Siemens Xcelerator Technology Governance for Marketplace Sellers¶
Scope of the document¶
The scope of this document is to describe the current technology governance for Siemens Xcelerator for Marketplace sellers. The document will give a quick overview of Siemens Xcelerator, provide a description of the role and responsibilities within technology governance, and then list the principles to be followed for Xcelerator offerings if they want to be flagged as “X” offerings. At the end, it contains a comprehensive list of the governance decisions in place today.
Introduction¶
The target of the Siemens Xcelerator is to establish an open digital business platform, driving digital transformation and sustainability for customers. It contains all required elements to make Siemens customers more successful and help them achieve large benefits through digital capabilities in the industrial processes.
An overview of Siemens Xcelerator¶
Siemens Xcelerator is the digital business platform of Siemens, designed to support customers in their digital transformation. Siemens Xcelerator combines a curated portfolio, a continuously growing, powerful ecosystem of certified partners; and a marketplace to explore, educate, exchange and purchase alongside a community of customers, partners, and experts.
The Xcelerator portfolio¶
The Xcelerator portfolio is curated in such ways that the offerings support the customers with their business questions on their digital transformations. It contains Software, services and selected hardware for industries, buildings, grids, and transportation – from all Marketplace sellers including Siemens. In detail it contains the following types of offerings:
- Software: All standalone software, independent of the delivery method (cloud or on premise) used and the business model employed
- Digital services: Serving industrial use cases, leveraging data to derive insights; monetized as application, platform, or service. The digital service is included independent of delivery (e.g. cloud or on-premise) and business model (e.g. perpetual & recurring)
- Consulting and Integration services: Consulting services on Xcelerator related topics and integration services for software, digital services and hardware
- Xcelerator hardware: The Xcelerator hardware needs to be future-proof, out-of-the-box connectable to other devices/a network with standard connectors with bidirectional communication and remote updatable
Xcelerator offerings and their customer promise¶
The Xcelerator portfolio must deliver more value to customers using the strong growing ecosystem, following the design principles based on market standards and up-to-date technologies. These design principles are:
- Interoperable – ensuring that solutions work seamlessly together, whether they are IT or OT, providing easy and quick integration within and around our customers’ own environment
- Flexible – each individual offering is modular so customers can pick what they need and scale when growing and it can be easily personalized e.g. through our low code environment. Mendix to fit specific customer needs
- Open – ensuring offerings are based on standardized application programming interfaces (API) and provide data context to enable powerful data analytics and insights.
- As-a-service – solutions will be available as-a-Service from the cloud or fully automated on edge devices. This will remove operational complexity, high upfront investments, and hassle by giving customers the latest available technology when and where they need it, with operational expenses based on consumption and maximum flexibility.
- Cybersecure – ensuring that solutions are secure-by-design and secure-by-default following market-standard Cybersecurity frameworks (such as ISO 27001, IEC 62443 and others), implementing state-of-the-art Cybersecurity controls to protect customers, their data and IT/OT environment, as well as being regularly assessed with respect to vulnerabilities and compliance towards relevant Cybersecurity laws and regulations.
