributed nature of MSA applications. It requires not only re-architecting the legacy applications, which are usually monolithic applications, as a set of loosely coupled service, but also changing and building infrastructure and tools to manage, monitor, and test microservices. Substantial changes also need to be made in the software development process and the organization of development teams to adopt and advance adoption of DevSecOps practices. If the organization doesn’t have these practices in place, it needs to start following them and making organization and process changes on the early stages of migration.
There are two well-known approaches for breaking a monolithic application into modules or microservices:
• by application capabilities
• by application data or bounded context

Both of these approaches have a few challenges. It is possible to identify application capabilities; however, the capabilities might have inter-dependencies and it might be hard to untangle them in a legacy application. Splitting a legacy application by data domains requires conducting a full analysis, if not a full reconstruction, of an application domain model. In that model some of the data components might be outdated or irrelevant. As a result, it might be hard to decide if they need to be transferred to a new platform or not.

In this presentation, we propose a new approach to split monolithic legacy applications to modules or microservices for purposes of migrating to a new platform. We propose using mission threads as a tool for the analysis of an existing application capabilities and defining how these capabilities will be moved to a new platform.

Speakers

Hasan Yasar

Software Engineering Institute

Andrew Kotov

Software Engineering Institute

Tuesday May 12, 2020 1:45pm - 2:30pm EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

2:30pm EDT

Mid-afternoon Break

Tuesday May 12, 2020 2:30pm - 3:00pm EDT
Mezzanine Foyer Rosen Plaza Hotel

Refreshments

3:00pm EDT

Transform a Traditional Java EE Application Server into a Container Native Platform

Containerization of traditional Java EE Application Servers needs a mind-shift of how applications should be developed and how existing domains can be transformed to a managed Kubernetes Docker platform. This session will explain some key aspects around getting your Java application server platform migrated to Kubernetes where everything lives in "Yaml", "Containers", API's and JSON.

The session will also cover everything needed for such a huge transformation with Kubernetes, Helm charts , operators, and several (Cloud) Kubernetes Engines and all that's needed for this transformation. This session will discuss how a major transition was made from traditional applications to a microservices landscape, in this particular case using Helidon with GraalVM.

Bringing this transformation from the design phase to live operational production needs you to take action and think about aspects like Cloud, DevOps, CI/CD, containerization and what that means for your organization in terms of development, lifecycle management, team structures, and ways of working.

The session reviews how to handle the path of this transition, which affects the entire IT organization, from architect to operator, from application to infrastructure, and culture change.

Speakers

Michel Schildmeijer

Qualogy

Having made his start in the pharmacy sector, Michel Schildmeijer transitioned to IT in 1996, working on a UNIX TTY terminal-based system and the MUMPS language. He currently works as a solutions architect at Qualogy, with a focus on middleware, application integration, and service-oriented... Read More →

Tuesday May 12, 2020 3:00pm - 3:45pm EDT
Salon 4 Rosen Plaza Hotel

Experience Report

3:00pm EDT

Enterprise Architecture and Domain Driven Design

As developers, we understand that our purpose is to deliver value to the business, ; what often eludes us is how to understand the business and where we can be of most value. Domain Driven Design (DDD) and Enterprise Architecture are two different attempts at getting to this understanding.

Enterprise Architecture has the possibility to guide the development of our big enterprise software portfolio in the right direction. Connecting the existing IT portfolio to the business functions and using this as a map to guide future development.

Enterprise Architecture (at least the way we employ it) is an exercise in understanding how the business functions are organized (business capabilities), what information the business is working with, and what IT applications are used to support this.

Domain Driven Design employs Strategic Design as a way to analyze the business domain and organize it into different context to provide some guidance on how to organize the software under development.

We have in the last few years seen a kind of resurgence in the use of Domain Driven Design in relations with to how you should design your microservice architectures. There has have been, and still isare, a lot of discussions around the link between the strategic design promoted by DDD, in particular the Bounded Contexts, and Microservices.

The central idea in this talk is to show how the Business Capability model from Enterprise architecture is closely related to the Bounded contexts Contexts of DDD and thus to Microservices.

Speakers

Jørn Ølmheim

Equinor ASA

Jørn Ølmheim is a practicing software professional with strong interest in open source, internet technology, and programming languages.He currently holds a position as Data and Solution Architect in Equinor ASA, focusing on software architecture and systems integration challenges... Read More →

Tuesday May 12, 2020 3:00pm - 3:45pm EDT
Salon 13/14 Rosen Plaza Hotel

Technical Talk

3:00pm EDT

Over-Engineering "To-do List" with CQRS, ES, and Other Acronyms

While there are plenty of introductory articles and tutorials talking about Event Sourcing (ES), Command Query Responsibility Segregation (CQRS), Functions as a Service (“serverless”), message queues and handlers, and various other paradigms and methodologies, it can sometimes be difficult to conceptualize how it all pieces together. This presentation is going to fill in those missing parts by taking the classic “to-do list” application and over-engineer it by imagining additional requirements and complications. As each challenge is presented, we’ll explore the strengths of the paradigm we’re adding, what additional considerations this adds, and what trade-offs we’re accepting.

The classic “to-do list” is a simple CRUD application working with an MVC framework on a web server that persists data to a relational database.

This presentation will help you answer the following questions:

What about historical states?
What about network instability, active user spikes, inconsistent workload?
How do I completely separate the front-end team (HTML/CSS/JS) from the back-end team (API/DB)?
What about documentation of code, business processes, and developer on-boarding?
How do I handle reporting? Live analysis? Metrics?
How do I integrate this application with completely separate systems that use different languages, frameworks, and teams?

Other topics that will be covered include JAMstack, service/event buses, documentation (OpenAPI), testing (unit & integration), and deployment.

Speakers

David Rovani

Senior Solutions Architect, BlueBolt Solutions

David Rovani is a father, husband, mentor, manager, senior technical resource, runner, presenter, tinker, tailor, soldier, spy.

