Building with .NET Core and Docker in TeamCity on AWS

By Dr Philip Kendall, Lead Analyst, Control F1.

Building with .NET Core and Docker in TeamCity on AWS

At Control F1, we’re always evaluating the latest technologies to see if and how they’ll fit with our clients needs. One of our core strengths is in .NET development, so we’ve recently been looking at the newly released Visual Studio 2017, along with .NET Core 1.1 and combining this with our ongoing use of Docker to create microservices. We always like all our projects to have continuous integration to ensure a consistent and repeatable build process – in our case, we use a TeamCity instance running in AWS for this. However, actually getting everything to build in TeamCity wasn’t quite as easy as we would have hoped due to a few minor niggles, so I’ve put together this blog post to capture everything that we needed to do.

To read the rest of this blog, please click here


How data and intelligence are not the same thing

Data is more and more seen as a panacea to improving business performance and providing insight. Think: data on customers, employees, machines, logistics and so on. But let’s not forget that technology is merely a tool, and data the raw materials we mine. It’s what we do with that material that matters. Duncan Davies, Commercial Director for Notify Solutions, wants to see more organisations mining the data and engaging with it to dig out the diamonds of insight and innovation.

Not a day goes by without a media story about data. Sometimes it’s the use and control of personal data (see Facebook), sometimes it’s about the stealing of data (see Yahoo) and sometimes it’s about how blindly trusting we are of ‘the data’ (see predictions on Brexit and Trump).

There’s a mistaken view that harvesting data is what it’s all about. That having the data in a cool database (ideally ‘up in the cloud’) will just throw out “answers”. Even better, if you can apply some ‘artificial intelligence’ to that data…that’s really sexy. Bringing in software tools that help gather all this data is seen as the end goal. The budget is spent. The software is deployed. And bang!

I’d argue that a lot of companies stop at that point and simply rely on the basic dashboards and standard reports they are given. Don’t get me wrong: some of the world’s greatest inventions have been stumbled upon completely by accident, or while the inventor was looking for something else (Steven Johnson calls this Serendipity and Exaptation in his great book ‘Where Good Ideas Come From’). But by and large, this pursuit of data for its own sake risks losing sight of the bigger fundamental: the ability to ask the right questions. We gather all this incredible data and it just sits there waiting. Containing diamonds that might never be found.

Asking the right questions drives what data you look to gather, and what you’re looking into that data for. Even better to then share that data within the organisation so that different perspectives can be applied. But you have to do this proactively; putting data in a glass cabinet and hoping people will glance at it as they pass isn’t going to work. It needs to see a cultural shift from measuring everything, to measuring what matters.

As an innovative technology business, we’re obsessed with making data faster and easier to access (and it’s in the Cloud!). But there’s still a crucial step that businesses need to grasp, which is that data only equates to intelligence when it’s properly interpreted and delivered in a useable way.

This is a challenge to the sort of apps that are now being produced to collect data. Our Health & Safety app, Notify, is awesome at gathering really good data very quickly, and sending it to a ‘back end database’ for actioning and then into a funky dashboard for review.  We’re working on predictive algorithms that will alert users to impending issues, but in truth without the skills to interpret data and information, our users still risk missing the opportunity to engage with the data, to use it to pose questions and to drive behavioural change. We can help (we’re lucky enough to have our own data scientist) but I’d argue it’s the company that best knows the questions to ask.

Taking the data, asking questions of it, and then making changes based on that data that can be measured; now that’s intelligence.

So the next time you look at a product and get excited about all the data it can collect for you, make sure you ask yourself whether you have the organisation skills and resource to do something useful with it that truly helps your business improve and innovate.

Labels, Camera, Action…!

By Control F1 Lead Architect Phil Kendall.

Control F1 were asked earlier this year to work with a global pharma company to write the control software for a complex piece of physical hardware. Integrating all the moving pieces had proved a challenge, so our client needed a company with extensive experience in developing complex pieces of Windows software. From the specification supplied by our client, we quickly identified that there were going to be two main challenges in this project:

  • Integrating with the hardware in the project: four barcode-reading cameras from Cognex, and a Siemens S7 PLC, for which the control software (and physical machine) was supplied by HERMA.
  • Being able to develop and test the software. There was only one instance of the HERMA machine, and that was already installed on the client’s site (and it’s too big for our office anyway!); similarly we weren’t going to have enough cameras to let everybody working on the project have a full set of cameras.

