A-Team Software, Inc.

TrackRight

Architectural and System Design

University of San Diego

CSOL 560

October 7th, 2018

Version 1.0
TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

Document Revision History

Date Version Description Author
28-Oct-2018 0.1 Draft version for customer review. A. Team

A. Team TrackRight Software, Inc., 2018

TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

Table of Contents
1. Introduction 1
1.1. Purpose 1
1.2. Product Overview 1
1.3. Definitions, Acronyms and Abbreviations 1
1.4. References 1

2. Description of Service Components 2

2.1. API Gateway 2
2.2. Web User Interface 2
2.3. Delivery Service through Web User Interface 2
2.4. Administration & Management 2
2.5. Transfer of Data Service 2
2.6. Time or Delivery Schedule 2
2.7. Payment Services 2
2.8. Data Storage 2
2.9. Final End Point/Software Configuration 2

3. Connectivity of Service Components 3

3.1. Diagram of Service Component Connectivity using REST API 3

4. Data Flow Between System Components 4

4.1. Diagram of System Component Data Flow 4

5. Designation of User Categories 4

5.1. Overview 4
5.2. Administrator 4
5.3. IT Manager 4
5.4. Internal / Third Party Auditor 4
5.5. Users / Operators 4

6. System Design Diagram 1

6.1. Data Portal 1
6.2. Fusion Engine Platform 1
6.3. Data Storage 1
6.4. Dataplane Service 1
6.5. Blockchain Access Layer 1
6.6. Apache NiFi 1
6.7. Stream Processing 1
6.8. Analytics 1

A. Team TrackRight Software, Inc., 2018

TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

Architectural and System Design

1. Introduction
1.1. Purpose
This document illustrates the Architectural and System Design for the Fusion Engine module of the
proposed TrackRight software.

1.2. Product Overview

TrackRight is customer tailored Supply Chain Risk Management (SCRM) software that provides detailed
information on the status of their supply chain at any given moment in time using automation tools,
relevant analytics in a user friendly intuitive dashboard. Leveraging the best practices, the software
provides tight integration between managing supply chain and the prevailing cybersecurity threats and
risk. Blockchain technology and crypto currency are sued to create the necessary trust relationship across
the entire supply spectrum and nodes. To that end Data Mining and Machine Intelligence are autonomous
capabilities that autonomously wargame network interdiction scenarios, outputs Anticipation and
Resilience Matrices for risk prevention/mitigation in addition to other anomaly detection tasks integral to
the core software design. TrackRight software consists of four extensible modules: Taxonomy Builder,
Fusion Engine, Tracker Analytics and Reporting and Alerts Engine. The software is designed to ensure
the modules are individually maintain and enhanced and can be deployed on most Linux or Windows-
based servers with modest hardware resources.

1.3. Definitions, Acronyms and Abbreviations

 API: Application Program Interface
 HDFS - Hadoop Distributed File System
 HTTPS: Hypertext Transfer Protocol Secure
 IoT: Internet of Things
 NiFi - A system of enhancing data through filtering with the help of point source security,
formerly called Niagarafiles (NiFi)
 SCRM - Supply Chain Risk Management
 REST API - Representational State Transfer (REST) Application Program Interface
 UI: User Interface

1.4. References
 Fedak, V. (2018). Blockchain and Big Data: the match made in heavens. [online] Towards Data
Science. Available at: https://towardsdatascience.com/blockchain-and-big-data-the-match-made-
in-heavens-337887a0ce73
 Kumar, D. and Rahman, M. (2017). Simplified HDFS Architecture with Blockchain Distribution
of Metadata. [ebook] Research India Publications. Available at:
https://pdfs.semanticscholar.org/f60d/6a515fbc5993bc3deea33143c00a713e570f.pdf
 DeZyre (2016). Hadoop Architecture Explained - What it is and why it matters. [online] DeZyre.
Available at: https://www.dezyre.com/article/hadoop-architecture-explained-what-it-is-and-why-
it-matters/317
 Gaddam, A. (2015). Securing your Big Data Environment. [online] Available at:
https://www.blackhat.com/docs/us-15/materials/us-15-Gaddam-Securing-Your-Big-Data-
Environment.pdf
 Venkatasubramanian, N. (2015). Hadoop, a distributed framework for Big Data. [online]
Available at: https://www.ics.uci.edu/~cs237/lectures/cloudvirtualization/Hadoop.pptx
 Maroto, C. (2016). A Data Lake Architecture With Hadoop and Open Source Search Engines.
[online] dzone.com. Available at: https://dzone.com/articles/a-data-lake-architecture-with-
hadoop-and-open-sour
 Meunier, S. (2016). Blockchain technology — a very special kind of Distributed Database.
[online] Medium. Available at: https://medium.com/@sbmeunier/blockchain-technology-a-very-
special-kind-of-distributed-database-e63d00781118

A. Team TrackRight Software, Inc., 2018 1

TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

2. Description of Service Components

2.1. API Gateway

This programming code sits on the frontend of the service component environment acting as a single point
of entry from defined micro-services.

2.2. Web User Interface

The web UI interface service component is front-facing application accessed through the Internet. The A-
Team webpage provides secure means to request services through HTTPS communication.

2.3. Delivery Service through Web User Interface

This set of components provides service delivery architecture (such as service creation, session control and
protocols) for a type of service delivered to consumer, whether it is a customer or other system.

