architecture - gallery.azure.com › artifact › 20151001 › auraportal.auraportal … ·...
TRANSCRIPT
Installation
Architecture
(March 09, 2018)
This publication belongs to the Documentation Service of AuraPortal (APDS) and all rights
are reserved. The reproduction total or partial of this document is not allowed, nor its
transmission to third parties without written permission by the APDS.
www.auraportal.com | [email protected] | Skype: AuraPortal | Tel: +34 962 954 497 |
International: +18 572 390 070
INSTALLATION. ARCHITECTURE Page 2 of 18
CONTENTS
INTRODUCTION ............................................................................................................................................................ 3
1. LOGICAL ARCHITECTURE ...................................................................................................................................... 3
1.1. USER LEVEL ..................................................................................................................................................... 3
1.2. PRESENTATION LAYER .................................................................................................................................. 4
1.3. BUSINESS LOGIC LAYER ................................................................................................................................ 4
1.4. DATA ACCESS LAYER .................................................................................................................................... 5
1.5. BPM MOTOR & BUSINESS RULES ................................................................................................................. 5
1.6. INTEGRATION MODULES ................................................................................................................................ 5
1.6.1. Data Importer ........................................................................................................................................... 5
1.6.2. Web Services ........................................................................................................................................... 5
1.6.3. Execution of Code and Scripts ................................................................................................................ 6
1.6.4. AuraPortal Adapters Server ..................................................................................................................... 6
1.6.5. SQL Reporting Services .......................................................................................................................... 6
1.6.6. SAP .......................................................................................................................................................... 6
1.6.7. Email ........................................................................................................................................................ 6
1.6.8. MS Excel .................................................................................................................................................. 6
1.6.9. MS Word .................................................................................................................................................. 6
1.6.10. Office 365 Events .................................................................................................................................. 7
1.7. DATA STORAGE ............................................................................................................................................... 7
2. PHYSICAL ARCHITECTURE .................................................................................................................................... 8
2.1. USER LEVEL ..................................................................................................................................................... 8
2.2. APPLICATION SERVER LEVEL ....................................................................................................................... 9
2.3. DATABASE SERVER LEVEL ........................................................................................................................... 9
2.4. PHYSICAL STORAGE LEVEL .......................................................................................................................... 9
3. INFRASTRUCTURE .................................................................................................................................................. 9
3.1. AURAPORTAL CLOUD ................................................................................................................................... 10
3.2. USER LEVEL ................................................................................................................................................... 11
3.2.1. Secure Connection via Internet ............................................................................................................. 12
3.3. APPLICATION LEVEL ..................................................................................................................................... 12
3.4. STORAGE ........................................................................................................................................................ 13
3.4.1. Database ............................................................................................................................................... 13
3.4.2. File System ............................................................................................................................................ 13
3.4.3. Storage Calculation ............................................................................................................................... 14
3.5. DEVELOPMENT, TESTING AND PRODUCTION ENVIRONMENTS ............................................................. 15
3.5.1. BPMS Module ........................................................................................................................................ 15
3.5.2. Three Synchronized Environments Complement .................................................................................. 15
3.6. AUTHENTICATION .......................................................................................................................................... 16
3.6.1. Active Directory ...................................................................................................................................... 16
3.6.2. Windows Local ....................................................................................................................................... 17
3.6.3. MS SQL Database ................................................................................................................................. 17
3.6.4. External Providers (SAML, LDAP, SSO, etc.) ....................................................................................... 17
INSTALLATION. ARCHITECTURE Page 3 of 18
INTRODUCTION
This document summarizes the logical, physical, and infrastructure architecture of AuraPortal, throughout
the following chapters:
- Logical Architecture
- Physical Architecture
- Infrastructure
The AuraPortal official documentation contains all the details described here.
1. LOGICAL ARCHITECTURE
The AuraPortal architecture is designed with cutting-edge technology, with a highly contrasted level of
reliability and robustness.
Its layered design allows all kinds of scenarios, from the most simple concentrated on one individual server,
to easily scalable distributions over multiple servers to support the most demanding workloads.
The following levels can be distinguished, as can be seen in the image further on:
- User Level
- Presentation Layer
- Business Logic Layer
- Data Access Layer
- BPM Motor & Business Rules
- Integration Modules
- Data Storage
We will now have a look at each level.
1.1. User Level
User Level (User Clients in the image) refers to the end users of the tool, those that work daily with it
introducing and obtaining information.
At this level, it is important to mention that to work with AuraPortal the users only need an internet
browser (Internet Explorer, Edge, Chrome, Firefox, Safari, Opera, or similar); no client software needs to
be installed on the computers to connect to AuraPortal.
Therefore, the only connection that must be established with the AuraPortal servers is through the http or
https protocol (SSL), either via a local network or the internet.
Similarly, all standard security systems are compatible, such as VPN, Firewall, Kerberos authentication, etc.
Additionally, the users may have complementary software to perform their other functions, such as office
tools like Microsoft Office or similar, which can interact with AuraPortal for additional features like
document editing, etc.