Integrating with the hardware

Interfacing with the Cognex cameras themselves is relatively easy, as Cognex supply a full .NET SDK and set of device drivers to perform the “grunt work” of communicating with the cameras. However, the SDK is still relatively low-level: it lets you perform just about anything with the cameras, but obviously doesn’t have any business domain specific functions. On a technical note, the SDK is also a little bit “old school” and doesn’t make use of the latest and greatest .NET features – a decision which is completely understandable from a Cognex point of view who need their SDK to be useable by as many consumers as possible, but does mean that the SDK doesn’t quite fit neatly into a modern .NET application.

To work around both these issues, we developed a wrapper around the Cognex SDK that both encapsulates the low-level functionality in the Cognex SDK into the higher level business functionality that we needed for the project, and also presents a more modern .NET style interface, for example using lambda functions rather than delegates. The library has very much been designed to be a generic wrapper for the Cognex SDK so that we can re-use it in any future projects which use the Cognex cameras.

For the Siemens S7, we did a small amount of research and found the S7.Net Plus library. Once again, this enables low-level communications with the S7 PLC so we wrapped it in a higher level interface which implemented the business logic that HERMA had built on top of the S7 PLC.

Both libraries were tested when we had access to the hardware, the Cognex library by actually having a camera here at Control F1 HQ, and the HERMA library with assistance from HERMA who were able to set up a copy of their software at their site and give us remote access.

Developing and testing

As noted above, our big challenge here was how to develop and test the software without everybody having access to cameras and the HERMA machine. The trick here was simply to remove the requirement for everybody to have hardware: by developing a facade around the Cognex and HERMA libraries, we were able to make it so that we could use either the real interfaces to the hardware, or a emulator of each device which we developed. The emulators were configurable so that we could adjust their behaviour for various cases – for example, simulating a misread from one of the Cognex cameras, or a fault from the HERMA system.

The emulators were invaluable to us while developing the project: they allowed us to at one stage have three developers and a tester working on the project, and also to be able to have a demo VM which we could give to the client to let them test how the user interface was evolving, all without needing any hardware or for people to travel to anywhere – with the obvious savings of time and money all that brings.

So, did it all work?

Now, it’s all well and good developing against emulators, but emulators are no good if they don’t have the same behaviour as the real system. The moment of truth came when we sent our COO, Nick Payne, and Lead Architect/Developer, Phil Kendall, to the client’s site in order to put everything together on the real hardware… and the answer is that things worked pretty well. We’d be lying if we said everything worked perfectly first time, but the vast majority of the hardware was up and running within a day. The rest of the week was a pattern familiar to anyone who’s done integration testing before: mostly fairly quiet while we ran through the client’s thorough test plan (thanks Nick for his sterling work keeping everything running smoothly) interspersed with occasional moments of panic as the test plan revealed an issue (thanks Phil for some frantic and occasionally late-night hacking to fix the issues). By the end of the week, the client had signed the machine off to move into production, and Nick and Phil just about managed to get home at a reasonable time on Friday evening.

What did we learn?

From a Control F1 point of view, the most important knowledge we gleaned from this project was the work with did with the Cognex cameras and SDK – they’re some very nice pieces of kit, the SDK is a solid piece of code and we’ve now got the emulator framework we can use to accelerate development of any future projects using the Cognex cameras. Similarly, we’ve now got a way to interface with Siemens S7 PLCs which we can reuse for any future projects.

Other than that, the project reinforced a couple of good software engineering practices which we knew about:

  • Do the less understood bits of the project first to reduce risk. By focusing our initial development efforts on the hardware integration side, we were able to reduce the uncertainty in our planning – this in turn meant that we were able to confidently commit to the client’s timescales relatively early on the project.
  • Log everything. When you’re working with real hardware on a machine on a remote site, being able to get an accurate record of what happened when a problem occurred is invaluable. However, don’t log too much – if the camera is giving you a 30 line output, you don’t need to log the output as it passes through every level in the system as all you end up with then is a log file which is very hard to read.

