Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Nexus Helps Cure Cancer

April 05, 2019 By Derek Weeks

*Note: Join us live and online for the 2019 Nexus User Conference on June 12. Registration is free.

The National Cancer Institute (NCI) is the largest funder of cancer research, and Sarah Elkins (@configures) helps run their infrastructure, which supports everything from 700 websites, complex bioinfomatics applications, some legacy applications, some new, mostly virtual machines, some physical servers, an on premise data center, and an increasing amount on Amazon Web Services. All of that, and developers range from lone scientists to large teams.

At the 2018 Nexus User Conference, Sarah discussed how they use Nexus Pro Repository Manager to help manage the NCI’s applications securely and efficiently. We were so enamored by her story when she shared it with the AllDayDevOps conference - that we thought it was worth sharing again, and again, in different ways. 

Digging right into the details - at the time. Sarah noted that most of their instances of Nexus Pro Repository Manager are a 2.x instance, but that they were in the process of migrating to 3.x  (which we recommend everyone does). Some highlights include that they use the Maven format -- binaries + text, host locally build/customized binaries, use some manual uploads performed by administrators, and some published application binaries, which enable automatic publications from builds.

Most of their instances use Maven or Apache Ant, and they provide a settings XML file which point to Nexus instances for dependencies. This ensures they point to their instance so they know it is up, what is cached, etc.

Of course, to gain the most from Nexus Repository Manager, it needs to be integrated into the Continuous Integration workflow. When Sarah talked about their flow a couple months ago - she shared they are using open source Jenkins to manage the workflow, their build scripts refer to the Nexus repository and they are also running experiments with Travis CI and other tools.

Their build artifacts may be zips, wars/ears, or Docker, while release packages are primarily stored on Jenkins with a few published to Nexus (Maven) and Nexus Docker image server. Deployments have the standard tiers of dev, QA, stage, and production, except some projects have special tiers - such as for data curation.

This begs the question - what benefits is NCI seeing by using Nexus? First, Sarah said that most of their code is public on GitHub, so Nexus makes it easier to manage.

It also:

  • Simplifies the maintenance of internal artifact repositories and access to external artifact repositories

  • Hosts other types of artifacts (not just those generated by Maven)

  • Proxies requests for external artifacts and caches the results (build resilience)

  • Provides a deployment destination for NCI-generated artifacts, e.g. release packages

The future opportunities include leveraging Nexus Repository Manager 3.x NPM and Yum capabilities, integration with workflow tools, Puppet/Ansible integration, and security improvements, such as scan dependency artifacts before building and more integration and automation.

Sarah outlines more practitioner-specific details of how they are using Nexus in her full 2018 Nexus Users’ Conference - which you can watch here

Remember to keep your eye on our blog as we share more session recaps from the 2018 conference ahead of this this year's event happening on June 12. 

 

Tags: Nexus Repository, Nexus User Conference, Product, Customer Stories

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.