Tuesday May 12, 2020 3:00pm - 3:45pm EDT
Salon 9/10 Rosen Plaza Hotel

Technical Talk

3:00pm EDT

Upskilling the T-Shaped Engineer

Today’s software engineer must not only write code – they also may have to build, test, secure, deploy and operate it as well. As a result, everyone in IT must undergo a personal transformation from a specialist to a T-shaped, multi-domain engineer. Enterprises are quickly recognizing that skills transformation is as important as tool or digital transformation.

Most practitioners can identify their deep competency (the stem of the T). But which broad skills should they be adding to the Top of their T and how do you know?

For the past two years, the DevOps Institute has fielded the Upskilling: Enterprise DevOps Skills Report based on a global community survey. This session will explore the year over year survey results including which process, functional, technical and soft skills are considered “must have”, “nice to have” and not as important. The session will also look at differences in results based on role, region and size of organization.

Invited Speakers

Jayne Groll

CEO, DevOps Institute

Jayne Groll is co-founder and CEO of the DevOps Institute (DOI). Her IT management career spans over 25 years of senior IT management roles across a wide range of industries. Her expertise spans multiple domains including DevOps, Agile, ITIL and Leadership.Jayne is a recognized and... Read More →

Tuesday May 12, 2020 3:00pm - 4:30pm EDT
Salon 11/12 Rosen Plaza Hotel

Invited Speaker

3:45pm EDT

Implementing CQRS/Event Sourcing and Event Driven Architectures in Java with the Axon Framework

CQRS (Command Query Responsibility Segregation) is a design pattern that originates in DDD (Domain-Driven Design) and emphasizes strictly separating reads from updates in the application model. Event Sourcing is a closely related technique that stores state as a series of events as opposed to only keeping track of the latest data. While these concepts are important on their own right, they are especially important for microservices development.

In this heavily demo-driven session we explore CQRS and Event Sourcing in detail using the Axon Java framework. At the end of the session you should have a good idea if CQRS and Event Sourcing are for you and why Axon helps in implementing these concepts.

Attendees get a complete project to kick start their Axon framework discovery and implementation.

Speakers

Vijay Nair

PracticalDDD

Vijay Nair is a DDD and distributed systems enthusiast with around 20 years of experience in architecting, building, and implementing mission critical applications for the financial services industry around the world. He was a Director of Platform Engineering for Oracle's Financial... Read More →

Tuesday May 12, 2020 3:45pm - 4:30pm EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

3:45pm EDT

IoT in Multidisciplinary Engineering for Modern Systems

In India, with Mission Mode Projects like Smart Cities that include 100 cities, Smart Villages that include 300 clusters of villages, and Make In India: Industry 4.0, the smartness of IoT is applied at every level of governance and facility provision to improve the quality of life of citizens. A Modern System is a System of Systems that is based on aspects such as: multidisciplinary; wireless sensor network; data mining; machine-to-machine; geographical information system; spatio-temporal data, and collaborative design. Open challenges at the functional level are the definition of standard operating procedures; design integration; data translation; 24 x 7 monitoring; and security and prediction and prevention rather than operation and maintenance.

Multidisciplinary systems engineering currently has open issues in technical domains such as real time system design, wireless sensor networks, time-sensitive networking protocols, data analytics on streaming data leading to predictive modeling, and data storage and disaster recovery. In this session, we will analyze them taking a number use-cases; (i) intelligent traffic / transport management; (ii) security surveillance; (iii) emergency response / disaster management; (iv) factory automation; and (v) smart agriculture.

Speakers

Urjaswala Vora

C-DAC Mumbai

Urjaswala Vora currently works as an Associate Director in C-DAC Mumbai, which is a premier R&D institution of Ministry of Electronics and IT, Government of India. Urjaswala has 23+ years’ experience in Software Engineering. She is a selected member of Research & Development Planning... Read More →

Tuesday May 12, 2020 3:45pm - 4:30pm EDT
Salon 4 Rosen Plaza Hotel

Experience Report

3:45pm EDT

Software Architecture Conformance to Capability Standards

In this 45-minute technical talk, I will introduce the information technology-process assessment standard (ISO/IEC 15504) and the Automotive SPICE Process Reference Model to the audience. I will discuss how the architecturally significant requirements and quality attributes fit into the reference model and the benefits of conformance for software architects. In addition, I will provide examples of the difference between architecture design, intent, and process compliance.

Speakers

Michael Turner

Visteon Corporation

Michael Turner is a Technical Fellow in Software Architecture at Visteon Corporation in Van Buren Township, Michigan. He has 25+ years of experience in software architecture for real-time systems. Michael graduated with distinction from Purdue University with a BSE in computer engineering... Read More →

Tuesday May 12, 2020 3:45pm - 4:30pm EDT
Salon 13/14 Rosen Plaza Hotel

Technical Talk

4:30pm EDT

Mini-Break so attendees can move between sessions

Tuesday May 12, 2020 4:30pm - 4:45pm EDT
TBA Rosen Plaza Hotel

Attendee Movement

4:45pm EDT

Panel Session: Title to be Determined

Coming soon!

Speakers

Thijmen de Gooijer

Kommuninvest

Thijmen de Gooijer works as IT architect at Kommuninvest in Sweden where he is the technical lead for its digitalization initiative. Previously, he worked to bring modern architecture practice to IT development and operations in the discrete manufacturing industry within the ASSA... Read More →

Kurt Stam

Red Hat

Tuesday May 12, 2020 4:45pm - 5:45pm EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

6:00pm EDT

SATURN Celebration Reception

Join us after the first full conference day to unwind with your fellow attendees on the Rosen Plaza's Upper Pool Deck for a Monte Carlo-themed SATURN Celebration Reception! Enjoy refreshments around the various gaming tables as you catch up with colleagues you already know and meet new ones.

