Mechanics Prototype Shop Ordering system

The Mechanics Prototype Shop at Nokia campus was creating prototypes for multiple Nokia sites and their ordering communication was based on E-mail. Customers were most of time sending orders with incomplete information which caused unnecessary back-and-forth communication. Additionally proper archiving (outside of email), searchability and visibility to orders were lacking.

The Prototype Order System was designed as a web application storing information on a searchable database. A form collecting complete information for order was designed. Additionally, short email notifications were sent on each order to the protoshop manager to look at job details on the web tool.

The Web-based Prototype Ordering System fixed the obvious inefficiencies in the old e-mail based ordering process. Orders in new system consisted of complete request information and provided visibility on the progress of the work order to the customer.

Nokia Corporate Web Phonebook

The Nokia Corporate Web Phonebook allows people to perform searches by different attributes to access people's telephone numbers, organizational information, sites and address information.

The Phonebook application was developed in Perl using advanced perl data structures to store configuration and meta information as well as the runtime result sets from database searches. Backend data was stored in PH Database (open source, by Univ. of Illinois). A reusable module for handling client side PH database result sets was created in the process.

The Phonebook is the core of corporate contact information and experiences roughly 80 000 hits per day. Users often refer it to "most important app" on the intranet.

Corporate Phonebook SMS Messaging gateway

The corporate SMS messaging gateway created in conjunction with the corporate phonebook and allows people to send out SMS messages from the web user interface of the phonebook. The system also allows querying the corporate phonebook by sending a simple SMS message with a query command and query parameter keyword to a dedicated number. The results of query is sent back to the mobile phone in standardized "Business Card (vCard)" -format in case of a single match (informative free form message in case of multiple matches).

The complete architecture of the system contained SMS daemon developed in C, capable of being compiled on and run on any POSIX compliant platform (e.g. Linux, Solaris), phonebook messaging server written in Perl and web frontend - also written in Perl. For the SMS messaging, the system utilized Nokia GSM modem hardware connected to a UNIX server with serial RS-232 connection. Interfacing the modem HW from UNIX-based OS took place using POSIX termios serial device interface API using polling to track incoming messages while concurrently operating the outbound link.

The corporate SMS messaging system became rapidly very popular and was able to handle thousands of messages per day. Later the system was converted from a GSM modem to using direct TCP/IP -based communication to SMSC (short messaging center), retaining the user interfaces and query interfaces created during the project.

FTP Mail Monitoring Reports Extraction

With Nokia switching to Microsoft Exchange-based mail servers, there was a need to allow the monitoring of their mail transfer queues on a low level. The reports were available on an FTP server, but improved visibility and easier readability via a web-base user interface were required.

A web application was built using Perl Net::FTP module to fetch the log files from the FTP server. The log files were parsed into an internal representation, which also allowed them to be output in clear, readable tabular format (combining information from multiple separate files fetched from the server).

Files that were previously only reachable by FTP in rudimentary format were now viewable by just a few clicks on hyperlinks via an easy-to-use web application. The old tedious way practically kept people from monitoring queues, while the new web viewer not only saved viewing time and effort, but also gained momentum for actually monitoring the queues.

WAP / WML Accessibility on the Nokia Phonebook

Nokia Phonebook information was accessible from intranet by web browser and also by using SMS message-based querying (for Nokia intenal staff only). To improve accessibility and usability to mobile users, the WAP/WML querying of phonebook was added to complement the HTML Interface.

Because of the modular design of the phonebook, WML was easily accomplished by overriding output methods for original HTML based output. Using any of the WAP enabled phones automatically triggered the WML formatting of the pages. The WAP devices were detected by the incoming HTTP request headers, which indicated the WAP compatibility / capability of the device. To adapt to the requirements of small devices, the results were also windowed smaller and fewer fields were displayed on phonebook result listings. Part of the initial development effort was carried out in WAP / WML emulator environment.

The ease of mobile use for the Nokia phonebook - especially browsing from listings of search results to individual entries - was significantly improved over the previously provided SMS-only querying (for devices that supported WAP/WML).

SD Site Hardware Assets repository

The hardware assets with their current configuration (such as IP-addresses, CPU, memory and HD info, NIC card...) was maintained by the PC group in an Excel spreadsheet with file locking issues, multiple-copies problem and occasional corruptions. A replacement was needed to allow concurrent editing capability, public visibility and ability to search assets.

The hardware asset information from the Excel sheet was imported to an LDAP database and an application to manage (create,edit,search) the assets was developed in Perl using Mozilla::LDAP Perl APIs. The tool was also later changed to allow generation of NIS host Netgroups maps from the group information associated with hardware information.

This application eliminated inconsistencies in HW maintenance and allowed public visibility to HW asset information and ownerships. The information allowed the displaying of hardware assets information for people in the local San Diego phonebook (with the hardware "owner" field tying the two).

PRI tool for Cell Phone Carrier Customer Configuration

The old way of creating carrier configurations for phones using text editors which required the typing of configuration settings in hexadecimal notation had shown to be very error prone for the marketing department staff. This PRI web tool enabled creating carrier configurations through an intuitive web user interface and downloading the configuration directly from tool. The tool also allowed easy administration of all available settings (per product family) within the same tool.

The PRI Tool was composed of several object classes encapsulating handle specifications, current configuration instances, product phases, output compilers and UI modules. Since the settings model was stored in a (LDAP) database, the settings documentation information was also integrated with the database. Automatically generated documentation was also available through the tool nest to each setting field. The format validation of settings was implemented in both the UI of the tool as well as the output compiler in backend to improve the correctness of settings. The configuration tool could output the config information as either directly phone flashable hexadecimal format or XML format, which was inherited by the next generation of the tool.

By replacing the old error-prone process, the web tool improved the configuration throughput remarkably and elimited the old trial-and-error nature of process. The auto-generated documentation within the tool helped newcomers of the phone configuration staff to understand the settings quickly. This tool has been in exclusive use on all DCT3 generation CDMA phones at the San Diego site since mid-summer 2000 to 2003 when active portofolio of DCT-3 phones was phased out.

Mechanics Simulation, Proto and Test Report Database

The Finite Element Method (FEM) Analysis crew in Mechanics line had formerly established a simulation reporting via intranet in HTML format for easier site-to-site access and visibility. The number of reports was growing so large that there was a need to make the report meta-information searchable. The nature of report documents made the maintanence of meta-information within document files unpractical. Additionally, there was a need to track task durations, completion and other important information on the reports. Also, the local San Diego site prototype shop and mechanical testing group wanted to join the efforts to improve their process tracking.

An LDAP directory was chosen as storage for the report meta-information. The URLs to the report documents were stored in the database and presented on application UI for direct and easy document access. The application was later converted to utilize relational (MySQL) database as storage.

The Mechanics simulation, protoshop and testing tasks database enabled improved visibility to the each of the report types. The task duration tracking allowed for better planning and improved estimation of task throughput for management purposes.

LDAP Organization Editor

There was a need for a central Organization hierarchy maintenance tool to allow Human resources, IT and project support personnel to maintain site organization hierarchy information. The tool had to be easy-to-use and had to have a web frontend. The organizational information maintained with this tool can be used to output various kinds of representations like org. personnel listings with associated job role information, provide dynamic organizational charts to browse and provide links to organizational web homepages.

