Standard Operation Guidelines
License Management
Once you have purchased CloudScend Foresight, you will receive an email with your license and other key pieces of data that will be needed to complete installation, setup or normal operations. Please safeguard this information for your use only.
License Location
Before beginning installation procedures, place the license.txt file in the same folder as your helm charts. The installation scripts will need this file in order to successfully install your license.
Reaching Your App Tier Maximum
Once you have onboarded and processed your maximum number of applications allowed for the App Tier you purchased, you will not be able to continue to process new applications. You will receive the message below when you reach your maximum.
Once you receive this message, you will need to work with your administrator to purchase a higher App Tier and get a new CloudScend Foresight license. You can do this by returning to the AWS Marketplace. If you need any assistance or have questions, please contact the CloudScend Foresight service desk at 1-866-411-4227 – option 3 or email foresight-support@saic.com.
User Management
When you install the CloudScend Foresight product, an instance of Keycloak will be installed. Keycloak is an identity and security management solution that you will securely store all your CloudScend Foresight user information.
Roles and Access
The Sage_User role is for all users. This role can perform all CloudScend Foresight functionality including the following:
- Onboard applications
- Upload Source Code
- Upload application artifacts
- Run migration estimates
- View reports and dashboards for analysis
Security and Password Management
Whether you are creating your own account or setting a new password, you must select a password for CloudScend Foresight that meets the following criteria:
- Must have a minimum length of 8 characters
- Must contain at least one upper case character
- Must contain at least one lower case character
- Must contain at least one numeric character
- Must be changed every 180 days
- Must not be the same password as the previous 24 passwords
Add a New User Account
All first time users of CloudScend Foresight will need to create and setup an account.
Users will need to register for your account and create a password in the CloudScend Foresight Keycloak instance.
1. Open a web browser and go the the CloudScend Foresight site. The CloudScend Foresight admin should provide you with the url for the application within your environment.
2. Click on the Register link to create your account.
3. Enter your name, email, username and desired password, making sure to confirm your password by entering it a second time to register for a CloudScend Foresight account. Note: All passwords must follow the password guidelines above.
4. Click Register to create your user account.
5. Once you have created your account, you are ready to login and begin managing applications.
Keycloak administration does not do the same field validation that the new user screens perform. If you decide to try to add users from the admin console, it is critical that you enter all required user data. The required user data is user first name, user last name, user email, user password.
System Tuning
Packaging Source Code
The CloudScend Foresight product requires uploading the source code of the application to be analyzed in order to provide you with the data regarding the health and cloud readiness of your application. The code should be packaged as a zip file for uploading. The source code folder should be assembled using the guidelines below to ensure optimal analysis.
Source Code Supported Languages
CloudScend Foresight provides support for most common programming languages. Below is a list of the current languages that are either fully or partially supported by the CloudScend Foresight product.
| Language | Assessment Report | Technical Debt Report | Cost Estimation Report | Cloud Readiness Report |
|---|---|---|---|---|
| Java | ✔️ | ✔️ | ✔️ | ✔️ |
| JavaScript | ✔️ | ✔️ | ✔️ | ✔️ |
| C# | ✔️ | ✔️ | ✔️ | ✔️ |
| TypeScript | ✔️ | ✔️ | ✔️ | ✔️ |
| Kotlin | ✔️ | ✔️ | ✔️ | ✔️ |
| Python | ✔️ | ✔️ | ✔️ | ✔️ |
| PHP | ✔️ | ✔️ | ✔️ | ✔️ |
| VB.Net | ✔️ | ✔️ | ✔️ | ✔️ |
| Ruby | ✔️ | ✔️ | Partial | |
| ColdFusion | ✔️ | ✔️ | Partial | |
| Go | ✔️ | ✔️ | Partial | Partial |
| Scala | ✔️ | ✔️ | Partial | |
| Flex | ✔️ | ✔️ | ||
| HTML | ✔️ | ✔️ | ||
| CSS | ✔️ | ✔️ | ||
| XML | ✔️ | ✔️ | ||
| CloudFormation | ✔️ | ✔️ | ||
| Terraform | ✔️ | ✔️ | ||
| Clojure | ✔️ | ✔️ | ||
| VB6 | ✔️ | ✔️ | ||
| COBOL | ✔️ | ✔️ | ||
| Swift | ✔️ | ✔️ | ✔️ | ✔️ |
| JSP | ✔️ | ✔️ | ||
| T-SQL | ✔️ | Partial | ||
| C++ | ✔️ | ✔️ | ✔️ | Partial |
| C | ✔️ | ✔️ | Partial | |
| PL/SQL | ✔️ | ✔️ | Partial | |
| Shell Scripts | Partial | |||
| Delphi | Partial | |||
| Groovy | Partial |
General Guidelines for Packaging Source Code
- Only include code that is directly developed for the application and under direct control of the application owner.