Each guest will receive two drink tickets good for wine, beer, and spirits at the reception. Non-alcoholic beverages are complimentary, and no tickets are needed for these. Once you’ve used your tickets, you may purchase additional alcoholic beverages. Remember to bring your government-issued ID if you plan to enjoy adult beverages at the reception.

Each guest will be issued a voucher good for play at each of the gaming tables. Further details are forthcoming.

In case of inclement weather, the reception will take place inside in the Ballroom C Foyer.

Tuesday May 12, 2020 6:00pm - 8:30pm EDT
Poolside, Upper Deck Rosen Plaza Hotel

Reception

8:30am EDT

Morning Remarks

Speakers

John Klein

SATURN 2020 Technical Co-chair, Software Engineering Institute

Humberto Cervantes

SATURN 2020 Technical Co-chair, Universidad Autónoma Metropolitana Iztapalapa

Wednesday May 13, 2020 8:30am - 9:00am EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

9:00am EDT

Keynote: Your Data Nerd Friends Need You!

To paraphrase an old saying: “It takes a village to get insights from data.” Today data analysts, data scientists, and data engineers are hard at work delivering insights. These groups have a lot of data, a lot of tools, and a lot of talented people. So why are the majority of projects failing? They are failing by functioning in ways similar to how software teams operated ten years ago. Data and analytic team leaders need to innovate, yet struggle to keep up with customer requests and not let embarrassing data errors slip into production. The answer is to take ideas from Agile, DevOps, and Deming and apply them to the complex world of data analytics.

As Gene Kim wrote: “So much of the genesis of the DevOps movement was to address the huge problems of getting code into production. These days, there is an orthogonal problem of getting data from where it resides (often trapped in data warehouses) to where it can be used by teams to help their organizations win in the marketplace. I’m hoping that this book [The Phoenix Project] conclusively demonstrates to all that data is ultimately a software effort and can be massively helped by DevOps principles and patterns.”

In this presentation you’ll learn why the booming world of AI, data analytics, science, and insights is failing and how principles from Agile, DevOps, and Lean Manufacturing are the way forward.

Keynotes

Chris Bergh

Head Chef, CEO, and Founder, DataKitchen

Christopher Bergh is the CEO and Head Chef at DataKitchen. Chris has more than 25 years of research, software engineering, data analytics, and executive management experience. At various points in his career, he has been a COO, CTO, VP, and Director of Engineering. Chris has an M.S... Read More →

Wednesday May 13, 2020 9:00am - 10:00am EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

10:00am EDT

Mid-morning Break

Wednesday May 13, 2020 10:00am - 10:30am EDT
Mezzanine Foyer Rosen Plaza Hotel

Refreshments

10:30am EDT

DevOps’ Missing Link: Data

Industry and government alike have started to implement automated delivery pipelines only to have continued challenges with quality, validation, verification, and performance. A root cause is lack of requisite data provided to design, engineering, and delivery teams. Organizations need a deliberate strategy, process, and tool suite for the creation and management of SDLC support data.

DevOps and modern software delivery have a direct dependency on vigorous data profiling and subsequent synthetic data generation, self-service dataset reservation/refresh, as well as exposure to data integrations, often via an API. The move to data-centric and API-led architectures mandate clear understanding and access to datasets. Further, use of techniques like Service Virtualization to mock target data signatures and APIs needs to have appropriate process and "just enough" governance to deconflict data ownership across data stewards.

Historic approaches such as masking production data provides only a roughly equivalent volume of data and fails to provide the boarder cases needed for dependable development and testing.

Industry is just beginning to address through creation of new roles in the enterprise, such as a chief data officer, DataOps engineers, and data governance automation engineers, to provide holistic understanding of data and provide the necessary governance and rapid exposure of data sets across the full SDLC.

Attendees will engage to discuss current challenges and think through areas industry must address for test data under this very large DevOps/ continuous engineering umbrella.

• Identify types of data needed across the SDLC, likely by solution-type (architectural profile).
• Share lessons from implementation of SLDC data enablement (people, processes, and supporting technology).
• Explore data profiling, synthetic generation, and overall test data management (TDM).
• Explore governance challenges with data sets and the role of data in the DevOps/DevSecOps pipelines.
• Discuss evolving data-centric roles in government and the impact.
• Deliberate role of service virtualization and the nuances to adoption.

Participants will walk away understanding the need for data management and generation as well as techniques and tools used by my teams in the federal and state government domain. They will be armed with challenge areas including both technical as well as some in inherent people/cultural implications.

Speakers

Tracy Bannon

Tracy Bannon is a passionate architect with over 25 years' experience; she spends her time solving the government sponsor's biggest and most strategic challenges. As a Senior Principal and DevOps Strategic Advisor, she works across state, US federal, and international government clients... Read More →

Wednesday May 13, 2020 10:30am - 11:15am EDT
Salon 11/12 Rosen Plaza Hotel

Experience Report

10:30am EDT

Let’s Kill the Microservices Hype!

Are you about as fed up as I am with all the hype surrounding microservices? Are you tired of being told how your “two pizza team” is supposed to build a “microservice” over a “bounded context” using “ubiquitous language”? Who even talks like that?

I say we come together, expose some of the hype and dogma surrounding microservices, and lay waste to all this craziness.

You don’t have to go all in to use containers. You’re not going to get arrested by the “12 Factor Police” if you don’t include a connection string in an environment variable. You aren’t Netflix, and you shouldn’t act like Netflix.

This talk is not only fun, but by the end you’ll feel encouraged, justified, and ready to use technology to YOUR advantage. Let’s get ready to rant.