Sound interesting?

If you’ve got a project which it sounds like we might be able to help you with, please drop us a line.

R, spray-can and Docker

Control F1 Lead Architect Phil Kendall gives some advice on performing R calculations in microservices.

Back in January this year, Control F1 started work as the lead member of the i-Motors consortium, a UK Government and industry funded* project working towards viable, commercially sustainable Smart Mobility applications for connected and autonomous vehicles. One of the key elements we will be delivering as part of the project is the capability to add predictive and contextual intelligence to connected vehicles, allowing all individual drivers, fleet managers and infrastructure providers to make better decisions about transport in the UK. At a coding level, this means we need to get some data science / machine learning / AI code written and deployed. This post gives a quick run through of the technology choices we made, why we made them and how we implemented it all.

Why R?

There are effectively two choices for doing “small scale” (i.e. fits into the memory on one machine) data science; R and Python (with scikit-learn). It just so happens that I’m much more an R guy than a Python guy, and the algorithms we wanted to deploy here were written in R.

Why Docker?

For i-Motors, we’ve gone down the microservices route for a lot of the common reasons, including the ability to independently improve the various components of our system without needing to do high risk “Big Bang” deployments where we have to change every critical part of the system at once. There are obviously alternatives to Docker for running microservices – while this post is Docker-specific, it shouldn’t be too hard to adapt what’s here to another container platform.

Why spray-can?

This is where it gets a bit more complicated! Excluding the definitely right out there on the cutting edge Docker for Windows Server 2016, running Docker means running Linux. At Control F1 we’re mostly a .NET house on the server side, so a number of the i-Motors components have been written in .NET Core and very happily deploy themselves on Docker. However, the .NET to R bridge hasn’t yet been ported to .NET Core, so there’s no simple way for a .NET Core application to talk to R at the moment. I investigated a couple of other options for bridging to R, including using node.js and the rstats package. Unfortunately, the official release of rstats doesn’t work with the latest versions of node, and while there are forks out there which fix the issue, basing a long-term project on a package without official releases didn’t seem like the wisest solution. The one option which did present itself was JRI, the Java/R Interface which I’d made some use of before when running on the JVM.

When it comes to JVM languages, I’m a big fan of Scala and the toolkit – again, the solution here isn’t particularly tied to Scala and and should be relatively easy to adapt to any other JVM language and/or web API framework.


All the code for this blog post is available from Bitbucket. I’ll give a brief overview of the code here.


The web API is set up in RSprayCanDockerApp and RSprayCanDockerActor. This is pretty much a straight copy of the spray-can “Getting Started” app, with the notable exception that we bind the listener to rather than localhost – this is important as the requests will be coming from an unknown source when deployed in Docker.

R integration

The guts of the R integration happens in the SynchronizedRengine class and its associated companion object. There are two non-trivial bits of behaviour here:

  • The guts of R are inherently a singleton object – there is one and only one underlying R engine per JVM. SynchronizedRengine.performCalculation() has a simple lock around the call into the R engine so that we have one and only one thread accessing the R engine.
  • The error handling is “a bit quirky”. If the R engine encounters an error, it calls the rWriteConsole() function in the RMainLoopCallbacks interface. The natural thing to do here would be to throw an exception, but unfortunately the native code between the Rengine.eval() call and the callback silently swallows the exception, so we can’t do that; instead we stash the exception away in a variable. If the evaluation failed (indicated by it returning null), we then retrieve the stashed away exception. In Scala, we wrap this into a Try object, but in a less functional language you could just re-throw the exception at this point.

Docker integration

The Docker integration is done via SBT Native Packager and is pretty vanilla; three things to note:

  • The Docker image is based on our “OpenJRE with R” image – this is the standard OpenJDK image but with R version 3.3 installed, and the JRI bridge library installed in /opt/lib. The minimal source for this image is also on Bitbucket.
  • We pass the relevant option to the JVM so that it can find the JRI bridge library: -Djava.library.path=/opt/lib
  • We set the appropriate environment variable so that the JRI bridge library can find R itself: R_HOME=/usr/lib/R

If you just want a play with the finished Docker container, it’s available from Docker Hub; just run it up as “docker -p 8080:8080 controlf1/r-spraycan-docker“.