Org Editor was developed in Perl with organization information stored in LDAP directory database. The object oriented techiques were used for hiding and maintaining redundant two-way linking between parent and child organizations inherent in LDAP databases. OO Inheritance was used for deriving organization objects from a lower-level based LDAP entry and "appending" organizational characteristics to it.

The central storage of organizational information allows business applications (and web servers) to refer to live, up-to-date org. information for workflow decisions and allows access for both control purposes and dynamic organization charting. The tool has been (and continues to be) in use by Human resource and Intranet solutions for 6 years as an exlusive tool to maintain the organizational structure of the San Diego site.

Cell Phone Diagnostic Counter Information Tracker

Mobile phones have internal product performance counters (PPC) for the errors that occur within mobile software and hardware. These counters stored on phones act as diagnostics logs for development and testing of the phone. There needed to be an easy way to upload the stored counter information from the phone to more permanent server-based data-storage using the web-browser built into the phone.

Developed by the San Diego mobile SW, the browser had a integrated capability to return counter information as a binary HTTP/POST upload. To initiate upload, the phone first needed to query a counter set to return. The binary counter information set from the phone was stored centrally into files residing on the web server receiving the upload. The counter set profile configuration was designed and implemented by an HDML (Handheld Device Markup Language from Openwave/phone.com)-based UI Because of the extranet environment, the data storage was kept simple with a ascii file-based solution. The ASCII file was stored in a format that was directly importable to Excel.

The project provided an interactive thin-client solution to configuring sets of PPC counters from multiple phones to be centrally stored on a single server. The central storage allowed later large-scale analysis and reporting.

UNIX NIS map to LDAP Integration project

The NIS map integration project established the storing of traditional UNIX NIS maps in an LDAP directory according to standardized schema supported by UNIX vendors. Tools were also created to replicate the information into traditional NIS systems to support older-generation UNIX platforms still relying on NIS information exclusively.

Schemas for users, UNIX groups, services and RPC information were created according to standard definition in RFC2307. A centralized admin tool to administer information was created using Perl based on LDAP Browser framework. The replicator allowed operating replication from a web-user interface or from the command-line (on scheduled basis from cron service). The replication (from LDAP to NIS) and build of NIS maps can be controlled via command-line interface or web user-interface.

This project enabled easy editing and searching of user accounts and other NIS information, as well as more coherent storage of system information. All modern UNIX workstations could also be gradually hooked on to using LDAP stored NIS information (with increasing support from vendors).

PRI Tool "Feature"-level Setting Extension

The PRI customer settings configuration Tool also involved creating settings which carried inter-dependencies. Despite the friendly user interface, the settings carrying interdependencies (i.e one setting implied another as mandatory) were prone to error. There was a need to introduce an higher level "abstract" setting classified as "Feature" to bind the lower level settings together.

A new setting type called "Feature" was created within the tool, which allowed bundling / tying a set of more primitive settings together, so that no discrepancies could result in the configuration. To the end user, the feature appeared as another setting with a name. Internally, the tool expanded the feature setting to multiple individual settings.

The likelyhood of errors decreased in PRI Configuration with the tool taking care of consistency within interdependant settings.

OoO / Leave Calendar

The previous Leave calendar system deployed on the SD Center provided a way to enter individual leaves and view a center-wide calendar view of people on-the-leave, but was becoming slow because of an underlying ASCII file-based storage system. A replacement was needed for performance improvement as well as future extensions.

The leave calendar was rewritten using Perl, basing the storage on a MySQL relational database system. The application screens were structured to a set of callback subroutines called on actions. This design would also later allow for easier application extension.

The functionality for leave calendaring system was largely unchanged, but provided vast speed improvements in performance as well as improved base for future extensions.

Mentor / EDMS Product Assembly Partlister

The partlist for electronic phone components, traditionally generated and checked by hand, is sent to the manufacturing plant to use as a source format for the assembly machinery to take care of individual part logistics within assembly process. A tool to automate the time-consuming and error-prone manual component list generation.

The Mentor / EDMS Partlister was implemented as a Perl web application set of object oriented modules to carry out the logical task. The UI part allows browsing of Product variants in a Mentor design directory tree and choosing the product variant to output components partlist for. After choosing product variant, the parser module structures the component data into a deeply nested tree composition of related objects. Each of the objects were able to output themselves in the specified format, allowing for complete automation of the process.

The partlist generator speeded up the process of hand-editing parts lists from ascii formatted files and removed the high likelyhood of error involved in manual processes.

Site Disk Usage Monitor

The disk usage monitor system allows tracking of disk usages on site file servers through a web user interface, as well as triggering automated notifications to users that are close to exceeding their quota. The reporting of usages on the web frontend may be done by the user, disk server or disk volume. The trends are shown as graphs in both graphed and tabular format.

The disk usage monitor consists of a component recording disk usage in scheduled manner and a web based tool reporting the usage by the desired criteria. The tool was created with Perl using graphs for usage trends produced with the GDI graphics library for Perl. Release 2 of the tool was enhanced to speed up collection by querying NetApp fileservers for usages directly. The release 2 of the tool also included enhanced graphing using a PHP4-based graphing toolkit.

The tool increased people's and organizations' awareness of redundant data or data to be archived and as a result, helped reduce consumption of disk space. Top disk users and associated Cost centers - paying for the disk space - are effectively tracked and alerted with the help of tool.

LDAP Authentication plugin for Actuate Reporting Framework

The Actuate Reporting framework allows writing custom plug-ins for authorizing users to access reports. In the lack of usable plugin, the IT had to write a custom plug-in to support authorizing Actuate users to view reports by the group information stored in LDAP directory at San Diego site.

The project involved learning the Actuate plugin API, designing the structure of the loosely coupled reusable API for extracting members for an nested LDAP group tree and implementing involved code modules. After the LDAP traversing API implementation was done, the project involved assisting and mentoring a colleague developer in implementing and testing the the final code module. After the initial development under UNIX environment, the C-language code was directly compiled onto a production environment on a Windows NT system. The code module was implemented as a shared library (*.so in UNIX, *.dll in Windows) and was loaded via configuration file directives into an Actuate runtime reporting framework.

The plugin module allowed re-using the existing organizational groups and access control groups to control access to the reports, as opposed to mastering them redundantly. The elimination of redundant maintenance resulted in savings as well as risk of repositories being out of sync.

LDAP to RDB Replication pump

With an increasing amount of Relational database applications, there was a need to maintain people and organizational information (originally mastered in LDAP system) up-to-date in a relational database. The reasons included a need to translate name information from the ID values stored in databases and higher performance for RDB searches.

A generic data-pump was created with the ability to map field names from LDAP attribute naming to RDB attribute naming. The tool also allowed writing reusable field specific plugins for manipulating field content during the replication process from LDAP source to RDB target. The pump also detects whether entry (by ID) already exists in target or if it should be created (insert vs. update).

The data pump has been in use for over 4 years, maintaining data sychronization between configured schemas of LDAP and RDB data.