Invited Speakers

Don Schenck

Digital Evangelist, Red Hat

A developer who has seen it all, Don is a former Microsoft MVP, author of “Transitioning to .NET Core on Linux” by O’Reilly Media, and currently a Digital Evangelist at Red Hat with a focus on Microservices and Serverless computing. Prior to Red Hat, Don was a Developer Advocate... Read More →

Wednesday May 13, 2020 10:30am - 12:00pm EDT
Salon 13/14 Rosen Plaza Hotel

Invited Speaker

10:30am EDT

Why "They" Just Don't Listen

Architects must have solid technical skills but also be able to communicate fluently to execute their vision. While riding the architect elevator from the boardroom to the engine room you meet many different people and cultures. Who is listening? Are you even listening? We will give you tools and opportunity to practice in a hands-on tutorial focused on soft skills. We are a multinational team of practitioners combining decades of experience of how architects interact with humans, not just machines. We will host an interactive session to improve your conversations with colleagues, stakeholders, management, and even your family!

Speakers

Thijmen de Gooijer

Kommuninvest

Matthias Kittner

ESI Group

Matthias Kittner works at ESI Group, a global provider of virtual prototyping solutions where he is Head of Software Architecture and DevOps. In his role, he connects with teams across the globe helping them to create state-of-the-art software architecture and establish development... Read More →

Bryan Osterkamp

Bryan Osterkamp is a Technical Architect Principal at USAA. He owns the testing domain, with responsibility over testing infrastructure and automation tooling across all lines of business and technology stacks (6,000+ developers and testers). He provides technical oversight and guidance... Read More →

Wednesday May 13, 2020 10:30am - 12:00pm EDT
Salon 9/10 Rosen Plaza Hotel

Tutorial

11:15am EDT

"DevOps to the Metal" for Computed Tomography Systems

With the growing complexity of Computed Tomography Systems, big-bang integrations become an incalculable business risk, and with more than 100 developers world-wide DevOps caters to the need for risk reduction, shorter time-to-recovery, and faster time-to-market.

This talk presents a summary of our journey towards applying DevOps methods within medical device development. We defined our DevOps goal to mean deploying an in-house installation equivalent to a customer site. Our starting point was to enable continuous deployment and fully automate the chain from code-change to full system installation.

The software structure/architecture and the development processes and tools are subsequent improvement areas. We were missing efficient support for small change sets and the evolution into a monolith prevent us using small binary-artifact based components for integration. We describe the reasons and impact, and present first results from improvements.

Further we lay out the challenges regarding the necessary cultural change, which has additional aspects within system development compared to software-only development. We explain not only the success, but also the setbacks that we encountered.

The talks closes with an outlook on concrete next steps but will also shed some light on visionary aspects like "continuous compliance" to help enable direct deployment to customer sites.

Speakers

Christopher Drexler

Siemens Healthineers

Christopher Drexler is Principal Key Expert for Software Ecosystems and certified Senior Software Architect with 16 years of experience as a software architect within Siemens in the Healthcare and Industry sectors. For two years, Chris has been working as a Continuous Integration... Read More →

Wednesday May 13, 2020 11:15am - 12:00pm EDT
Salon 11/12 Rosen Plaza Hotel

Experience Report

12:00pm EDT

Lunch

Wednesday May 13, 2020 12:00pm - 1:00pm EDT
Ballroom D Rosen Plaza Hotel

Refreshments

1:00pm EDT

The Journey from Research to Production

Leveraging research teams well is a trait not all organizations can say they have. These research teams can potentially represent the spear of innovation in your organization, and finding ways for them to help the software engineering teams is important. However, if you have ever had the chance to work with a research team you know that there are difficulties in taking their code and assets to production.

In this presentation we will focus on how we work with IBM AI research teams in order to transition their code artifacts to production. We will take a look at the architectural complexities of taking this code to a cloud system and a private cloud system. We then look at the important quality attributes that enable the transition from research code to hardened battle ready code. We will also talk about the social aspects of the work involved with this code. Finally, we will cover the challenges with this transition and problems we have encountered in the past.

By the end of this session you will be able to understand the following:

- How to work with research teams to bring assets into production architecture
- What expectations to set with research teams so that misunderstanding is minimal
- How to understand research metrics and discuss trade offs with the research team in deciding which models to implement.
- How to comprehend different perspectives / mindsets so that mutual understanding is easier to achieve

Speakers

Will Chaparro

IBM Watson

Yi-Shiuan Tung

IBM Watson

Yi-Shiuan Tung is a Cognitive Software Engineer at IBM Watson working on both on-prem and cloud-based solutions for enterprise information retrieval. Prior to IBM, he worked as a software engineer building AI-assisted sales and marketing software. Yi-Shiuan has a B.S and MEng. in... Read More →

Wednesday May 13, 2020 1:00pm - 1:45pm EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

1:00pm EDT

Microservices: Scaling Down at the Edge

This talk will cover several topics relevant to mobile computing in disadvantaged environments, including disaster areas and the tactical edge. The focus will be on using a microservice-based architecture to best provide capability to users in these environments. We will start by exploring the specific challenges that disadvantaged environments pose to effective computing, which include network, computational, and power limitations.

Next, we will discuss the architectural approaches that address these challenges. We will start by suggesting what we consider to be the most important quality attributes that a software solution should support in order to best provide capability to the user, given the environmental limitations. This may include (but is not limited to) attributes such as Survivability, Resiliency, Scalability, Adaptability, Security, and Performance.

Finally, we will examine how a microservices approach can support the desired architectural quality attributes, drawing on our experience with various projects in this domain. Several approaches, technologies, and hardware platforms will be examined as exemplars, including a variety of microservice management and orchestration approaches.

