AERO - bespinian supports Xovis in cloudifying their airport software


"bespinian’s expertise and hands-on skills in all things cloud-native was key in enabling our teams to achieve our business critical goal of extending our airport software to a SaaS model and successfully launching AERO."


Jörg Wagner, CTO, Xovis



Customer

Xovis is an international provider of intelligent people flow management solutions across airports, retail, transportation and smart buildings. The company develops the 3D sensors for mounting on customer premises as well as the software which enables customers to analyze and act on people flow data. Xovis’ headquarters is located in Zollikofen, Switzerland, with more than 130 employees working for the company all over Switzerland and the US.


Background

The software for Xovis sensors is successfully enabling airports around the world to solve people flow challenges like minimizing queue lengths, optimizing opening hours and numbers of lanes, counters, desks, kiosks, and self-service bag drops. Since the sensors are physically installed on customer premises, the most straightforward setup in the past has been to also operate the airport software on site, with Xovis providing second and third level support to their customers’ teams. However, demand for a fully managed service is growing steadily among Xovis’ airport customers. In addition, managing installations on-site generates a significant operational overhead that many customers would like to avoid in the future. In order to address these demands and challenges, Xovis decided to launch AERO, a SaaS version of their airport software, with sensors installed on customer premises and the software operated centrally by a DevOps team at Xovis.


Project Goal

The goal of the project was to perform the transition of Xovis’ airport software into a SaaS model, which could scale to many airport customers. This means that the required Azure infrastructure for running the product as well as the product itself needed to be provisioned and operated in a fully automated manner. Furthermore, all components of the software needed to be capable of running in a cloud platform and needed to support automated zero-downtime maintenance and elastic load balancing. Since the target SaaS product is multi-tenanted in nature, all security measures needed to be hardened for cloud operations. Furthermore, the development and operations teams of Xovis needed to be enabled to assume DevOps responsibility of the SaaS product.


bespinian's Role

bespinian played a key role in the following areas:


Cloud-native coaching

Before approaching the cloudification, Xovis needed to ensure that all members of their engineering teams were at the same level of knowledge required for building, automating and maintaining applications in a cloud-native way. bespinian collaborated with the engineering teams in a series of interactive workshops in order to ensure that the guiding principles of cloud-native software architecture and operations, as well as the technical specifics of deploying applications to Kubernetes, were known to all team members.


Infrastructure automation

Having automation in place from day one was of paramount importance to Xovis as the SaaS product needed to be made available to many customer airports all over the world. This meant that the identical Azure infrastructure stack needed to be provisioned on demand in various Azure regions in order to reduce latency from customer locations. bespinian supported Xovis in designing and implementing suitable Terraform modules and Azure DevOps pipelines in order to automate this provisioning process.


Kubernetes automation

On the other hand, in every given region, an arbitrary number of customer locations needed to be provisioned automatically as a collection of Kubernetes deployments. bespinian worked with the Xovis team to design and implement a GitOps process based on Helm and Argo CD in order to fully automate customer location provisioning to the point where a customer could be onboarded in a hands-off process triggered by the Service Delivery team.


Application containerization

While Xovis was already using containers for development purposes, transitioning to a cloud-native approach meant that containers needed to become the primary artifacts of the whole development process. bespinian collaborated with the Xovis team to transform existing build pipelines into multistage image builds, resulting in maximally efficient runtime images for all components involved in the SaaS product.


Zero-downtime architecture

As many components of Xovis’ airport software are running stateful algorithms based on sensor input over time, making these components capable of zero-downtime upgrades and maintenance presented an extra challenge not addressed by Kubernetes. bespinian advised the Xovis team in designing a stateful load-balancing and failover scheme based on the HashiCorp Consul KV store and sessions, ensuring that individual replicas of components could reach consensus about which sensors to process and could instantly be replaced in case of failures during sensor processing.


Security hardening

Having many customers running on the same infrastructure presented Xovis with novel security topics which were not relevant in the on premise setting. Strict separation of customer tenants in the SaaS product and secure handling of secrets and other sensitive data needed to be addressed. bespinian advised and supported Xovis in implementing security hardening measures in Azure as well as in integrating HashiCorp Vault with all components of the SaaS product in order to enable a secure centralized management of secrets.


Monitoring and alerting

When transitioning to a SaaS model, Xovis needed to ensure that their DevOps team stays informed about the health of the cloud based infrastructure and software components at all times. Furthermore, the team needed the ability to react quickly to incidents before they impacted airport customers all over the world. bespinian supported and advised Xovis in implementing a comprehensive cloud native monitoring and alerting setup based on various Azure logging and monitoring tools and capabilities.


Technologies

  • Terraform (azurerm, azuread, helm, kubernetes, aiven und vault Providers)
  • Kubernetes
  • Helm
  • Argo CD
  • Hashicorp Vault
  • Hashicorp Consul
  • Azure Services (AKS, Azure SQL, Event Hubs, Log Analytics)
  • Azure DevOps
  • Java
  • .NET