OoO Calendar Leave Request System Extension

Leave request system is a tool for entering and viewing leave information in calendar format via a web user interface. The previously developed relatively simple Leave Calendar needed to be extended to handle the workflow related to requesting and approving leaves as well as keeping track of leave consumption. The tool needed to calculate current vacation balances dynamically based on annual leave grants. The tool allows calculating balances at payperiod ends by tool are automatically sent to regional head quarters each pay period. In the new form the Leave request tool replaced the old paper-based process for requesting leaves.

The existing leave entries were re-modeled to hold leave status and association to approvers as well as handle the complex lookup of approvers and communicating the approval tasks by e-mail. The tool also allows allows users to synchronize leaves to their (MS Outlook or any VCal compliant calendering SW) calendars. The managers can view a summary of balances for all their sub-ordinates to see the need to notify their sub-ordinates on their under- or over-use of leaves. The calendar view within application can be made to filter entries by organization.

The application and related process was taken into use center-wide and enabled public visibility of peoples leaves, archiving of leave information and advanced searches (reports) on leave calendar data. In the HR the tool produced remarkable time savings compared to old paper based process.

Group Traversing for Apache web server Authnz module

The addition of LDAP traversing to an existing Apache LDAP Authentication module allows recursive gathering of indirect members for higher level group nodes in the authorization phase of access control.

Programmed in C language, the traversing task was implemented as a compact object library and calling it in the appropriate locations within existing LDAP Authentication and authorization module. The algorithm used for traversing was based on controlled recursion. The traversing operation (the attributes to traverse, the depth of traversing as well and debugging verbosity) is configurable through directives entered in the global configuration file of web server.

The addition of traversing allowed the migration to Apache based web infrastructure from existing iPlanet based platform while retaining the existing web access control lists. Intelligent composition of access control lists (ACL) from re-usable sub groups reduces the ACL maintenance effort dramatically.

Multi-system Access control engine

Access control engine transforms access control lists from a central source to various formats through a web user frontend. The engine allows the access lists to be output in various formats for UNIX Samba, Apache web server, Netscape Web server and UNIX filesystem access rights. Output generation is mainly used for creating web server URL access configurations.

The design of ACL generation is implemented in generic access object which can hold individual users and groups for read and write access types. The object allows arbitrary input source and output target of ACL data. The input and output formats are implemented as adapters for object. The input source adapters implemented were Netscape /iPlanet web server ACL file and LDAP stored access control lists. Application wrapping the access object allows previewing as well as storing the access control lists to their intended destination.

The storage of access control lists in LDAP database (with related automated generation of system specific formats) allows a unified interface to controlling access to multiple systems. The automated creation also ensured correct syntax for all the formats.

Website (OS and server) Platform migration

Site platform migration included transition from Netscape / iPlanet web server on Sun Solaris OS to Apache webserver running on Linux OS. Both target infrastructure components consisted of well proven Open source software.

The major step in migration was the integration of traversing to LDAP authentication module - allowing to use the existing access control lists - and testing the code changes. A previously developed LDAP traversing library was integrated with existing simple LDAP authentication plugin with no traversing capability. The existing access control lists (about 200 ACLs) had to be converted to format that new web server used (See ACL management project). Apache webserver was compiled from its distributed source tree.

The project allowed transitioning from slowly progressing commercial platform to progressive open source infrastructure with customizability, rapid fixes to security issues and zero licensing cost. The cumbersome iPlanet UI for managing web server access and the tendency of web-server corrupting its ACL file occasionally were eliminated with the help of new Web server architecture and ACL management system (see previous projects). The migration task as a whole was carried out in collaboration with system administration team.

Product Program Milestone Manager

Product Milestone Manager allows tracking the development of Mobile Products with their related features, subfeatures, milestone timeschedules (for products, features and sub-features) as well as customers for product, suppliers for feature / subfeature modules and representatives for development objects on the corporate side. The system also allows management for schedule dependency relationships by triggering relevant alerts in the dependency chain product / features / subfeatures when the schedule for dependencies threathens to delay the schedule of higher level entity. The app allows authoring and editing of all present data objects.

The application was developed with Perl with construction, modification and deletion of each of the development objects transparently handled by singular handlers to avoid writing redundant code to manage the the data schema of 11 RDBMS tables. Advanced object oriented techniques were used to accomplish transparency of operations among process objects.

Milestone manager allows product feature and milestone management, typically stored in fragmented, constantly out-of-date spreadsheets into one consolidated view of program schedule. Proper authorization and access control allows the relevant people to update the scheduled tasks for best possible public visibility.

Disk Usage Monitor v.2

The change in underlying storage systems used on site made it possible to query the Netapp disk storage servers directly - allowing a more fine grain statistics gathering on disk consumption. The usage could be also tracked on more granular level.

The old diskusage gathering, based on UNIX command line tools (du,ypcat) was converted to use Netapp -supported querying to get disk usage per user, server, volume and subvolume (previously only by user/server). The new release also replaced the graphing done by a fairly primitive Perl-based toolkit with the use of a more hi-level and flavoured PHP4 -based toolkit. In addition the timespan of graphing was extended from 50 days to 1 1/2 years. The allowed quota and actual usage were displayed on the same graph side-by-side.

Project achieved better granularity on disk usage tracking, speed improvements on the gathering phase and better graphing. The database hosts over 5 million recorded diskusage samples with no (noticable) performance degradation as the sample amount grows.

"Rockstar Awards" peer recognition tool

Employee Services needed a lightweight, easy-to-use tool to allow sending Peer recognition messages to colleagues. The system needed to be able to notify the line manager on each submitted message as well as be able to produce reports to line managers on the recognitions to their personnel for each month.

Tool was rapidly developed based on an existing framework with custom plugins written to implement the organizational lookups to notify line managers of the awards. Messaging was embedded as part of the hosting framework as part of the project.

Tool continues to be in use at SD site with about 4000 awards entered in 2 1/2 years time.

Zoso Phone Test admin tool

The customer needed to be able to delete occasional invalid test result sets recorded from phone testing stations as needed. The results from testing stations recorded into Oracle relational database. An administrative editing console needed to be developed to allow edits and deletes.

System used existing data schema with 3-table hierarchy, stored in Oracle database. Application was developed using an existing framework.

The tool allows making administrative changes through a web-based user interface without needing to master SQL (and consider complex inter-object relationships) for results deletion.

ISO 9000 Quality Quiz

ISO Quality tool was needed to raise awareness of ISO Quality standard in the center. The tool had to be able to evaluate the answers for correctness and store the results in the database.

The Quiz tool was developed in Perl using relational database as storage. The task led to development of a general purpose quiz / survey framework able to handle any multi-choice survey setting with a very short lead time.

ISO Quiz has been in use for several years now. The framework has been used to publish several surveys and quizes with short configuration work.

Sprint / Cameleon Application Bug Reporting tool

Cameleon product program needed a tracking DB for application bugs on a very short notice before the release of the product.

A framework created in Perl enabled setting up the application very quickly with a bare configuration, with need for very little testing (No code was written to implement application).

The application URL was communicated to the phone testers, which were immediately able to report bugs on-line. Achieved a consolidated place to report bugs and errors.