Speakers

Marc Novakouski

Software Engineering Institute

Marc Novakouski is a Senior Engineer at the Software Engineering Institute at Carnegie Mellon University. Novakouski has over 18 years of professional software development experience, spanning defense, commercial, and academic fields. He has expertise across a wide set of technical... Read More →

Wednesday May 13, 2020 1:00pm - 1:45pm EDT
Salon 13/14 Rosen Plaza Hotel

Technical Talk

1:00pm EDT

What Could Go Wrong? A Threat-Modeling Crash Course

During this workshop we will give a crash course in threat modeling. Threat modeling is a structured activity for identifying and evaluating application threats and design flaws. You use the identified flaws to adapt your design, and scope your security testing. Threat modeling allows you to consider, identify, and discuss the security implications of user stories in a structured fashion, and in the context of their planned operational environment.

This threat modeling workshop will teach you to perform threat modeling through a series of exercises, where our trainer will guide you through the different stages of a practical threat model based on an Amazon Web Services (AWS) and microservices migration from a classical web application. At the end of the workshop we will create a complete threat model of a CI/CD pipeline.

This workshop is meant for security champions, application architects, developers and security people. Basic understanding of software development, microservice architecture and cloud platforms (AWS) is recommended. No previous threat model knowledge is needed.

As a software architect you improve the overall security posture of a system you are designing with threat modeling:
-Threat modeling and architecture both use models of systems and involves analyzing (security) properties of those models.
-Threat modeling also leads to an understanding of architectural choices with security implications, gives structure to a set of security challenges, and enables you to change the architecture in a way that reduces these problems at a manageable cost.

This workshop is 50% hands-on, we will challenge the attendees to go through different exercises, built upon a fictional Acme Hotel Booking (AHB) system:
-diagram the AHB applications, sharing the same REST backend (15 minutes)
-threat identification, migrating the AHB applications to AWS. (15 minutes)
-AHB threat mitigation of microservices and S3 buckets (15 minutes)
-threats and mitigations for the AHB CI/CD pipeline (10 minutes)

Speakers

Seba Deleersnyder

Toreon

Seba is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board, and performed several public presentations on Application Security. Seba also co-organized the yearly... Read More →

Wednesday May 13, 2020 1:00pm - 2:30pm EDT
Salon 11/12 Rosen Plaza Hotel

Tutorial

1:45pm EDT

The House of Architects Debate

We will debate the past, present, and future of the world of architecture. This session is an open space in which everyone can respond to statements. We will prepare statements, but feel free to talk to us before the session and contribute statements to the debate. Do you feel something is wrong with the current architecture world? Was it better in the past, or are we headed for an exciting future? Cast your vote for or against our statements, and let the debate begin!

Speakers

Thijmen de Gooijer

Kommuninvest

Michael Keeling

LendingHome

Michael Keeling is a software engineer at LendingHome and the author of [Design It!: From Programmer to Software Architect](http://amzn.to/2ipIpme). Prior to LendingHome, he worked at IBM on the Watson Discovery Service. Keeling has a Masters in Software Engineering from Carnegie... Read More →

Wednesday May 13, 2020 1:45pm - 2:30pm EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

1:45pm EDT

Architecting Microservices-Based Web Applications With Java, Jakarta, and Angular

This session introduces the concepts of building microservices, problems associated with building such applications and some solutions. We also discuss an example of a complete end-to-end web applications using Java and Jakarta as a backend, Angular as frontend, and with NoSql or SQL as data store (aka JAQ Stack). We will also discuss the concept building web applications using tech stacks instead of frameworks.

The theme of the presentation is divided into 4 sections as listed below:

1. What - Overview of microservices architectures
2. Why/Problems - Architecture of a web application
3. How/Solutions
- How to use existing technologies as stacks instead of new frameworks to build web applications
- Code demo of an example implementation using Java, Jakarta, Angular, and MongoDB (aka JAQ Stack)
- Overview of how to manage DevOps
4. Next steps

As the development of modern web applications is becoming more sophisticated and challenging, developers often have trouble identifying the core platform and building on top of it. While using Java as the primary technology to render a web application, extending/integrating it with some of the latest JavaScript technologies is a big hassle. And there are more trends with teams and enterprises using more of JavaScript frameworks, especially Angular to build the UI and UX of web applications.

Coming from a Java developer’s perspective, bringing in an application, for example built with Angular, into a Java based web application and deploying it together is a very time-consuming process and there are no standard procedures or technologies that enable them to do it. A quick example of this are applications built on Java-based CMSs (like Adobe Experience Manager); the web applications need to be deployed as a single jar package with the UI embedded into the jar.

JAQ Stack fills in this gap and simplifies the process for developers to build a complete web application using Angular as frontend, Java as backend, and with capability to connect to any database. All of this without the need to learn any new technology or a framework. Applications with JAQ Stack can be built as (A) Monoliths - where the application stack comes with pre-built maven profiles and examples projects that enable developers to bring in an Angular application into a Java EE based web application to build a single deployable War/Jar file. This helps DevOps to manage the entire application as one deployment, as in most standard monoliths; and (B) MicroServices - where the application can be built as microservices with the frontend and backend deployed as separate entities and communicating with each other using standard RESTful architectures.

Speakers

Suren Konathala

Director of Engineering, Hero Digital

Suren Konathala is a passionate, technology specialist on a mission to simplify technology adoption for organizations. He is a developer, architect, consultant, manager and loves to write and talk about technology.He worked at Adobe as a Technical Architect and now works as the Director... Read More →

Wednesday May 13, 2020 1:45pm - 2:30pm EDT
Salon 13/14 Rosen Plaza Hotel

Technical Talk

2:30pm EDT

Mid-afternoon Break

Wednesday May 13, 2020 2:30pm - 3:00pm EDT
Mezzanine Foyer Rosen Plaza Hotel

Refreshments

3:00pm EDT

A Modern-Day Greek Tragedy: A Schedule, Requirements, and an Architecture

We have all experienced schedule pressures while developing our products. Many of us have had to deal with last minute requirement changes. In the defense industry, after the product is finished being developed and sold off, a separate group of people have to maintain the product. Very rarely do the Systems Engineers and Architects that designed the system actually see the results of the decisions that have been made. During this talk, I will share my experiences of supporting a product as it was designed, sold off, and placed into an operational setting, and the results of specific decisions that were made based on schedule pressures and last minute requirements changes on the initial architecture of the product.