Technology governance¶
Ecosystem roles and responsibilities¶
Customer – ecosystem participant:
Challenges value proposition
Receives benefit of use of offering
Possibly co-creates new offerings
Marketplace seller – ecosystem participant / customer value enabler:
Develops Xcelerator offerings (Software, services or Xcelerator hardware), creating business value for customers
Adheres to the Siemens Xcelerator principles and follows the technology governance guidelines for Marketplace sellers
Provides Marketplace operator and Siemens partner management organizations with accurate product, service, or solution information. Updates the information when necessary
Siemens businesses – ecosystem participant / customer value enabler:
Follows the markets and develops offerings creating business value for customers
Adheres to the Siemens Xcelerator design principles as described in chapter 3.2 and follows the technology governance guidelines
Provides the Marketplace with accurate topic, product, service, and solution information. Updates the information when necessary
Shapes the future development of Xcelerator
Siemens Xcelerator Marketplace operator – seller, technology, and cross-value enabler:
- Engages with new and existing Marketplace sellers to introduce to and help to explore the Xcelerator and the Marketplace
- Supports Marketplace sellers in identifying and bringing relevant content to Xcelerator
- Manages the relationship with sellers continuously and aims to expand the ecosystem and the seller offerings on the Marketplace
- Supports the Marketplace sellers for a well-functioning Xcelerator and ecosystem
- Works together with Partner management organizations helping existing Siemens partners to become Marketplace sellers and introduces Marketplace Sellers back to Siemens partner management organizations to check for joint business opportunities
- Is responsible for corporate governance in respect of portfolio and technology including the technical frame architecture
- Supports the Xcelerator offering growth, including supporting the Marketplace sellers with technical content
- Gathers feedback from ecosystem participants on requirements and missing functionalities and way forward
Principles of the Siemens Xcelerator technology governance¶
Technical governance defines and implements rules so that offerings can fulfil the design principles. The differentiation of the Xcelerator offerings comes from leading applications and business capabilities, addressing real customer business problems. The technical foundation, created through the technology governance decisions, is merely an enabler to support the speedy development and deployment of great customer offerings. Different domain offerings will co-exist next to each other but will federate and be able to work together to create a seamless user experience. Therefore, Siemens Xcelerator does not aspire for an integrated technology platform, but instead focuses on a slim technology governance.
Technical frame architecture for software offerings¶
The functionalities of Xcelerator “X” offerings are mapped into a common technical frame architecture. It contains loosely coupled functionality blocks and a very small and slim set of governed items. The technology governance is only there to ensure that the offerings deliver on the customer promises depicted in the design principles. In the frame architecture, the different functionality blocks are pulled together into “pillars”, each of which contain a similar type of functionalities. This starts with foundational elements and goes up to applications and customer facing packaged business capabilities (PBCs).
Specific requirements for Xcelerator software offerings¶
The design principles for Xcelerator offerings are clearly linked with customer value. However, they are very difficult to examine and to validate. Therefore, on a high level, a set of auditable technical requirements was drafted to ensure an Xcelerator software offering will deliver on the Xcelerator design principles. Any Xcelerator “X” offerings need to fulfil all of the following criteria:
The offering is based on cloud and / or edge technology – modern software offerings need state of the art and highly standardized infrastructures with large, automated deployment and operations capabilities. It is delivered as a service, no own operations by the customer needed for cloud offerings, maximum operations support available for edge deployed offerings.
Selected offering functionalities are provided through APIs – move away from monolithic on premises based software towards a state-of-the-art architecture with functional modules interconnected via standardized interfaces / APIs
Mandatory technical elements are utilized – slim but important set of rules to enable the design principles on the topics of Identity and access management, API guidelines and central API catalogue, Data layer, connectors & Ontology Library, Edge Computing – Device and App Mgmt and Low code development / Mendix
The following technical decisions and standards are in place to deliver on the criteria mentioned above:
1. Usage of modern architectures based on cloud and / or edge¶
Modern software offerings need modern and highly standardized infrastructures. Such infrastructures can be cloud environments, managed edge offerings,a combination of these two approaches or in some cases where the user experience demands it also from mixed deployment models leveraging specific hardware or user devices for execution of code. For customers it is important to make deployment, operations, and software maintenance as easy as possible. Therefore, Xcelerator Marketplace seller software will be provided as a service, leveraging full automation for deployment, operations, monitoring and updates, using either the capabilities of the cloud environments or the automation elements and tooling provided by the scalable edge systems. Important is that these applications always deliver on the design principles that are defined in Siemens Xcelerator.
2. Functionality and data provided through APIs as core drivers of openness¶
Xcelerator Marketplace seller offerings need to provide APIs for cloud and edge to ensure the customer promise of openness. Users of those APIs are internal developers, developers from ecosystem Marketplace sellers as well as developers at customers.
The key thoughts behind the Siemens Xcelerator approach on APIs is spelled out in the Siemens Xcelerator API manifesto:
2.1 Siemens Xcelerator API Manifesto¶
Customers expect products tailored for integration with their IT landscapes and processes. This cannot be resolved with monolithic software applications. Openness and interoperability are thus important enablers for the digitalization needs of our customers, while efficient integration and low maintenance effort are key to our own business success.