Resource (Conference room) Scheduling system migration

The outdated Non-supported Oblix conference room reservation system was to be replaced with a product from another vendor. The new product, Resource Scheduler from MeetingMaker had to be loaded with all the information from past as well as meetings reaching half-a-year to the future. Information on Users, Resources (conference rooms), Equipment in conference rooms and reservations (tying together objects: resource, users and time) had to be all exported and imported to new system.

A set of Perl scripts were prepared to parse the VCalendar-formatted data stored by Oblix system, expand the reoccurring reservations and store the data in an intermediate schema in relational database. From intermediate schema the data was formatted as stored procedure calls used by Resource scheduler to import the data. Design and implementation involved intensive use of deep data-structures (to store reservations, resources, equipment) as well as challenging algorithms (to expand the reoccurring reservations). The Complete Import operation was controlled by a traditional makefile controlling launching of various phases of import/export operation with proper sequencing and dependencies.

Data was successfully transferred to new system and there was no interruption in the availability of conference room booking systems.

DB Change Logging Module

Applications have a recurring need to log changes to entries as data is edited using various applications. A simple way had to be created to log the changes at object instance / database entry level.

A Relational DB Schema and Perl module with clear API and configuration interface was developed to allow logging changes related to arbitrary data types (database entries or object instances). The changes are logged by application, object type and object identity. The application itself has a freedom of choice on the format (and granularity) in which the change is logged.

The module allows enabling logging within any DB Application programmed in Perl with minimal changes.

UNIX Installation Tracking

UNIX Installation on various sites at Nokia needed to be tracked to gather a central repository of UNIX variants (Sun Solaris, HP-UX, Linux) installations. The requirement was to be able to later produce reports (not within scope of this project) based on collected data.

A CGI-based gateway script was created to allow netcat (open-source) utility to make a simple HTTP GET request with installation info passed as parameter to log the information onto database. The ability to use netcat utility found in most UNIX variants out-of-the-box enabled keeping the solution as lightweight as possible, with minimum addition to installations scripts and with no need for additional SW components (like database drivers).

There is a central repository for UNIX installations from various sites from where reports can be extracted.

MPART Admin Console

MPART - Mobile Phone Access Request System needed a admin/management tool outside the Phone request application to fix / edit information on the lower levels (not enabled by the request process application).

An existing framework was quickly configured around the existing set of Oracle tables used by the MPART Application. Short configuration process enabled instant editability of the phone request entries.

Admin console was accomplished with no code development efforts.

Scheduler tool - TeamTrack XML Messaging

The in-house Test Scheduler tool and commercial off-the-shelf TeamTrack tool needed to exchange test task scheduling data so that the test reservations made in the in-house tool could enter a complex workflow maintained by the TeamTrack system used by Product test factories at Nokia San Diego site.

The vendor-enabled XML messaging (using SMTP mail messaging with XML content) was used to map the Test Scheduler data to TeamTrack. An Object oriented module with extremely simple interface was written to present the message to be sent across system. Language used for the implementation was Perl. An ID mapping / exchange system enabled the systems to refer back to each others data / entries to poll the status (completion) of scheduled tasks.

Achieved Intercommunication and exchange of data between two systems to be integrated.

DCP - Digital Content Packaging tool

A tool was needed by CDMA Variant team to create packages with cell phone media files in it (Often specific to model / type and carrier configuration). Tool had to be web enabled to allow single point of access. The package needed to be immediately downloadable from the tool.

Tool was written in Perl with core objects as a set of Perl objectclasses. An admin user interface was set up to allow adding phones models and their variants and media types to avoid the need to change the tool. Tool was later extended to handle additional information needed by JAVA certificates. Also SIM Lock script generation capability was added later.

All CDMA Phones media packages and SIM Lock scripts are created by Variant team using the DCP tool. The tool takes out the error prone manual creation of index file (listing of files packaged and some other settings) and the manual packaging to ZIP/DCP format. The produced packages are ready to be used as-is without further processing.

Employee Award tool

Employee Services needed a tool to allow managers (and selected employees) to submit monetary awards to employees. The systems should notify Employee services on the submission of employee awards and allow progress / status on the delivery to be tracked and updated.

Because of similar application pattern the tool was based on the Rockstar awards peer recognition tool data schema with few fields added. A new private application instance with a lot of shared functionality was created to enable notification messaging and progress status management.

The tool enabled easy-to-use wizard-like UI to submitting Employee awards and centralized tracking of the submitted awards.

Project Settlement Cost Center management console

The project-to-line costcenter mapping information previously maintained in Excel spreadsheet needed to be maintained in a database environment for availability from workflow-based web-applications that deal with charging the cost from a product programe to a organizational line cost center.

The Excel spreadsheet by finance was imported to a table schema with project-to-line cost center mapping and associated cost center approvers and approver specific cost-approval limits (in dollar amount). The tool information was adapted to be managed based on an existing application framework.

Any workflow based application (such as center-wide Travel tool) is able to query (project-to-line) cost center settlement information from a single well-maintained central system. Because of this accountability, the information will be well maintained.

RUIM Card Tracker

RUIM (Removable User Identity modules) are simple memory cards for storing configurations and personal information (such as contact information) in mobile phones. With slowly increasing use of RUIM cards in CDMA phones the cards used at RD center for personal use and tesing purposes were tracked in Excel spreadsheet. With hundreds of registered cards there was a need to be able to concurrently edit the card registry, search and sort the items more meaningfully.

RUIM Card information was imported to a relational database and an application (based on existing framework) was configured to manage card information.

Relational database based solution allowed concurrent editing for more-than one card administrator and public visibility to information.

SD Web Application Catalog

The San Diego Web RD Center has a large number of web applications that were hard to track (for quantity and quality) as filesystem only data. Cataloguing them would allow registering the developer and contact people for the application, URL;s where application resides, the data sources the application uses etc.

A registry of web applications was created with an existing framework. The Intranet solution team members registered all their applications the catalog to allow rapid reference to key information of each application.

Visibility to applications improved by registering them in central catalog.

EDA Tool License Tracker

The EDA tools licensed from the vendor involve a server based licensing system that EDA tool users tend to forget about, by letting the tool sit open while not actually using it. This leads to license pools being exhausted and need for additional license purchases. A tool needed to be able to provide visibility to EDA tool license usage and provide notifications to users who have kept the tool open for longer that system configurable time threshold.

A set of perl modules was developed around the set of Flex License manager "lm_" - tools, so that a a nice object oriented layer wraps the command-line tool activity. The modules launch appropriate tools that fetch information from license server and parse the output stream to internal object data. Data can be effectively looked up for detection and rendered for UI. A cronjob polling the license usage will send notifications exceeding the limit. Alternatively the system can be triggered to force the termination of license use from a user.

License usage awareness was increased within users with the notifications they received. It also allows administrators to run reports on the license use very effectively. The license tracker also became part of Nokia global SEAL license awareness program distribution.

Global Account and Group Management Tool redesign

The Nokia Global UNIX account management project - Needy - was having its account management tool developed in PHP language. Application saw a rapid requirements growth and a lot more functionality was requested. The application had its functionality in 40 files already and common changes (improvements and fixes) were hard to implement across files with lot of repetitive code.