- Keep the directory structure organization as used in your build environment.
- Note, there can be no spaces in the directory folder structure. Ensure all folders have no spaces in the name.
- You can include DDL and SQL files under a folder separate from the source code however this is not necessary for a good scan and can cause very large .zip files.
- Do not include third party library source code.
- Do not include past versions of code that have been archived under your repository.
- Exclude files with the following extensions:
- *.javac
- *.jdb
- *.doc
- *.docx
- *.psd
- *.zip
- *.gz
- *.bak
- When creating zip file from source code from an existing Git repository, if the repository contains LFS files, do not use the “Download source code” option from the browser. LFS files will not be included in this zip file and, therefore, will not be uploaded. Instead, clone the Git repository and create a zip file from the local download.
- The CloudScend Foresight product can support .zip files as large as 2GB. If after preparing your source code per these instructions, your .zip file is larger than 2GB please contact the SAIC Help Desk for assistance processing the larger file.
Specific Guidelines for Java Applications
- Keep all build artifacts as used by your dependency management and build automation tool (e.g. maven, gradle or ant)
- If application is a web application, keep all static content like HTML CSS, Javascript that is served by the application.
Specific Guidelines for .NET Applications
- Only .Net Framework 4.6 to 4.8 are currently supported.
- Web Application projects are supported. Legacy Web Site projects are not.
- Projects targeting multiple frameworks and using preprocessor directives could have slightly inaccurate metrics (lines of code, complexity, etc.) because the metrics are calculated only from the first of the built targets.
- Zip file for source code upload must contain a *.sln (Microsoft Visual Studio Solution File) in root directory which then links to the projects to be scanned.
- If there are multiple *.sln files, create a separate zip file and onboard as a separate application in CloudScend Foresight.
- Make sure to include the source code includes all .csproj files with links to the files to be scanned.
- Make sure to include packages/assemblies/DLLs which your solution uses to compile.
- Check with any 3rd party vendor's license requirements.
- Remove any .gitignore files if present in your source code; the typical .gitignore file will remove packages/assemblies/DLLs which your solution compiles against when ingested into CloudScend Foresight.
- Source code should have all required configuration so that it can be built locally using MSBuild 14.0 or higher for optimal analysis.
CloudScend Foresight requires your source code to be compressed into a zip file before uploading. However, it is possible for you to configure your CI pipeline to create an appropriate zip file of your source code and then call our source code uploader API to automatically upload your source code into CloudScend Foresight.
Actual Bucket Criteria
In order to complete your application analysis and obtain a full picture of you application cloud migration effort, you will need to record the actual hours and cost for app analysis and refactor efforts. This will allow not only you to track your work across time, it will also provide important input into the CloudScend Foresight machine learning estimation model. While your cost and hours are very specific numbers, we also provide an effort-based categorization of apps which in CloudScend Foresight we call “application buckets.” These buckets will allow you to cluster the apps on your portfolio based on characteristics shared among application in such a way that you can get a higher level view on the composition of your portfolio for migration planning purposes. We have identified the following four bucket categories based on our work with government agencies: Simple, Medium, Complex and Outlier. As with actual cost and person-hours, CloudScend Foresight also allows you to record your own assessment for application bucket. The bucket value you select should be based on criteria about your application. Please follow the chart below as a guideline to help you select your actual bucket value.