Putting it altogether

For this demo, the actual maths I’m getting R to do is very simple: just adding two numbers. Obviously, we don’t need R to do that but in the real world you should be able to substitute your own algorithms easily – we’ve already deployed four separate machine learning algorithms into i-Motors based on this pattern. But as demos are always good:

$ curl http://localhost:8080/add/1.2/3.4


Where next?

What we’ll be working on in the near future is investigating how this solution scales with the load on the system – a single instance of the microservice will obviously be limited by the single-threaded nature of R, but we should be able to bring up multiple instances of the microservice (“scale out” rather than “scale up”) to handle the level of requests we expect i-Motors to produce. I’m not foreseeing any problems with this approach, but we’ll certainly be keeping an eye on the performance numbers of our “intelligence services” as we increase the number of vehicles in the system.

* i-Motors is jointly funded by government and industry. The government’s £100m Intelligent Mobility fund is administered by the Centre for Connected and Autonomous Vehicles (CCAV) and delivered by the UK’s innovation agency, Innovate UK.

Why you can’t afford to ignore the new Health and Safety sentencing guidelines

By our Commercial Lead, Duncan Davies.

New sentencing guidelines were issued in February for breaches of Health and Safety (H&S) regulations. It’s safe to say this didn’t make the front pages.

The new guidance was devised independently of the HSE (although the HSE provided input into the process), and comes in a couple of “easy-to-use grids” that allow you (in theory) to estimate your potential level of fine for a particular offence.  The idea is simplification and there’s a link to the new guidelines at the end of this post.

At a recent seminar at the Safety & Health Expo 2016 in London, roughly 50% of the audience raised their hand when asked whether they were aware of these changes.

If you’re in the 50% that don’t know, here’s a few thought-provoking questions:

  1. How many £1M+ fines have there been since the law changed in February 2016?
  2. What’s the longest prison sentence that’s been passed down in the last 6 months?
  3. Are you aware you can receive the same fine irrespective of anyone being injured, if there is shown to be culpability and a lack of H&S procedures?

Before we share the answers, it’s important to recognise that this new guidance is intended to send a blunt message to business: that Health & Safety is no more the preserve of the overly cautious, process-obsessed, budget-starved, H&S professional tucked away in a broom cupboard.

Health & Safety is now well and truly heading to the centre of the Board table. We’re now seeing the reality of directors themselves heading to prison, and fines being imposed that are ‘meaningful’ where previously they might have been a mere ‘slap on the wrist’.

Some argue that the new guidelines are mostly designed to increase a source of income from large companies, who now face the largest consequences of these new guidelines. A more public-spirited person might say they are intended to make the workplace safer for more people.

A key aspect that’s changed is that there’s now a focus not only on harm done, but also the harm risked. In theory this makes a lot of sense. If two companies commit the same ‘sin’, both should be liable, even if only one of them is ‘lucky enough’ not to actually hurt someone.  In reality it’s going to be a painful process to prove what could have happened, but didn’t.

All of this means giving renewed focus on employee engagement and to those projects that build a safety culture; more than ever, businesses will need to rely on employees, subcontractors, suppliers, and partners to create that culture. It means that vigilance and capturing near miss information is more important than ever. And it means that Health & Safety professionals are going to have to give their boards more data and more tools to help them manage this business risk.

And the results to date of these changes? Well a quick poll of publicised cases since February 2016 reveals 10 cases with total fines of £13M, with one case seeing a company director sent to prison for six years.

A recent report from IOSH highlighted that in the period February to August 2016 there have been as many £1M+ penalties as there were in the previous two decades.

It remains to be seen how recent high profile cases, such as Alton Towers and Foodles Production, will be prosecuted. What seems certain is that this new blunt instrument is going to be used to grab the attention of all those people who’ve not yet recognised that the H&S landscape has fundamentally changed.