Webapp framework was a framework written in Perl designed to allow maximum sharing among portions of code by isolating features to handlers to be called back by framework. Framework also allwed extracting shared portions of code to handlers that are called for all screen specific handlers. It also helps in maintaing database connections to various data sources and minimizing the number of files where screen handlers reside. The existing Perl version was ported to 2 PHP object classes and the existing application code was refactored from long linear scripting style to better isolated handlers.

The number of files was drastically reduced (to around 5) and the amount of repeated code was reduced to manageable quantity. Development goes on with a new rapid phase and more error prone way compared to old code management problems with dozens of files.

UNIX Tracking Changes for Recording Packages and Patches

The previously established project to track UNIX host installation needed to expand the scope of tracking to Installed software packages as well as update patches (service packs).

The CGI recording gateway was extended to support additional data types for patches and packages). Changes were implemented so that further tracked-type additions would be very easy.

The application provided quick-and-easy site-to-site remote visibility to packages and patches installed onto host machines without need for remote logins and command line usage.

LDAP 2 NIS Pump release 2

In the preparation of Nokia site UNIX teams using LDAP to master UNIX user account and UNIX group information, the LDAP to NIS pump was needed to enable smooth transition from exclusive use of NIS system to exclusive use of LDAP account management. LDAP 2 NIS pump would allow mastering the information in LDAP - directory, yet have the information reflected to NIS system used by UNIX workstations.

The related code modules were quickly refactored to Object oriented modules and a configuration layer was added to enable using the pump tool at any Nokia site. A packaging (based on tar and gzip) with version control and usage documentation was created to make the package quickly and easily deployable on any Nokia site.

The pump is currently in production use in Salo, Tampere (Finland) and Ulm (Germany) sites. Because of clear documentation, no questions on installation or usage have been submitted to developer.

VMPS Tool Instance addition

VMPS (VLAN Management Policy Server) tool had been in use at San Diego site for two years, but by fall 2004 the LAN had been split to more segments one being dedicated to the ITP test stations. There was a need to manage VLAN Policy separately for machines in ITP cluster.

Initially the customer suggested copying-and-altering the original application. However the Existing tool was inspected for the sections where a change for a new tool instance would have to take place. The sections and settings that would have to be configurable were extracted out of the original code and externalized to configuration files. On each request the tool extracts its tool ID from the called URL and uses relevant settings accordingly.

The new VMPS tool instance allowed managing ITP LAN as a separate segment and eased up access control issues that would have arised using single tool. The fact that tool was not copied-and-changed to new instance but made configurable allows maintaining and further developing single tool.

PRI Compiler/Translator port to UNIX/Linux Platform

A web tool (being developed by a collegue) needed to implement 2 translations on cell phone binary image files to be flashed as phone SW into phone memory. To avoid re-implementation of conversion within webapp (Perl), the existing windows-based command-line utilities were chosen for the task.

Porting the source code of 2 command line utilities (raw2img, img2fiasco) from windows environment required the analysis of source files to see what windows-dependencies the source files carried. The .dsp build file from windows had to be converted to generic makefile supprted by UNIX make utility.

A makefile was written to drive the relatively simple build with GCC compiler from source. Compiler warnings were followed to get rid of windows dependencies. One proprietary windows string function (int stricmp(s1,s2)) was replaced with BSD UNIX library equivalent (int strcasecmp(s1,s2)). To avoid modifying all locations of Windows function call the change was implemented by a preprocessor macro included with another conditional preprocessor directive for UNIX based compilation. The changes made to source were kept to minimum and completely documented into the makefiles of utilities.

Re-implementation of converter utilities was avoided by utilizing the existing once developed and tested existing utilities.

Java Development Environment Ramp-up

ISD (Intarent Solutions Development) Team strategy involves moving to Java web-based development for the new applications. A plan was to use popular open development tools to have as much suopport in form of existing SW components as possible as well as lot of documentation and examples available.

A Tomcat servlet server was set up on ISD development (Linux) server and minimum configuration changes were applied to fit the environment. Example servlets utilizing Java JDBC (database connectivity) JNDI (Java directory interface) and other fundamental classes were developed to lead the way in development. Also the reflection class was tested to allow creating powerful generic classes for fetching and storing databse entities and avoid rewriting same patterns again. The Ant build environment (equivalent of Make-utility) was installed to allow powerfully managing the tasks involved in building of Java applications (manage dependencies and large file trees, package and deploy applications, notify by email). Example build was configured to demonstrate the power of Ant build environment.

The new Tomcat environment allows creating any applications utilizing servlets and JSP pages. Ant build environment allows automating and simplifying the build process inherent in Java applications.

Leave Balances Import

The leave tool requires importing empoyees annual leave grants to the leave tool database to allow calculating leave balances by the leaves taken. A Perl/DBI based script for the import task existed, but with strategic plans for moving to Java based development this relatively short script was ported to Java/JDBC based utility.

The tool consisting of basic file reading, parsing and database connectivity was rewritten in Java to highlight the differences in Perl and Java file operations, parsing, data structures and database connectivity. Tool operated from command line.

The new Leave grant import allowed comparasion between Perl and Java based development.

DCP Tool java certificate support

The DCP Packaging tool needed to be extended to support security information related to Java certificate files embedded into digital content package (DCP). While the Javacert filtype was already registered with the tool the existing index file format with simple key-value formatting needed to be extended to hold multiple values for a single key for Javacert files.

Because of the more complex format of Java certificate security fields the index file format produced by the DCP Creation tool had to change. The object structure of the tool was refactored to allow containg Java Certificate security information. When any files with type Javacert are embedded into a package the tool user interface produces an itermediate wizard-like screen for filling Java Certificate information before proceeding to package creation.

The ability to enter JavaCert information via DCP tool allowed to continue using single, central tool for DCP package creation.

DCP Tool SIM Lock Script Generation

The Variant team had a need to generate SIM card (Subscriber Identity Module) lock scripts that control subscribers access to certain phone number, for example by excluding certain countries, regions or area codes. The manual process involved lot of low-level chores, such as conversions between little-endian and big-endian byte orders and formatting results in hexadecimal notation into the SIMLOCK script files. There were also lot of repetitive sections in format, making manual creation of file even more error prone task.

The DCP Packaging tool used by variant team was a natural place for SIM Lock generation, because that audience generating SIM lock scripts was the same. Sim lock script generation was developed according to the script format specification from mobile SW group. The generation of script involved low level operations on numeric data, such as bit-masking, bit-shifting and byte-swapping.

The ability to generate Simlock scripts via DCP tool allowed to continue using single, central tool within variant team. Generation of simlock scripts with a tool removed the occasional errors introduced in hand created scripts.

ACL (Access control list) Management tool

IT has a large number of file and directory resources with ownership assigned to group larger than necessary (large generic groups). Because of the technical nature of the group management task and required administration rights IT ends up adding people to access control groups several times a day.

ACL management tool provides an easy-to-use request interface where access requests can be submitted online. The approval triggers real-time addition of requestor to relevant access control group with not need for IT intervention.

ACL reduced the work of IT staff and improved the cycle times for adding people into relevant directory access control lists by allowing the business owners of directories respond to requests immediately.

LDAP API Script Changes

With anticipation of Organization Information mastering location moving from LDAP to RDB there was a need to change any legacy scripts writing to LDAP organizational targets. Certain call and intialization patterns in files using LDAP API calls needed to change.