| Simple Bucket Criteria | H |
|---|---|
| Existing Cloud App or 3-Tier Web App | |
| No Databases or 1-2 Databases with no Stored Procs or DB Links | |
| HTTPS Based Interfaces only | |
| Cloud Readiness Index > 80 | |
| No Cloud Migration Blockers | |
| Uses PIV Authentication, SAML | |
| None of the following: shared filesystems, caching, message queues, real-time data sync requirements, or COTS tools | |
| Technical Debt less than $144,000 | |
| SLOC Count less than 40K | |
| App Analysis total hours range: 0-240 hours | |
| App Analysis total cost range: $0 - $33,600 | |
| Refactor total hours range: 0-2,857 hours | |
| Refactor total cost range: $0 - $400,000 |
| Medium Bucket Criteria |
|---|
| 2-4 Databases with a few Stored Procs and/or DB Links |
| Very Few Non-HTTPS Based Interfaces |
| Cloud Readiness Index 70-80 |
| No Cloud Migration Blockers |
| Uses PIV-based Authentication, SAML/JWT |
| None or one of the following: shared filesystems, caching, message queues, real-time data sync requirements, or COTS tools |
| Technical Debt: $144,000 – $253,000 |
| SLOC Count: 40K - 70K |
| App Analysis total hours range: 241-360 hours |
| App Analysis total cost range: $33,700 - $50,400 |
| Refactor total hours range: 2,858-5,000 hours |
| Refactor total cost range: $401,000 - $700,000 |
| Complex Bucket Criteria |
|---|
| 5 or more Databases with both Stored Procs and DB Links |
| Many Non-HTTPS Based Interfaces |
| Cloud Readiness Index < 70 |
| 1-2 Cloud Migration Blockers |
| Uses Non-PIV-based Authentication, JWT or Other Token |
| One or two of the following: shared filesystems, caching, message queues, real-time data sync requirements, or COTS tools |
| Technical Debt: $253,000 - $722,000 |
| SLOC Count: 70K – 200K |
| App Analysis total hours range: 361-480 hours |
| App Analysis total cost range: $50,540 - $67,200 |
| Refactor total hours range: 5,001-8929 hours |
| Refactor total cost range: $701,000 - $1,250,000 |
| Outlier Bucket Criteria |
|---|
| Very Large number of Non-HTTPS Based Interfaces |
| Cloud Readiness Index <35 |
| Numerous Cloud Migration Blockers |
| Uses Non-PIV-based Authentication, Other Token |
| Most or all of the following: shared filesystems, caching, message queues, real-time data sync requirements, or COTS tools |
| Technical Debt: greater than $722,000 |
| SLOC Count: greater than 200k |
| App Analysis total hours greater than 481 hours |
| App Analysis total cost greater than $67,340 |
| Refactor total hours greater than 8930 hours |
| Refactor total cost greater than $1,250,000 |
Storage configuration
CloudScend Foresight leverages AWS storage solutions to persist different types of artifact. For the EKS-based deployment, a set of Kubernetes data volumes are created during the installation process. These volumes are created under a provisioned AWS EFS file system.
CloudScend Foresight leverages AWS Elastic File System (EFS) https://aws.amazon.com/efs/. EFS is a fully managed system that is designed to be highly scalable, highly available, and highly durable and requires minimum configuration.
It is recommended to implement an EFS file system backup process as part of the CloudScend Foresight management process. This can be easily implemented using the AWS Backup service (https://aws.amazon.com/backup/). An example implementation can be found here https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html)
In addition to data volumes, CloudScend Foresight uses AWS S3 as a default storage solution for application artifacts. As needed, the S3 bucket can be configured to meet the organization data storage requirements in terms on encryption, data life cycle, etc.
Backup and Restore
Keycloak Backup & Restore
Before making any significant environment changes, you should backup your Keycloak instance in order to keep your registered user information intact. Follow the steps below to backup your Keycloak instance.
1. Connect to the Keycloak pod using Lens or Kubectl.
2. Browse to /opt/jboss/keycloak
3. Run the following in the Keycloak pod.
bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.usersExportStrategy=SAME_FILE -Dkeycloak.migration.file=keycloak-export.json \
-Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777
4. Copy files from pod to local system or to the other pod
kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
kubectl cp -n keycloak keycloak/keycloak-0:/opt/jboss/keycloak/sage-keycloak-dev.json ./sage-keycloak-dev.json
5. To restore the instance, import the JSON via the UI using the Keycloak Admin User 6. For help performing a Keycloak export use the Keycloak documentation.
Postgres Database Backup and Restore
CloudScend Foresight installs and creates multiple Postgres databases that are used throughout our product. The database information is persited on Kubernetes volumes despoyed in AWS EFS as explained above. This ensures high availability and high durability of your data. As needed, organizations can backup Postgres databases that contain the CloudScend Foresight data. Database backup instructions provided by Postgres can provide you assistance.
CloudScend Foresight uses Postgres instances for the following software components:
- Sage backend service
- Common data service
- SonarQube service
- CAST Highlight service
As an example of backing up your database, you can follow these steps:
- Connect to the database pod via shell
- pg_dump -U postgres DATABASE_NAME > backup.sql
- Copy file from database pod to local system
- kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
- Example: kubectl cp -n keycloak keycloak/keycloak-0:/opt/jboss/keycloak/sage-keycloak-dev.json ./sage-keycloak-dev.json
GitLab Backup and Restore
An instance of GitLab is also included with your CloudScend Foresight installation. In order to backup your GitLab instance that is created and filled with your uploaded source code from CloudScend Foresight, you should review and follow these instructions provided by GitLab.