How to Build Serverless & Low-Code Enterprise Application using Trillo Platform
In this blog, we will cover how a serverless and low-code architecture can be applied for building an enterprise application. The low-code means less code to write and test. The serverless is more agile and microservice architecture i.e. dealing with smaller chunks of code. For a business, it translates into better quality and less cost.
A low-code and serverless platform can cover all aspects of an application — from complex functional requirements such as data models, business behavior to non-functional such as security and scalability. We will go over each aspect and discuss how Trillo Platform implements it. We successfully applied the approach discussed here to build products and applications on Google Cloud Platform for 100s of customers. We can say with confidence that it works, it works even for the most complex of applications.
1. Complex Data Model
An enterprise application has 100s or even 1000s types entities. They have complex relationships. They can be implemented using relational or NoSQL databases.
Trillo uses Model Driven Architecture (MDA) to capture the application’s data model. In a declarative style, a user specifies tables, columns, meta-properties of columns (such as types, validations, access control rules), etc. The platform transparently creates tables, alters tables. Trillo enforces validation, consistency, security, etc specified in the model specification.
Trillo can also introspect an existing database and generate its metamodel (schema).
2. Publishing Data as API
Once the data model is realized in the database, the Trillo platform automatically publishes it as APIs — restful with OAuth2 compliant secure access. The CRUD, pagination, search APIs become available by default. But Trillo goes beyond it. A user can specify complex queries with parameters (templated queries). These queries can be designed, tested using Trillo Workbench. They become available to a remote client as API (without giving access to the actual SQL statement).
The language client toolkits can also be used to invoke these APIs from programs written in respective programming languages.
3. Security of Data Layer
Trillo API layer is accessed using an OAuth2 compliant API gateway. The data access control is applied based on the client’s access token. It ensures that access to the data is protected. One user can’t access the data of another user.
Also, field-level access controls can be specified. For example, SSN is not accessible to any user other than maybe a super admin.
Trillo data layer has inbuilt support of multi-tenancy.
4. Application Behavior using Serverless Functions
Trillo provides a framework to plugin application logic as serverless functions. These functions can make use of several open-source libraries and Trillo APIs in the application logic. You can write code of any complexity. Trillo API provides access to the data layer, other functions, components such as file storage, scheduler, external services, audit logs, logging, etc. Each function runs in the security context derived from the client credentials or access-tokens and wrapped within a transaction boundary.
5. Long-Running Backend Jobs (tasks)
Trillo provides a framework to run long jobs in the background as tasks. These tasks can be started by API invocation, a scheduler, or an event trigger. Trillo manages the status of such tasks including log messages in the database. A background task executes in the security context of the invoker (users, schedulers, API user, etc.). Each function can also log its message at a different point in the code. These logs can be accessed on a per-task basis to analyze the status of the task or troubleshoot any issues.
6. External Service Integration
Trillo can import the specification of external services as a Swagger (Open API) document. It can republish endpoints via its API gateway. Trillo API gateway transparently manages the authentication with the external services and enforces application-specific access control rules. The endpoints of external APIs also become available to serverless functions.
7. Management of Files and Documents at a Scale
Files and document uploads, downloads, sharing, and organization is always a requirement of any application. Trillo provides APIs to upload, download, store, organize, share files. It can use a file system or block storage (such as Google Cloud Storage buckets) for storing files. Trillo can encrypt files using custom keys. It provides an admin UI to view files. An admin can also view users’ activity logs.
8. GCP Services Integration
Trillo abstracts several GCP services as simplified APIs that can be used in serverless functions. Trillo transparently manages the access through the service token (acquired during deployment). The developers do not have to worry about it. For example, you can create a DataIterator against BigQuery, read and write files on the Cloud Storage (without having to worry about GCP APIs). Some of the GCP services, Trillo integrates with are:
c. Cloud Storage Bucket
d. FHIR Store
e. DICOM Store
9. Orchestration Logic
Trillo uses a serverless function or a series of functions for orchestration. APIs such as creating an activity (request), timer service, etc supports orchestration logic. In the future, we plan to support BPEL (Business Process Execution Language) based diagramming tool.
10. Security — Authentication
Trillo supports SAML, OIDC, LDAP, Okta, social login, and Google Cloud Identity Platform for authentication. Besides, it provides its own user-id and password for authentication. It uses the databases for storing the proxy user (federated user) or its own user.
11. Security — Authorization and Access Control
Trillo uses a JWT token to validate each request by a client. In the case of an external service, Trillo wraps the external token within its token. Periodically, it validates the external token.
Trillo permits role-based access control. These roles are then used to access control database, fields, services, APIs, and also used within functions’ logic.
Trillo provides UI for specifying the metadata of the application (App Builder). It also provides admin UI out of the box (for creating tables, reports, view content uploaded by the user, managing tasks, schedules, etc).
To build a custom UI, you can use any framework of your choice (AngularJS, ReactJS, Ionic, etc).
13. Publishing Application as API
Trillo admin UI can be used to issue client id and the secret for accessing the application API. An external client can then access all its APIs like any other internal client (such as UI application).
14. Audit Logs
Trillo logs important events of the application in the database. A function can also add audit logs as required by the application logic. These logs can be filtered based on API call, task, etc, and viewed on UI to analyze and troubleshoot issues.
The program logs added by developers (debug, info, warning, error) can be streamed to an external logging system (a standard process followed by several modern applications). On GCP, Trillo uses StackDriver for logging.
Trillo based applications are generally stateless. Trillo also internally uses distributed Redis to store temporary information that should be available across multiple calls. A function or a series of functions can make use of Redis storage using Trillo API.
Trillo itself uses microservice architecture and these services are stateless. Trillo services are deployed within the Kubernetes cluster. In short, the Trillo platform follows the best practices required to scale an application using the Kubernetes cluster.
17. Fault Tolerance
Since Trillo services use the Kubernetes cluster for deployment, the fault tolerance, and disaster recoveries are in-built. By running, multiple clusters in different zones and regions, fault tolerance and disaster recovery can be achieved.
18. Deployment Anywhere (Cloud or Data Center)
Trillo Kubernetes cluster can be deployed on any public or private cloud (for example using Anthos). Due to its partnership with GCP, Trillo is available in the GCP marketplace. It can be deployed from there with a single click.
There is no CI/CD required for your application. Trillo stores all application metadata functions in a Git repository. The application code can be deployed on the running Trillo platform from the Git repository using Trillo’s admin UI.
Regarding the deployment of the Trillo platform itself, its deployment is automated on the cloud of your choice by the Trillo team (GCP is available out of the box).
20. Application Monitoring
Trillo uses the application monitoring available on the cloud. For example, on the GCP, Trillo uses Stackdriver for application monitoring.
21. Development Environments
The development of the application (backend) primarily means writing metadata and serverless functions code. It is easy to input metadata for the database, services, security, etc. A relatively not so simple part is debugging a serverless function. The good news is that Trillo provides a solution to debug a serverless Java Function. Trillo provides the following tools for the developer.
21.1 Trillo App Builder or Trillo Workbench
Primarily used for inputting metadata, admin configuration.
21.1 Cloud IDE (Visual Code Studio)?
It can be used to edit the serverless function deployed on the cloud.
21.1 Entire Trillo in A Box (on a cloud VM or your local computer)
Trillo provides a pre-built VM with all development tools that can be used to build any application. The Java serverless functions of the application can be developed and source-leveled debugged using IDE such as Eclipse and IntelliJ.
22. Everything Together
The following diagram depicts the above points pictorially.