A Perl script was prepared to effectively search API call patterns ("grep") from all Perl (*.pl, *.pm) files on a 4 GB disk area, recording the matching files and location (line offsets) of matching patterns. Approximately 2000 matches were founnd in roughly 500 files. Because teamwork involved with actual script changes all the match-related data was stored in database tables for easier reference and a web tool was created to indicate script change progress.

Creation of automated tool for searching API patterns eliminated manual review of files. Storing information collected by pattern matching scripts to database allolwed easy concurrent access to information.

JAVA LDAP Authentication Module

Web Applications and server components need to authenticate users against common / standard user account repositories. to avoid each of the application implementing their own version of authentication, a common module easily integrated with applications was needed.

Java JNDI (Java Naming and Directory Interface) API shipping with standard Java J2SDK toolkit was chosen as LDAP Directory access and authentication API. An facade API was built around more complex and granular JNDI API to allow authentication with single method call.

Authentication module was easily integrated on application JSP pages and serlvlets and eliminated the need of of per-application implementations.

OOO/Leave Tool Calendar View Only Mode

With a new regional tool being introduced, the SD site Leave tool had to move from "master" mode into "slave" mode, acting effectively as a leave calendar only.

The Active features (create, edit) from the tool were suppressed so that the features enabling / disabling is controllable through configuration. This means that tool can be enabled back with full features without code changes.

The Use of familiar Leave tool continued in view only calendar mode.

Leave tool / Kronos MyTime tool Data Transfers

With the introduction of new MyTime / Kronos tool the data sychronization between the old and new system had to be arrange in two ways: The New tool had to import existing leave data from old tool and the Old tool, now running in calendar mode had to receive a continuous feed of new data from new system.

A data pump was created to transfer existing data to new MyTime system. Another pump providing the feed from new system to Leave calendar was created as well to keep the calendar up to date.

Pumps enabled integration between the new and old leave / PTO management systems.

Product Factory Focus tool

Product Factory Focus tool was required to track the product variants produced on various Nokia (and external) production facilities across the globe.The tracking covered Program, Model, Package, Target Carrier and SW Version.

An existing framework was chosen to quickly implement the tool.

Visibility to Factories improved remarkably from the days of fragmented Excel file versions.

Build and Deployment of Apache PHP Module

Without development server the PHP development on production server enviroment risked the stability of production enviroment in cases where PHP -based script got to exceed the resource use (such as eternal loop).

PHP was compiled as an Apache module against the header files of an existing (old) Apache installation on development server. Module was build as UNIX shared / dynamic object which was installed in Apache modules directory and configured to be loaded dynamically to server process space at start-up.

A safe environment for PHP development was achieved by providing the module onto proven development enviroment.

FOTA UPC Update Packaging tool

The New UPC / FOTA (Flashing over the air) Standard allows packaging Mobile SW / Firmware updates (fixes, upgrades) using a standard XML formatted package that is designed to be compatible across Mobile SW vendors. One of the major cell carriers was planning to implement its phone upgrades using the UPC (Update Package container). A convenient intranet tool was needed to allow build team to generate the UPC Package with involved base64 content encoding, calculation of checksum, and security signature generation at a high level of automation.

A web-based tool was created using Perl programming language. The highly hierarechical package structure (allowing encapsulating multiple different update paths for multiple different devices ...) was made configurable using a single dynamic web screen allowing to configure various parts of package. The dynamic screen was achieved using combination of CSS Stylesheets and JavaScript language. The only step to generate a package descriptor from application main screen was to click "Generate" button and then either view the XML or download it.

UPC Content packager allows quick and easy creation of Firmware update packages using Industry standard format. Validations built into tool eliminate the errors from package content. The alternative way of creating packages using text editor or even dedicated XML editor would not make the level of automation possible.

User and Organization Information ETL Tool

With a few development activities outsourced to an external company an information pump was neede to keep the employee directory information with related organizational information in sync with the proprietary database schemas hosted on Oracle database server and used by the new applications.

A datapump was developed using Java, defining a universal class interface to describe a generic replication operation. A class implementing the interface was written for each entity type to replicate (users, organization, organization memberships) taking to account all the specifics of each replication type. The data access was implemented using Java JNDI - Naming and directory interface - API for accessing the Local LDAP directory and JDBC - Data base Connectivity - API for accessing the targeted relational database (Oracle). The Java Container classes (Hashtables, ArrayLists) were heavily used for indexing and creating a memory-peristent image of the data to replicate. For potential system layout changes, the "most-likely-to-change" parameters like LDAP and RDB/JDBC server connection URLs were externalized to properties file for easy of configuration for admin staff.

The datapump enabled keeping the employee/organizational data master data repository in sync with the schemas of external vendor applications. This eliminates the redundant account creation and maintenance in the databases of these applications.

Actuate Reporting Framework ACL Plugin Extension

With intentions to form a merger with new a new company the authentication directory would have to change and more configuration settings would be required to configure plugin to alternative directory schemas. There was also a need to allow plugin to do authentication and authorization against separate directories (instead of single directory).

The plugin module was altered to support a few more configuration keywords that were read from the module configuration file. This included both altering parser to recognize the new keywords and well as holding the new configuration data persistent in the module accessible memory during reporting server runtime. One of the new configuration variables involved using a separate server for authentication phase of access control.

Module change allowed almost unlimited configurability for connecting authentication plugin against arbitrary LDAP directories allowing quick reconfiguration in changing environment.

External Partner FTP Sender logging

The FTP File sender tool was missing the logging to follow-up the FTP transfer tasks. The logging was also required for auditing purposes.

The logging was implemented as a logging to simple column-delimited tabular ASCII file that could be easily downloaded from the tool in excel format. The log could also be viewed as HTML formatted table within the tool.

The transfer tasks were properly logged for both management and auditing purposes.

EMC Fileserver Disk Usage Recording

With the new EMC file servers added to the site there was a need to monitor the space consumption on them and record it to the central database used by the web-based diskusage monitor tool running at site.

A script was written in Perl to parse the 3 separate reports (File servers, Quota trees, Diskusages) into a data container that was saved into the existing database storing the disk usage figures for users. Additionally a few new attributes (for EMC "soft" quota, and time "grace" periods) were added to the existing schema. The graphing on the reporting side of the tool was altered to support the new figures like "soft" quotas.

Adding support for the EMC file servers eliminated a lot of end-user questions relating to the file usages. Having all file usage visible allowed users to clean up their unneeded files easier.

VM Hosted Web Server Cluster Config and ACL Synchronization

The site had adapted a WMWare Virtual hosting cluster to host the new production and development web servers on site. This also means a need to keep the access control information in sync across the redundat servers.

The existing ACL Generator tool was changed to trigger replication of the generated master ACL configration file across all the sibling servers of the cluster (4 altogether) and signal them to re-read the configuration from the newly replicated ACL (Access control list) configuration.

Because of the smart syncronization scheme the ACL information is always in sync on all the redundant servers allowing them to look like one for their accessibility. With frequent changes in ACLs maintaining and adminitering server ACLs individually would create a remarkable admin overhead.