Speakers

Paul Newell

Raytheon

Paul Newell’s career in the software industry started over 15 years ago as an Engineering Duty Office in the U.S. Navy managing the development of software applications for use on Navy networks. Since leaving Active Duty, Paul has been in Integration and Test positions eventually... Read More →

Wednesday May 13, 2020 3:00pm - 3:45pm EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

3:00pm EDT

Applying Zero-Trust Security to Software Architecture

First conceived by John Kindervag in 2010, zero-trust security is a network architecture that verifies both identity and devices before they can access another system. Traditionally, users or devices would connect first, then get vetted—zero-trust flips that around.

Zero-trust security principals are now being adopted as a requirement by a growing number of organizations due to an increase in security breaches. As such, software architects should familiarize themselves with zero-trust and, where appropriate, start applying it. While the zero-trust concepts have been around for a decade, just recently techniques emerged to make a zero-trust approach practical for all organizations.

When applied correctly, zero-trust permits a strong security posture to be attained without a negative impact on ilities, as is often the case when securing systems. This presentation covers the history, benefits, and details about where to apply these principles. The speaker will also introduce a few options for building in zero-trust while presenting a high-level architecture of a system developed with his leadership. As part of this, we will discuss examples of how ilities were positively impacted—such as agility improvements from better being able to leverage infrastructure-as-code when deploying throughout the release pipeline.

Speakers

Russ Miller

OPSWAT

Russ Miller has more than 25 years of software development/architecture experience, much of it leading the creation of software products and services for IT best practices. After completing a Master's degree in Computer Science at Northern Illinois University, Russ began his career... Read More →

Wednesday May 13, 2020 3:00pm - 3:45pm EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

3:00pm EDT

Automated Architecture Analysis Based on Software Development Data

In this tutorial we first demonstrate how to fully automate architecture analyses using data collected from software development processes. These analyses are supported by the DV8 tool suites: measuring and tracking architecture maintainability, pinpointing architecture anti-patterns, quantifying architecture debts, and analyzing the potential return on investment (ROI) of refactoring. We will present several case studies showing how these analyses have worked in practice, and provide hands-on training guiding the audience through the process step by step, from collecting project data, generating analysis results, interpreting architecture health reports, understanding anti-patterns, ROI data and debts, and finally making informed refactoring decisions.

If a project recognizes the need to monitor its architecture health, then this analysis must be integrated into its development process. We will also demonstrate how DV8 can be integrated into CI process and SonarQube, so that they can be executed at any time: following a commit, a sprint, on a nightly build, or on demand. Project data is crucial: (1) it is objective and the ground truth of a system, and (2) it reflects the quality of the development process. We will also demonstrate how to assess process data quality in this tutorial.

Speakers

Yuanfang Cai

Drexel University

Prof. Yuanfang Cai is a tenured Professor at Drexel University, and serves as the Associate Department Head of Graduate Affairs. In 2006, she received her Ph.D. in Computer Science from the University of Virginia. She has published more than 80 academic papers on software design... Read More →

Humberto Cervantes

SATURN 2020 Technical Co-chair, Universidad Autónoma Metropolitana Iztapalapa

Rick Kazman

University of Hawaii and Software Engineering Institute

Rick Kazman is a Professor at the University of Hawaii and a Visiting Researcher at the Software Engineering Institute of Carnegie Mellon University. His primary research interests are software architecture, design and analysis tools, software visualization, and software engineering... Read More →

Wednesday May 13, 2020 3:00pm - 4:30pm EDT
Salon 11/12 Rosen Plaza Hotel

Tutorial

3:45pm EDT

Architecture Patterns for the Digital Enterprise: Patterns and Practices

Coming soon!

Speakers

Majdi Haroun

Majdi Haroun is an experienced Enterprise Technology Consultant with 20+ years’ experience in developing and implementing IT strategy, enterprise architecture, digital product architecture and strategy, business partnerships, and service delivery in the government, media and news... Read More →

Wednesday May 13, 2020 3:45pm - 4:30pm EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

3:45pm EDT

Philosophies and Practices for Global Agile Software Development

Conway's Law, “Organizations which design systems … are constrained to produce designs which are copies of the communication structures of these organizations," suggests that in order to develop a product globally while maintaining a coherent software architecture, the development model itself must be cohesive. As an agile development project grows and is distributed over different places and timezones, however, communication overhead tends to increase (Metcalfe’s law). If its communication systems are not carefully designed, friction and miscommunication can cripple it to the point of being less effective than a single team working alone. Well-synchronized distributed development can derive benefits such as working hour continuity, diverse skill sets, and varied perspectives. On the other hand, with significantly differing timezones, architectural decisions often need to be made without being able to include all stakeholders or even core developers, and often without including those most experienced with a particular subsystem or component. In a global agile development model, centralization of an architect role is not effective and so that role must be distributed as well. This poses challenges in how to make significant architectural decisions, how to consistently communicate the tradeoffs considered for those decisions, and how to ensure that a common vision is maintained-especially when there are language barriers.

In this talk, we will begin with the perspective we have developed on how to address the issues identified above. We will use our working global development model at IBM Watson, spanning seven sites throughout both hemispheres, to both illustrate this perspective and identify a specific set of practices we adopted for distributed architectural modeling and decision making that can serve as a minimum for product development and architecture design to stay on-track and cohesive. We will further discuss mechanisms for establishing and maintaining shared understanding of the project’s goals and execution, managing expectations to eliminate friction during asynchronous collaboration, and preventing communication overhead from being so expensive as to prevent the benefits of global development. In particular, we feel that the philosophy underlying our approach to the latter is essential to our model; we will introduce our format for declarative, decentralized, and effective communication and decision making, along with a history of how it and its philosophy were arrived at. After this talk, you will be equipped to form effective, collaborative development models over teams distributed globally, over any number of timezones, using a cohesive communication systems design philosophy.