Managed APIs are the means for efficiently integrating, bundling, or extending existing functionality in new ways and thus for responding to the identified challenges. A proper implementation of managed APIs in an organization requires adequate trade-offs in everyday decisions. Therefore, we prefer:
• Software with APIs over software without APIs
Exposing APIs fosters reuse of implementations to create new products from existing building blocks and easier integration of systems.
• Simplicity and focus over complexity
Reducing complexity to the necessary minimum and focusing on the essentials improves effectiveness and habitability of an API.
• Self-explanatory APIs over exhaustive documentation
Expressiveness of an API improves its usability and reduces the need to consult additional documentation.
• Long-term API stability over breaking changes
Stable APIs reduce costs for our customers by enabling planned and controlled transitions to subsequent versions.
• Overarching consistency over individual variations
Consistency within the API itself, its documentation and its tool landscape improves habitability and usage efficiency.
2.2 Siemens Xcelerator API Strategy¶
Siemens Xcelerator APIs rely on the following strategic guidelines:
- Use Open Standards to achieve interoperability
- Use Open-Source Software and contribute upstream
- Aim for zero marginal cost (additional users do only increase compute cost, no license fees)
- Develop api.siemens.com in an Open-Source way internally
- Follow The Twelve-Factor App and API First principles
- Make APIs as accessible as possible, using well-known formats, a common look and feel for documentation and playgrounds with (at least) mocked back-ends
2.3 API guidelines and central API catalogue¶
Commonly applied API design guidelines lead to a consistent cross-product developer experience. This means flatter learning curves and lower integration efforts for customers. Furthermore, shared tooling, blueprints, and trainings lead to higher quality APIs.
When implemented correctly, central API guidance leads to lower guidance efforts and faster development cycles in each individual project.
Therefore, Siemens Xcelerator developed and published API guidelines concerning technology agnostic API aspects and specific API design guidelines for REST API. Asynchronous Messaging design guidelines are in preparation. Other technologies like GraphQL or gRPC will follow as needed.
For Marketplace seller applications, provision of functional blocks through APIs is mandatory. Adherence to the API guidelines, as well as publishing on Siemens Developer Portal under https://developer.siemens.com, is recommended.
3. Identity and access management (IAM)¶
Each Marketplace seller in the ecosystem builds own applications and realizes their own instance of the Xcelerator concepts. As a result, each domain-specific offering stands on its own and can run self contained. Due to this the IAM system required to authenticate users is then part of each domain specific offering. Latest when we must connect offerings to solve customer problems there would be usability experience problems as users would require different user accounts – one for each domain specific environment.
To overcome this usability drawback, the IAM systems of the domain-specific offerings need to be federated to achieve a Single-Sign-On user experience for the user. The federation is performed by a mechanism that performs user account mapping of the created identities in the domain-specific offerings.
It is mandatory for all Xcelerator Marketplace seller applications to provide identity federation based on SiemensID to enable Single Sign On (SSO) for cloud application users.
4. Data layer, connectors & Ontology Library¶
Data integration and the usage of data semantics are key elements for industrial data enabled applications. Integrations into different target systems are essential, therefore connectors to such systems should be built in a common framework to enable simple sharing between applications. Ontologies carry meaning of data and allow data elements to be integrated easily between applications, domains, and offerings. These different ontologies are combined in an Xcelerator ontology library to allow easy handling of data along a use case even if it is crossing domain borders.
In detail, Siemens Xcelerator recommends for Marketplace seller applications:
Documentation and description of domain-specific ontologies within the Siemens Ontology Library
Consideration of both models and connectors in the publicly available parts of the Siemens ontology library as preferred options when building offerings
5. Edge Computing – Device and Application management¶
Edge devices and computing on such edge devices are core elements in industrial digital offerings. Device management and application management on edge devices are the main enablers in such a setting.
Siemens Xcelerator requires for Siemens offerings the mandatory usage of one of the two preferred options, Industrial Edge or Edge Digital Services. For Marketplace seller applications, usage of the Siemens Industrial Edge offering is recommended.
6. Low code development / Mendix¶
In Siemens Xcelerator, customers and Marketplace sellers are enabled to easily create customer specific applications or adapt existing applications to better support the specific customer requirements. Siemens Xcelerator provides for this not only APIs, but also provides the market leading low code environment Mendix. Next to the standard Mendix capabilities, Siemens Xcelerator also provides the key APIs / packaged business capabilities through Mendix for the simple usage in customer applications.