2.4. Administration & Management

This service component enables designated service professions the ability to perform information system
services and managerial techniques as it relates to the fusion engine.

2.5. Transfer of Data Service

The transfer of data service component receives input from the web UI and delivery service through the
web UI feeding received inputs to the data storage and final endpoint/software configuration service
components. The transfer service is not bound to a particular network, layer, or technology. It can use
multi-path transfers to increase its performance. If future networks provided the capability to set up
dedicated optically switched paths between hosts, the transfer service could use this facility to speed large
transfers. The transfer does not even need to use the network; it could use portable storage to transfer data.

2.6. Time or Delivery Schedule

This service component refers to what actually happens when services are requested. Once services are
requested by a customer and processed, this component processes the scope of work and delivers the data
to the payment services service component.

2.7. Payment Services

The transfer of data from the time/delivery schedule service component to this component interfaces with
authorized payment options to complete an e-commerce transaction.

2.8. Data Storage

A-Team proprietary and consumer data resides on remote, third-party storage infrastructure. The APIs
associated with this service component enables administrators and managers to remotely manage the data,
ensuring the confidentiality, integrity, and availability of data remains intact.

2.9. Final End Point/Software Configuration

This service component provides addressing and binding characteristics that enable the transfer of service
protocols required to effectively and efficiently complete a required transaction.

A. Team TrackRight Software, Inc., 2018 2

TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

3. Connectivity of Service Components

3.1. Diagram of Service Component Connectivity using REST API

A. Team TrackRight Software, Inc., 2018 3

TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

4. Data Flow Between System Components

4.1. Diagram of System Component Data Flow

5. Designation of User Categories

5.1. Overview
Microservice architectures or frameworks do not bring additional services or operations but rather
modularize them into smaller self-contained, independent and loosely coupled components. Expected
users are Administrator, IT Manager, Internal Auditor, Third Party Auditor, and Users/Operators. Each
category of user has very specific is limited to specific actions.

5.2. Administrator
 Operator and configurator privileges
 Modify server user ID and password
 Enable or disable administrative security
 Configure authentication and authorization mechanisms access logs, inventory records and
reports

5.3. IT Manager
 Manage authorization groups
 Create, delete and add resources to an authorization group
 View inventory records and shipping status

5.4. Internal / Third Party Auditor

 Enable and disable security auditing
 Define which security audit events
 Set the audit policy
 Access inventory and shipping files

5.5. Users / Operators

 Monitor privileges
 Access inventory
 View and manually change shipping or tracking status

A. Team TrackRight Software, Inc., 2018 4

TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

6. System Design Diagram

A. Team TrackRight Software, Inc., 2018 1

TrackRight Version: 1.0
Architectural and System Design Date: 07-Oct-2018

6.1. Data Portal

This is a portal that the data providers and data consumers will use to either upload or consume data. The
user experience will be a critical requirement in this design; this can be assumed to be a custom website or
a third-party portal customized with the right set of security and access built into it

6.2. Fusion Engine Platform

Blockchain is a requirement. We select an appropriate platform that supports some of the critical
capabilities– distributed ledger, cryptography, immutability assurance, smart contracts, oracles, and
permission-based, etc.

6.3. Data Storage

The potential storage requirement may exceed a petabyte of information being exchanged, key storage
considerations are Volume, Variety, Location of data and Sensitivity and latency within Blockchain. A
significant amount of data may be external storage outside of the Blockchain.
Large database storage option considered include Apache HBase, Apache HDFS with Apache Hive should
be considered to handle the massive volumes of data.
The location of the data will be in the cloud, possible cloud provider options like Amazon S3 are heavily
being considered. The “Variety” factor of the data will help determine which storage option is chosen
depending on based on whether the data is structured or unstructured data.

6.4. Dataplane Service

The connecting framework between the data stored on the Fusion Platform and other data sources will be a
set of services that offer unified security, governance, management and visibility across all data sets.
This is a unified data plane that data providers and consumers can leverage easily. The services will
include a data catalog to make data discoverable and searchable simple across multiple data sources. Since
we will be handling sensitive data sets based on the environment, offering unified security across multiple
datasets ensures users have access to the right data sets within the right context.
The design will provide end-to-end data governance in this design. It will be imperative to incorporate
system auditing to track changes within the system.

6.5. Blockchain Access Layer

Multiple protocols or mechanisms through which a Blockchain platform can be accessed will be available.
We understand that we are addressing full datasets as well as streaming sources such as IoT. Traditional
integration tools will not meet such demands, particularly volume scales.

6.6. Apache NiFi

This offers an integrated data logistics platform for automating the movement of data between disparate
systems. This provides a real-time control that makes it easy to manage the movement of data between any
source and any destination. Being data source agnostic, supports disparate and distributed sources of
differing formats, schemas, protocols, speeds, and sizes such as machines, geolocation devices, click
streams, files, social feeds, log files and videos and more. This is perfect for the data architecture where
different providers have different types of data to offer.

6.7. Stream Processing

Apache Kafka can enable data communication speeds of millions of transactions per second.

6.8. Analytics
Apache Storm, Apache Spark Streaming and other similar projects offer complex event processing and
predictive analytics capabilities. Data consumers will consume raw data and perform analysis on their own
systems. Other consumers of data will do detailed analytics on the data directly through the fusion engine.

A. Team TrackRight Software, Inc., 2018 1