3rd party dependencies (risk assesment)

In this document we cover the core 3rd party dependencies we have in UCloud and assess risk based on the following factors:

  • How essential is the dependency for UCloud?
    • Scale: 1 (low) - 5 (high)
  • How essential is knowledge of the system to develop UCloud (while keeping it stable and secure)?
    • Scale: 1 (low) - 5 (high)
    • The assessment will include if the knowledge is only essential for a single component or system-wide
  • Difficulty of migrating to an alternative technology
    • Scale: 1 (low) - 5 (high)
  • Likelihood of the dependency getting discontinued in the coming 5 years
    • Scale: 1 (low) - 5 (high)

We consider a 3rd party dependency to be anything not created by the SDU eScience Center, examples include:

  • Software library
  • Tool
  • Hosted software (e.g. a database server)
  • Technical specifications

We use the following format:

### Dependency name

- __Website:__ https://example.com
- __Short description:__ Lorem ipsum dolor sit amet, consectetur adipisicing elit.

__Assessment:__

- __How essential is the dependency for UCloud?__ 1 (low) - 5 (high)
- __How essential is knowledge of the system to develop UCloud?__ 1 (low) - 5 (high)
- __Difficulty of migrating to an alternative technology:__ 1 (low) - 5 (high)
- __Alternative technologies:__ (If relevant) We could use ...
- __Likelihood of the dependency getting discontinued in the coming 5 years:__ 1 (low) - 5 (high)

Notes and explanation go here

UCloud/Core and IM

HTTP and WebSockets

  • Website: https://html.spec.whatwg.org/multipage/
  • Short description: UCloud utilizes the Web and WebSockets for all of its services and frontend.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5 (system-wide)
  • Difficulty of migrating to an alternative technology: 5
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Kubernetes

  • Website: https://kubernetes.io/
  • Short description: Container orchestration. This is used both for the deployment of UCloud and scheduling of user jobs.

Assessment:

  • How essential is the dependency for UCloud? 4
  • How essential is knowledge of the system to develop UCloud? 4 (few components), 2 (rest of system)
  • Difficulty of migrating to an alternative technology: 3
  • Alternative technologies: Nomad. Bare-metal deployment and compute on different platform (e.g. slurm).
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Note that our current Kubernetes deployment uses K3s. See infrastructure documentation for more details.

Docker

  • Website: https://www.docker.com/
  • Short description: Container runtime.

Assessment:

  • How essential is the dependency for UCloud? 3
  • How essential is knowledge of the system to develop UCloud? 2 (system-wide)
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Docker is natively supported by all large cloud providers, including AWS and Azure. Docker is unlikely to be discontinued without an alternative in place.

PostgreSQL

  • Website: https://www.postgresql.org/
  • Short description: PostgreSQL is an open source object-relational database system.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5 (system-wide)
  • Difficulty of migrating to an alternative technology: 3
  • Alternative technologies: A different SQL database.
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

PostgreSQL has had active development since 1986 with many large companies using it in production as well as sponsoring development.

Go

  • Website: https://go.dev
  • Short description: Programming language used for IM2 and Core2.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 4
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Frontend

ReactJS

  • Website: https://reactjs.org/
  • Short description: A JavaScript library for building user interfaces.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 5
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Developed by Facebook and used in many different companies and websites.

NPM

  • Website: https://www.npmjs.com/
  • Short description: Node package manager. Used internally in the frontend to manage dependencies.

Assessment:

  • How essential is the dependency for UCloud? 4
  • How essential is knowledge of the system to develop UCloud? 4
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Vite

  • Website: https://vitejs.dev/
  • Short description: Tooling + module bundler for JavaScript applications.

Assessment:

  • How essential is the dependency for UCloud? 4
  • How essential is knowledge of the system to develop UCloud? 3
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

TypeScript

  • Website: https://www.typescriptlang.org/
  • Short description: The entire frontend of UCloud is developed in the TypeScript.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 5
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Redux

  • Website: https://redux.js.org/
  • Short description: State container for JavaScript applications.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Redux is a commonly used library for state management in React-based applications. It has more than 3.5 million weekly downloads on NPM.

Tools

JetBrains IDEs

  • Website: https://www.jetbrains.com/idea/
  • Short description: Integrated Development Environment (IDE) for many different languages. It is used internally to develop the software for UCloud.

Assessment:

  • How essential is the dependency for UCloud? 2
  • How essential is knowledge of the system to develop UCloud? 2
  • Difficulty of migrating to an alternative technology: 1
  • Alternative technologies: Any other text editor. IntelliJ IDEA is not a requirement to develop UCloud.
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Developed by JetBrains who has also developed several of our other dependencies.

Git

  • Website: https://git-scm.com/
  • Short description: Distributed version control system. Used to keep track of changes and merge changes from multiple developers.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 4
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

GitHub

  • Website: https://github.com
  • Short description: GitHub provides hosting of our git repository along with issue tracking. It also acts as the CI orchestrator via GitHub actions.

Assessment:

  • How essential is the dependency for UCloud? 3
  • How essential is knowledge of the system to develop UCloud? 3
  • Difficulty of migrating to an alternative technology: 3
  • Alternative technologies: Any other similar hosting platform for Git repositories with CI support
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1