Global UNIX Account and Group Management Application

The Nokia Global UNIX Account management system had been created with a team of diverse members using multiple approaches and keeping code in sync with Subversion (SVN) version control. A complete review of system was in order to ensure code quality and optimal performace as well as future maintainability and extensibility of code.

Project team was called together with high level action plan. Code was reviewed, analyzed and an implementation plan was put together. Plan was executed with 3 developers applying the improvement changes in place. In the process Code was radically refactored utilizing SVN extensively (with constant commits and merges). The changes were tested on development environment to ensure correct behaviour.

The performance and clarity of the code were improved remarkably. The partitioning of functional scopes to separate files eased up concurrent code changes. By not introducing new features the stable functional baseline was referenced during testing to ensure high quality of sofware.

Account Creation Tool - New Hire UNIX, Windows and Exchange Accounts

Broadcom Account creation tool automates the creation UNIX accounts, Home Directories Windows accounts with easy and quick to use web portal (for IT admin and helpdesk staff) and set of automation scripts that act upon data entered on web portal. The progression of account creation (for all of its sub-phases) can be monitored on the website.

The web portal stores the entered new hire data into a central (MySQL) database. The automation agent scripts run partially on company / IT "master" site and partially on 40 remote sites, which have their own UNIX NIS and (NetApp) filer Infrastructure. The agent script installed on remote sites runs unmodified with single "site id" parameter, fetching account provisioning data from central database. The scripts are scheduled to run using UNIX corntab scheduling system. During the evolution of application the accounts were created in NIS and later in LDAP. The change was extremely quick because of well thought out modular design.

Account creation automation saved a large amounts of manual effort and error prone data entry that existed in the old fully manual process. The tool was still in use after 11 years of it's inception.

Cisco IP Phone Setup Web Tool

Cisco IP phone setup enables speeding up the setup and provisioning of the Cisco IP phone for an employee via a web portal. With only few employee parameters (Such as names, employee number, phone MAC address, device model, site and building) filled in on a form the Website sets up the phone. The only step remaining task is the delivery of a IP phone device to employees desk and connecting it to network. Web portal also provides visibility to site configurations, available number ranges, etc.

Cisco IP Phone setup uses the Documented Cisco Callmanager provided SOAP/XML API with (~) 5 calls made to server to lookup employee, reserve line (allocate number), register device and connect all this information together. Client side used HTTP Basic authentication for security.

The original process of setting phone via Cisco Call manager web GUI required telephony administrator to go through tedious page navigation and visit ~15 pages to fill in information to setup one phone. The cycle time of providing an IP Phone was reduced from ~15 minutes to ~2 minutes per phone (~85% reduction).

MyLSF - Portal for Viewing and Monitoring jobs on LSF

LSF (Load Sharing Facilities) is a product for hosting non-graphical engineering simulations on a large processing cluster often consisting of hundreds or thousands of UNIX hosts. Monitoring the jobs with LSF command line tools with all the associated switches takes a while to get used to. MySLSF Portal helps out by providing an easy browsing interface to LSF Jobs.

Browsing Web portal exposes Queues, Hosts and HostGroups at hi-level and detailed views. Portal also allows browsing LSF jobs underlying UNIX processes to see how jobs are being processed on cluster and to see if memory or CPU are constraining running the jobs on cluster.

Portal provided saved engineering time by not requiring every engineer to take the time to master the details of LSF command line utilities.

MyCitrix - Global Portal for managing UNIX Citrix Sessions

MyCitrix is a portal for managing engineers Citrix sessions worldwide on multiple (25) Citrix "farms" with multiple servers on each farms (total 75). Users are conveniently able to list their worldwide sessions on an all the farms and their hosts. Portal allows connecting back to previously established host sessions, disconnecting then and logging off from a session completely. Also forceful "reset" of a session is supported. Portal overcomes the limitation of Citrix provided session management software, where user cannot deterministically return to previous session (sometimes new session is created even if user wished to return to his previous work / applications in a Citrix session).

Portal is deployed as single central application instance deployment. Portals business logic is hosted in a set of Object oriented modules that encapsulate underlying Citrix commands to control sessions. These modules were contributed to CPAN with the permission of company CIO.

Engineers use MyCitrix as a quick-connect tool for their Citrix Engineering work session. MyCitrix has been staying in top 3 of intranet applications almost since its launch (Broadcom staff is 75% engineers).

IT HW Asset Collection

Easy to use portal for Employee termination related IT asset collection. IT Assets are tracked in Remedy system that provides a relatively clunky GUI. The web portal created for asset collection consist of an easy to use dynamic GUI that wraps the workflow between HR, (terminated) employees managers and IT Helpdesk staff (or alternatively shipping staff for SOHO employees) who ultimately take care of collecting the physical assets.

Portal consists of 10 screens with AJAX enhanced dynamic views (to eliminate redundant pop-ups or page transitions) and a modelled state transition workflow engine to avoid the traditional "rush-to-implement" if/else logic based workflow code that is hard to go back to and modify. Backend database for the used by the system is Remedy and it is accessed with direct ARS Perl API.

Human resources, Managers and IT were able to quickly and efficiently coordinate asset collection with minimal cycle time (at employee termination). The portal provided notifications to parties involved with particular termination on all the task completions.

Bluetooth Test Suite Runner

Bluetooth Group had their legacy testing framework developeed as C++ based framework. Running suites in various combinations was tedious writing these in C++. A scripting language interface was desired.

An easy-to use object orineted (OO) API was designed in Perl to wrap the unnecessary details and complexities of test setup to make it easy and productive to create new test suites. Even if the original the C++ API was written as procedural interface, the Perl API followed an OO model, making the testcode even more readable and terse.

Digital Video Group Remedy Ticket Search

Digital Video Technology (DVT) Synthesis group maintained their tasks in Remedy and needed a tool to search the tickets with very advanced search filters that Remedy out-of-the-box interface could not do.

A web tool with simple and advanced search user interfaces was created for the group. The search application ran in mod_perl runtime making it extremely responsive.

ASR - Automated Shipping Request Tool

ASR Tool was transferred to Perl App development group for hosting it in Linux LAMP environment (previously Windows /IIS) and for further development.

The base code cleanup and refactoring included 1) turning GUI views to use templating (from traditional print output and heredoc), 2) Moving to central connection pooling, 3) Reducing repetitive redundant code Additionally a shipping admin gui was added to manage shipping admins on 30 Broadcom sites.

Broadcom Business Automation Perl (Distribution)

Engineering and automation had throughout history developed a large amount of automations and applications with used a lot of Perl CPAN reusable modules. The modules installation and maintenance on per-application basis showed to be a unnecessary burden to many automation and application developers. Also the Company OSS (open source sofware) system often had perl versions and variants (version number, OS platform variant combinations), that had inconsistent modules installed. None of the off-the shelf Perl distributions fully served the semiconductor geared modules in their packaging. There was a need for multi-platform (Windows, Linux, Solaris Sparc, Solaris X86) Perl distribution that had the same consistent set of modules for each OS platform variant.