In Siemens Xcelerator, Mendix is the preferred option for low code for Siemens applications. For Marketplace seller applications, usage of Mendix as preferred option for low code is recommended.
7. Cybersecurity¶
Marketplace seller shall take appropriate organizational and technical measures to ensure the confidentiality, authenticity, integrity and availability of Marketplace seller Operations as well as products and services. These measures shall be consistent with good industry practice and shall include an appropriate information security management system consistent with standards such as ISO/IEC 27001 or IEC 62443 (to the extent applicable).
“Marketplace seller Operations” means all assets, processes and systems (including information systems), data (including Customer data), personnel, and sites, used or processed by Marketplace seller.
Should products or services contain software, firmware, chipsets or integrated circuits:
i. Marketplace seller shall comply with safe, state-of-the-art software development methods including secure coding standards, such as, e.g.,OWASP standards;
ii. Marketplace seller shall implement appropriate standards, processes and methods to prevent, identify, evaluate and repair any vulnerabilities, malicious code, and security incidents in products and services which shall be consistent with good industry practice and standards such as ISO/IEC 27001 or IEC 62443 (to the extent applicable);
iii. Marketplace seller shall continue to support and provide services to repair, update, upgrade and maintain products and services including the provision of patches to Customer remedying vulnerabilities for the reasonable lifetime of the products and services;
iv. Marketplace seller shall provide to Customer a bill of materials identifying all third-party software components contained in the products. Third-party software shall be up-to-date at the time of delivery to Customer;
v. Marketplace seller shall grant to Customer the right, but Customer shall not be obliged, to test or have tested products for malicious code and vulnerabilities at any time, and shall adequately support Customer;
vi. Marketplace seller shall provide Customer a contact for all information security related issues (available during business hours).
Marketplace seller shall promptly report to Customer and the following Siemens Cybersecurity contact addresses all relevant information security incidents occurred or suspected and vulnerabilities discovered in any Marketplace seller Operations, services and products, if and to the extent Customer is or is likely to be materially affected.
i. for security incidents: cert@siemens.com
ii. for security vulnerabilities: svm.ct@siemens.com
Marketplace seller shall take appropriate measures to achieve that its subcontractors and suppliers shall, within a reasonable time, be bound by obligations similar to the provisions of this section.
Upon Customer’s request, Marketplace seller shall provide written evidence of its compliance with this section including generally accepted audit reports (e.g., SSAE-18 SOC 2 Type II).
8. Summary of technology governance requirements for Marketplace seller offerings¶
Criteria | Regulations for Marketplace seller offering |
---|---|
Offering is based on cloud and / or edge technology | Mandatory |
Functionalities and data of offering are provided through APIs | Mandatory |
Public APIs are published on Siemens Developer Portal | Recommended |
APIs follow Siemens API guidelines | Recommended |
Identity federation is done with Siemens ID to enable Single Sign On (SSO) for cloud applications | Mandatory |
Ontologies from Siemens Ontology Portal are considered as preferred option when building offerings | Recommended, if ontologies used Marketplace seller |
Newly created ontologies are published on Siemens Ontology Portal | Recommended, if ontologies used |
For edge products one of the two Siemens edge platforms, Industrial Edge (DI) or Edge Digital Services (SI), are used for Device and App Management | Recommended for edge offerings |
Mendix is considered as preferred option for low code software application development | Recommended |
Offering complies with Cybersecurity requirements | Mandatory |
Complete technical documentation on all of these topics as well as reference implementations and further information are available through Siemens Xcelerator marketplace operator.
Acceptance of Xcelerator Marketplace seller software offerings¶
For any new Xcelerator Marketplace seller offerings to be certified, the following steps must be executed:
• The owner of the Marketplace seller offering requests acceptance of the Marketplace seller offering into Xcelerator and confirms the offering fulfils the defined criteria.
• After successful pre-validation of the new offering, Siemens Xcelerator marketplace operator review the validation approach and finally decide on the acceptance for the Siemens Xcelerator Marketplace seller offering.