Speakers

Hiroaki Kikuchi

Hiroaki Kikuchi is a software designer, architect, and developer in the cognitive information retrieval tech domain. He has been working on inventing and productizing cutting-edge insight retrieval technologies on unstructured data, leveraging emerging technologies and modern open... Read More →

Anastas Stoyanovsky

IBM Watson

Anastas Stoyanovsky is a senior software engineer and engineer lead at the IBM Watson Pittsburgh lab. He holds an MSc in pure mathematics from Purdue University and a BSc in mathematics, computer science, and neuroscience from the University of Pittsburgh.

Wednesday May 13, 2020 3:45pm - 4:30pm EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

4:30pm EDT

Mini-Break so attendees can move between sessions

Wednesday May 13, 2020 4:30pm - 4:45pm EDT
Rosen Plaza Hotel 9700 International Drive, Orlando, Florida 32819

Attendee Movement

4:45pm EDT

End-of-Day Plenary and Kahoot!

Play Kahoot after a discussion of the day's events!

Join Paulo's kahoot and answer questions about software architecture on your device. Participants will need to open a browser, go to kahoot.it, enter the PIN number that will be shown on the screen, and enter their name/alias. Prizes (and bragging rights!) will be rewarded for 1st, 2nd, and 3rd place. Game on!

Speakers

Paulo Merson

Brazilian Federal Court of Accounts (TCU)

Wednesday May 13, 2020 4:45pm - 5:15pm EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

9:00am EDT

Morning Remarks

Speakers

John Klein

SATURN 2020 Technical Co-chair, Software Engineering Institute

Humberto Cervantes

SATURN 2020 Technical Co-chair, Universidad Autónoma Metropolitana Iztapalapa

Thursday May 14, 2020 9:00am - 9:30am EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

9:30am EDT

Linda Northrop Software Architecture Award Speaker

Thursday May 14, 2020 9:30am - 10:00am EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

10:00am EDT

Mid-morning Break

Thursday May 14, 2020 10:00am - 10:30am EDT
Mezzanine Foyer Rosen Plaza Hotel

Refreshments

10:30am EDT

How Equinor Set the Standard for the Oil Industry

Equinor has been an active participant and believer in the open source space with many open source projects, one even included in the Debian Linux distribution. But we are going further: Our strategy is that all source code we develop shall be open unless there is a clear reason to keep it closed.

I will explain how a large company like Equinor can do this, and why we think it is so important, how other actors in our industry, especially in the United States, seem reluctant to follow, and how we think open source will shape our industry going forward.

I will talk about what open source software is, what it isn't, why we think it is important, and why other large enterprise organizations should open up and contribute to the open source ecosystem.

Speakers

Jørn Ølmheim

Equinor ASA

Thursday May 14, 2020 10:30am - 11:00am EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

10:30am EDT

Monolith or Microservices: That is the Question

Microservices set high standards for architecture and infrastructure: asynchronous message-based applications that are automatically deployed, containerized, scaled, and managed. This session focuses on microservices architecture, microservices design patterns, anti-patterns and some strategies to convert a monolith to microservices. The talk provides answers to the following questions: What are the differences that people might not be familiar with between a monolith and microservices? What do most people or businesses get wrong about microservices? What kind of tools do you use when managing microservices? And finally, what are the drawbacks of implementing microservices and how to deal with them? After this talk, you will have learned the full spectrum of deploying a microservices architecture.

Speakers

Peter Eijgermans

CodeSmith, Ordina Netherlands

Peter Eijgermans is an adventurous and passionate CodeSmith at Ordina Netherlands. He likes to travel around the world with his bike and is always seeking for the unexpected and unknown.For his job he tries out the latest techniques and frameworks. He loves to share his experience... Read More →

Thursday May 14, 2020 10:30am - 11:15am EDT
Salon 11/12 Rosen Plaza Hotel

Experience Report

10:30am EDT

Collapsing the Uncertainty in Quantum Software Engineering

Quantum Computing promises to be a disruptive technology in the coming years. What is a Quantum Computer(QC)? Will their disruption overshadow their benefits? What is Quantum advantage and can it be realized? Will it play nicely with current technology stacks? We will attempt to answer these questions and more while exploring what a quantum computer is and how to program one.

Invited Speakers

Daniel Justice

Software Developer, Software Engineering Institute

Thursday May 14, 2020 10:30am - 12:00pm EDT
Salon 9/10 Rosen Plaza Hotel

Invited Speaker

11:00am EDT

Software Product Lines for Immersive Training

Augmented and virtual reality devices have become widely used for training across many industries, especially in training the execution and observation of step-by-step processes. However, the development of such applications can be a costly undertaking when starting from scratch. Common pitfalls can be avoided, and common assets can be leveraged when building off of a foundation instead.

This presentation will detail my team’s vision to architect and implement a generalized, customizable framework that leverages the software product line concept. This framework will support rapid development of training applications for various immersive devices and will address common quality attributes at the foundation level, to be used by many teams across and potentially beyond Sandia National Laboratories.

*Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and Engineering Solutions of Sandia, LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA0003525. SAND2020-0760 A*

Speakers

April Suknot

Sandia National Laboratories

April Suknot is a Senior Research and Development Computer Scientist at Sandia National Laboratories. Mrs. Suknot has experience in software and enterprise architecture, serious game development, artificial intelligence, and computer graphics. She is currently leading a team in designing... Read More →

Thursday May 14, 2020 11:00am - 11:30am EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

11:15am EDT

Lean Platform Architecture

Applications composed of microservices increase agility, as well as, embrace elasticity. Loosely coupled through language-agnostic APIs, microservices can be built on the runtime best suited to the workload. However, this flexibility increases complexity. Platforms reduce this complexity by providing a composable management backplane and common domain services. This session will introduce a lean platform design approach to rapidly deliver microservice platforms while mitigating bloat and application development bottleneck risks.