Active State Perl distribution was taken as a basius for the "enhanced" in-house distribution (utilizing the extensive Active state quality assurance the had put to base distro). Approximately 500 well known software, automation, IT and chip-design geared modules were selected into the in-house "Business automation" distro based on insights of long time perl experts (in team and partially outside). A effective small scale build system was created to automate the installation of CPAN modules (including the C-bindings, Perl XS C code compilations). Distribution was compiled on/to each target platform using the same base process. The distribution was stored in SVN (with *.so binaries for "platform native" modules) and deployed directly from there (As a curious technical detail, the active state script assisted "path relocation" process was applied when deploying the interpreter and modules to their final path location).

Business automation Perl gained populatity with engineering groups and IT teams that wanted to depend on reliable perl environment with consistent modules and use it on multiple platforms transparently.

Secure Sign Portal

Secure sign web portal allows engineers easy signing of firmware and boot loaders by uploading images to sign via web browser. The portal enables access to HSM (Hardware security module) that enables signing data with ultimately secure hardware stored keys. The application facilitates an easy workflow where "owners" of the security keys approve signing requests via email notifications. Approval is enabled directly via portal or directly by email (by typing "approve" / "decline" on the first line of email.

Application maintains key information (including owners, approvers, but not private key), workflow model as well as workflow (request) instance data in an (MySQL) database. The complete request and its progression is (slightly redundantly) tracked in Remedy database (notes are injected into work log at all workflow transition events). For approvals Securesign workflow supports multi-person approvals with OR, Parallel AND and Sequential AND logic, which cane be configure per key owners preference (i.e customizable flow per key). Portal communicates to HSM with a secured protocol tunnel (SSH), exchanging the content and the returned signature via tunnel.

Securesign portal provides automated approval flow, audited processing and encapsulated interface to signing process. Parties doing the signing do not need to be involved in the intricate and error prone details of signing process, let alone jot notes or memorize key names, HSM box addresses and in general deal with the low level details of the process. The application is still in use 11 years after it's inception.

LAMP App Platform Migration

With infrastructure change several Broadcom LAMP Perl and PHP applications were to be transferred from their old hosting environment on Sun Solaris, Apache 1.3 and mod_perl 1.0 hosting environment to Linux, Apache 2.2, and mod_perl 2.0 environment. While Linux to Solaris and Apache 1.3 to Apache 2.2 parts were fairly trivial, the migration from mod_perl 1.0 to (practically rewritten) mod_perl 2.0 required deep expertise on the changed Apache mod_perl interfaces (modules and APIs).

Applications were assessed for change needed and extent of modifications required. Applications were modified as needed to adapt to the new environment. Each of the applicatioins were tested in isolated development environment.

All applications migrated were tested and ended up running stable in the new Linux/LAMP/mod_perl hosting environment.

LAMP App CVS-to-SVN Migration

With Broadom IT version control system change from CVS to SVN all LAMP apps needed to be migrated to SVN and re-deployed from SVN to their respective development, quality assurance and production deployment areas. Perl scripting was used to ensure consistent mime-types and line endings across all files of 20+ LAMP applications (among other details of migration). Also the deployment documentation (for the initial checkout) needed to be revised and converted from using CVS commands to using respective SVN commands.

Because of the pioneer role in SVN migration (first to complete), the perl team helped several other IT groups in their SVN migrations.

ADP Payroll Transformer

ADP payroll provider offers customers two variants of their monthy payroll report - a no-cost single flat tabular text file (not usable directly as-is) and the normalized multi-table export/report for $7000/month. The free single file has the same information as the normalized multi-file version, just flattened into single file. The single file has an added problem of having varying column ordering and composition every month (however the columns are named in the file). Because of previous the file is not consumable / importable into relational database with usual off-the-shelf ETL tools. Payroll data was needed for company internal financial reporting purposes.

An advanced Perl parser was created parsing the file fully into intermediate in-memory data structures as the first processing phase. The data structures corresponded to a 7-table relational schema with references holding the relations together. The second processing phase mapped the the in-memory data into relational database using a Perl object relational mapper (ORM) toolkit. During development a MySQL database was used as an ETL transform destination and in production a MSSQL database was used. Only the (Perl DBI) database connection string (stored in configuration file) needed to change for production environment. The destination table SQL schema (compatible with MySQL and MSSQL databases) was modeled as part of project.

Finance was able to import the data for reporting from the data feed supplied for free instead of paying $7K/month for the same data in normalized format.

C Model Runner

Broadcom Digital Video Technology (DVT) Group simulates hardware being developed with SW based models developed in C language. These models contain security keys and algorithms only known to customers and they must be run in a controlled manner where the executable containing "secrets" is never seen by the user.

A secure wrapper was developed to allow secure C-Model execution. The C Model binaries are stored on a protected area and are only launchable by Perl+C hybrid where C-wrapper takes care of impersonation (elevating privileges from end users "effective user" identity to privileged accounts identity with dedicated POSIX calls) and Perl looks up the encrypted executable from a registry and decrypts it to run the binary. The decrypted binary was deleted after running it to never allow decrypted binary to be available for exposure. The system was still in use after 10 years of it's inception.

Intellectual property Exchange (IPX) Common Core Services (CCS)

IPX Core services is SOA Service to manage IP Design files repository and versioning and provide a set of service methods to sore, retrieve, compare (detect differences), copy (clone and inherit IP), validate (perform chip design topology checks ), inject uniquifying prefixes and watermarks to design files. The end-user GUI client tier is a completely separate application, but CCS provides some developer and admin geared web GUIs to monitor processing of asynchronous requests.

IPX Core services was designed as JSON-RPC service, where JSON format well facilitates the need to pass arbitrarily complex (deep, tree-like) data sets as parameters to service. An asynchronous processing model was designed and engineered on top of basic request/response based synchronous JSON-RPC processing model - an asynchronous processing is spawned in the background with JSON-RPC response being sent back, while only at the end of processing The IPX CCS is modeled as Object class hierarchy of 15 associated classes which enable access from SW (Software) and HW (hardware) client tiers. Application reuses dozens of Perl/CPAN base functionality modules to implement all its features efficiently via reuse (Examples: DBI, StoredHash, Text::Template, File::*, ...).

Increases engineering efficiency and legal compliance by providing a centralized repository containing all IP in use across company products.

Bluetooth (BT) Address allocator

Bluetooth Group had their own small command line (CL) utility BT address. The address allocation tasks were being transferred to marketing staff, not familiar with CL usage, so a graphical GUI version had to be built. Loosely based on the logic of CL utility, the core (allocation) logic of refactored into Perl object oriented (OO) module, which was then shared by both the new CL utility and the easy-to-use GUI version (for marketing staff).

Webdisk App migration

The broadcom IT diskspace reservation tool that was hosted on an ad-hoc RedHat environment, needed to be transferred to the standard Broadcom LAMP hosting environment. Migration tasks included creating a new server config, reviewing an testing external HTML references (for images, stylesheets and javascript) and moving application under version control. Also NFS disk mounts to disk areas that the application was using had to be requested and configured.

LAMP Single Sign-on (SSO)

With requirements for added security and single universal sign-on (SSO), IT chose "IBM Access manager" backend product for the SSO server. With this top-level change there was a need to integrate this product into IT LAMP Stack authentication flow.

A solution was architected in a way that requires no changes to any of the applications. An apache module was deployed on LAMP servers to replace the old HTTP basic authentication mechanism.

The global IT mandated SSO authentication compliance was implemented transparently with no changes to individual applications.