For more information on the guidelines, see pages 4 and 5 of:





How to use the MATLAB Compiler Runtime with AWS Elastic Beanstalk

One of Control F1’s current projects is working alongside the RAC on their RAC Advance platform, a revolutionary new technology that uses the latest diagnostic software to deliver an enhanced breakdown service for customers. 
As is so often the case when working with innovative new technologies, our team have uncovered a number of solutions and fixes that haven’t been documented in the past. And because we’re all about sharing, lead developer Phil Kendall explains here, (for the technically minded amongst you), some of the team’s learnings re: using MATLAB Compiler Runtime with AWS Elastic Beanstalk….

One of the components of the RAC Advance system (an ASP.NET web application) we’re working on makes use of MATLAB to perform some of the advanced calculations that make the platform a success.

In order to provide scalability and reliability, the component is deployed via AWS Elastic Beanstalk. When Control F1 began their work with the RAC, the component was hosted on a custom AMI which had to have the MATLAB Compiler Runtime manually installed, and then the AMI had to be maintained over time. One of the improvements we were hoping to make to the system was to reduce the number of manually maintained components in the system, so we began looking at whether it was possible to install the MATLAB Compiler Runtime automatically via Elastic Beanstalk’s configuration mechanism (.ebextensions).

To my slight surprise, this didn’t seem to be anything anyone had ever done before (or at least, had ever publicly documented how to do). Fortunately, the solution turned out to be not too complicated, although there are a couple of rough edges I’d like to smooth off:

  1. Download the appropriate version of the MATLAB Compiler Runtime from Mathworks’ website, and put this into an S3 bucket you control. You’ll need to make the file publicly readable.
  2. Create the following file and save it as “matlab.config” in a “.ebextensions” folder of your web application (note that the spacing is crucial here, and that’s it’s all spaces, not tabs):

    command: setup.exe -agreeToLicense yes -mode silent
    cwd: c:\\MatlabCompilerRuntime\\bin\\win64
    command: setx PATH "%PATH%;C:\Program Files\MATLAB\MATLAB Compiler Runtime\v82\runtime\win64"
    command: iisreset

(Note that the config files within the .ebextensions folder are run in alphabetical order so if you’ve already got other extensions in there, you may want to rename the file so that it’s run in the correct order).

To some extent, that’s all there is to it, but it’s probably worth an explanation as to how that’s working. Essentially, there are two main steps: the first, indicated by the “sources” stanza, downloads a ZIP file from the specified location (our S3 bucket) and expands it into the specified folder. While the MATLAB Compiler Runtime installer has an “.exe” extension, it’s actually a self-extracting ZIP file, and the Elastic Beanstalk functionality is perfectly happy to deal with this.

The second step is to actually run the installer – this is what is accomplished by the “01_install_matlab” stanza, which uses the silent install functionality of the installer. (If you’re using the 32-bit runtime, you’ll need to modify the path specified in the “cwd” line). Finally, we kick IIS to pick up a modified PATH which includes the native MATLAB DLLS (“03_reset_iis”).

While this solution works, as noted above there’s a couple of things I’d like to improve:

  1. Ideally, you wouldn’t have to make the file in the S3 bucket publicly readable. However, the “sources” functionality supports only publicly readable files at the moment, so there’s no easy way round this. It would be possible to install other components onto the box which would let you authenticate and download a protected file, but that seems like overkill. Hopefully Amazon will add authentication support for “sources” at some point.
  2. The observant will note I skipped over the “02_modify_path” stanza – what’s that for? As noted, when the MATLAB installer finishes, it modifies PATH to include the location of the native MATLAB DLLs. However, the installer runs as a background task, so the actual command returns instantly, and crucially before it has modified PATH. As far as I know, there’s no way of knowing when the installer has actually completed, so we bodge around this by manually adding what we know is going to be added to PATH, which means that IIS will be able to find the DLLs once they’ve been installed. This is obviously not the nicest solution in the world, but it works.

Hopefully this little guide helps anyone else who’s looking to do this sort of thing – please leave a comment if there’s anything you’d like to ask, or if you can help with those improvements!

Phil Kendall
Lead Developer