Speakers

John Burwell

Deloitte Consulting

John Burwell is an application architect at Deloitte Consulting specializing in distributed systems, cloud-native architecture, and cloud engineering. He is an SEI Software Architecture Professional with 20+ years’ experience designing and building systems in the government, IoT... Read More →

Thursday May 14, 2020 11:15am - 12:00pm EDT
Salon 11/12 Rosen Plaza Hotel

Technical Talk

11:30am EDT

Leading Change As An Architect

Traditionally, architects decide on the architecture and conformance of solutions to enterprise architecture. Projects often start with a comprehensive architecture document, but a transparent evaluation of the value to the customer is rarely done. This dynamic has shifted in the digital era. Most organizations now apply agile approaches in translating user requirements into working software.

The focus in agile teams is often on the frequent delivery of working software to enable the business to adapt quickly to changes in its environment. Although this is a principle of agile, it could also create architectural deficiencies and increased technical debt.

In this talk, I will present the challenges of architecting in an agile environment, showing the role of the architect as an agilist, futurist, and catalyst. I will also provide practical approaches that can be applied immediately to your agile environment.

Speakers

Kaine Ugwu

MTN Group

Kaine Ugwu is a versatile and hands-on enterprise architect, agilist, futurist, and an internationally recognized speaker, author, and advocate for agile and DevOps practices and IT architecture standards. Kaine has presented talks at The Open Group and Software Engineering Institute's... Read More →

Thursday May 14, 2020 11:30am - 12:00pm EDT
Salon 13/14 Rosen Plaza Hotel

Experience Report

12:00pm EDT

Lunch

Thursday May 14, 2020 12:00pm - 1:00pm EDT
Ballroom D Rosen Plaza Hotel

Refreshments

1:00pm EDT

Slide Roulette!

Thursday May 14, 2020 1:00pm - 1:30pm EDT
Ballroom C Rosen Plaza Hotel

Plenary Session

1:30pm EDT

Mini-Break so attendees can move between sessions

Thursday May 14, 2020 1:30pm - 1:45pm EDT
Rosen Plaza Hotel 9700 International Drive, Orlando, Florida 32819

Attendee Movement

1:45pm EDT

Design Decision Stories

More and more teams capture their design decisions in Architectural Decision Records (ADRs). These ADRs are commonly used to document decisions after they have been taken. We will share a visual format for ADRs which has proven to also be useful in the period leading up to the decision itself, in which a team learns about a decision's context and business aspects, finds alternatives, and finally makes the trade-off between them. We call this format 'decision stories.' We developed and optimized the format by applying several iterations in practice over the past few years.

We will share our experiences, which show that the format not only captures a decision and its rationale, but also helps guide the decision process and engage stakeholders. The format is intuitive in use, and has shown to improve communication, both within teams as well as with external stakeholders.

In this experience report, you will hear how we developed our design decision story template, and learn how to get the most out of the format in practice.

Speakers

Eltjo Poort

CGI

Thursday May 14, 2020 1:45pm - 2:30pm EDT
Salon 11/12 Rosen Plaza Hotel

Experience Report

1:45pm EDT

Digital Ecosystems Begin Beyond your Comfort Zone

Digital ecosystems and platform economy are based on a strong interconnection across organizations and allow for completely new business models. They conquer more and more areas of business and private life and companies feel the pressure to reason about new opportunities.

An integrated perspective on business, technological, and legal aspects is needed. However, there is no clear method how to shape such new digital ecosystems, neither in the business world nor in the software world.

While everyone acknowledges that this is a challenging task it often remains the question who could do it. We found that software architects can be promising candidates for ecosystem shaping as they should be used to seeing the big picture and designing in the large. However, what is needed goes far beyond the standard skill set of software architects.

We report from ecosystem projects and our experiences across many domains like banking, automotive, farming, smart city, etc. Our goal is to:

• make the audience interested in the world and business of digital ecosystems
• give them a clear terminology to talk about digital ecosystems and the describe them
• show architects what new challenges could be in front of them and how they can develop their career path
• demystify the term “platform”: everything seems to be a platform — we present a proven classification of platform terms that are helpful in the context of digital ecosystems
• give dos and don’ts in the shaping of digital ecosystems
• outline new roles that are needed when creating digital ecosystems

Speakers

Matthias Naab

Fraunhofer Institute for Experimental Software Engineering (IESE)

Thursday May 14, 2020 1:45pm - 2:30pm EDT
Salon 9/10 Rosen Plaza Hotel

Experience Report

1:45pm EDT

ur-TechDebt

In this talk, I’ll interleave quotes from Ward Cunningham with the historical context he was in, including IT development practices, programming languages, object-oriented programming, and typical software development processes. I’ll propose a definition for ur-TechDebt that is limited in scope compared to typical tech debt definitions.

I’ll cover questions like these:
-What percent of ur-TechDebt can we expect to find using a tool?
-How does ur-TechDebt relate to domain-driven design and design patterns?
-What causes ur-TechDebt?
-Does refactoring fix all ur-TechDebt?

Speakers

George Fairbanks

Google

Thursday May 14, 2020 1:45pm - 2:30pm EDT
Salon 13/14 Rosen Plaza Hotel

Technical Talk

2:30pm EDT

Mini-Break so attendees can move between sessions

Thursday May 14, 2020 2:30pm - 2:45pm EDT
Rosen Plaza Hotel 9700 International Drive, Orlando, Florida 32819

Attendee Movement

2:45pm EDT

Conference Awards and Closing Remarks

Thursday May 14, 2020 2:45pm - 3:15pm EDT
Ballroom C Rosen Plaza Hotel

Plenary Session