INSTALLATION. ARCHITECTURE Page 4 of 18
LOGICAL ARCHITECTURE
SQL
DataBases
(User Interface)
.Net Framework 4 (.aspx pages,
C#, AJAX, Javascript, Java Applets)
Connectors
External Devices & Applications
MS SQL
(2005, 2008, 2012,
2014, 2016, 2017)
(Libraries On Dicctionary)
Data Storage
File System
EAIEnterprise
Aplication
Integration)
Enterprise
Service Bus
Adapters Server
Reporting
SAP
Only an Internet browser
is required
(Internet Explorer, Edge,
Chrome, Safari, FireFox,
Opera, …)HTTP or HTTPS (SSL)
User Clients(Computers, Tablets,
Mobiles, …)
Motor BPM &
Business Rules
SharePoint
Presentation Layer
(.Net Framework 4 & C#)
Business Logic Layer
Data Access Layer
(ADO .Net, Queries,
StoreProcedures & Views)
ESB
Code Execution
Excel
Word
Data Importer
Events
Web Services
1.2. Presentation Layer
AuraPortal is designed using the most advanced programming technology, structured in three layers:
Presentation Layer, Business Logic Layer and Data Access Layer.
The Presentation Layer, which is the layer seen by the users when they connect and on which they work in
AuraPortal, is designed with 100% web technology, meaning that an internet browser is all that is required
to work with the tool.
Any standard internet browser is compatible (Internet Explorer, Chrome, Firefox, Safari, Opera, etc.). No
software must be installed by the users to be able to connect to the system.
The Presentation Layer is developed using .aspx pages that connect to .dll in the Business Logic Layer, all
developed with .Net Framework 4, C#, AJAX, JavaScript and Java Applet technology, with the aim of
improving the user experience and achieving the power required of a BPM system like AuraPortal, which
will be the orchestrator of all the business processes in the company or organization.
1.3. Business Logic Layer
The Business Logic Layer contains the executable code where all the logic is developed, i.e., the
application’s intelligence.
This layer receives the user requests, it processes them consulting the database and acts accordingly; for
example, it returns the corresponding information to the user, storing the processed data or interacting
with other elements integrated in the system.
INSTALLATION. ARCHITECTURE Page 5 of 18
This layer is developed with .Net Framework and C# and it communicates with the following elements:
- Presentation Layer
- Data Access Layer
- BPM Motor and Business Rules
- Integration Modules
1.4. Data Access Layer
Finally, the Data Access Layer, based on ADO .Net technology and Queries, Views and Stored Procedures,
connects with the Data Storage layer to store all the information that arrives from the Business Logic
Layer.
1.5. BPM Motor & Business Rules
AuraPortal includes a powerful BPM Motor which orchestrates all the Business Processes and their
integration with all the system elements. The BPM Motor manages the workflow of the users, sending the
tasks to the correct users at the relevant moment, sending alerts and alarms when the established
conditions are not met, and is ultimately responsible for the control, management and security of the BPM
(Business Process Management) module.
AuraPortal also has its own Business Rules Motor which, besides working in coordination with the Process
Motor (BPM Motor), is used as a general repository to store and consult all the company’s performance
standards and operating procedures, user manuals, etc., that affect its general day-to-day operation.
This is a significant and innovative contribution from AuraPortal to the modern world of Business Rules in
BPM, because, when a process is executed, the Process Motor itself directly consults the related Business
Rules, which is where all elements related to the business environment (market, politics, strategy, etc.) are
defined. As in general, most modifications stem from variations in the business environment and the
Business Rules can be modified ad hoc, the design of the Processes can remain virtually unchanged (unless
any modifications are required to improve the design).
Both modules are developed with .Net Framework 4 and C#.
The BPM Motor is a Windows Service based on an executable file that connects with the Business Logic
Layer via the corresponding .dlls.
1.6. Integration Modules
AuraPortal includes all the components and modules necessary for integration with any external
application, such as the following:
1.6.1. Data Importer
The Data Importer is a service that imports data to AuraPortal from external databases. It connects with
external databases via several mechanisms (such as ODBC), and to AuraPortal through Web Services.
1.6.2. Web Services
Most of the information stored in AuraPortal is available through Web Services, both for introducing
information in the system and for retrieving it.
INSTALLATION. ARCHITECTURE Page 6 of 18
Similarly, AuraPortal also has specific mechanisms (System Tasks) to invoke both standard and proprietary
external Web Services.
1.6.3. Execution of Code and Scripts
AuraPortal includes several System Tasks for executing custom code and scripts to suit every need.
This makes the integration with any system possible, with practically no limitations.
1.6.4. AuraPortal Adapters Server
The AuraPortal BPM module includes a system called AuraPortal Adapters Server, which acts as a data
exchanger between external databases (ERP, CRM, etc.) and the AuraPortal Processes.
AuraPortal Adapters Server is used as follows:
Firstly, the AuraPortal Adapters Server Console is installed on a server that has a local network connection
with the external database, either the AuraPortal server itself or the external database server.
Then the corresponding Connectors are established from the Console with the data from the external
database.
Once the AuraPortal Adapters Connectors are configured, they are automatically published with Web
Services so that a connection can be established from AuraPortal to exchange data, either via Internet or
the local network, depending on the scenario.
1.6.5. SQL Reporting Services
AuraPortal includes direct integration with MS SQL Reporting Services, which is included free of charge
with the MS SQL Server database engine itself, for making use of all information.
With the components mentioned here and others included in the Presentation layer (such as External
Forms, amongst other features), direct integration is possible with virtually any external application.
1.6.6. SAP
SAP integration solutions help to connect AuraPortal to SAP, to use and exchange data during the
execution of the BPM processes.
1.6.7. Email
Using a POP3 server connection, the Email Connector feature allows emails to be analyzed and an
AuraPortal process to be started, if the emails meet certain conditions.
1.6.8. MS Excel
The functionality of the Excel Connector allows data structured in an MS Excel Sheet to be automatically
extracted and recorded in Process Panels.
1.6.9. MS Word
With the MS Word connector, several interesting features can be used, such as the following:
INSTALLATION. ARCHITECTURE Page 7 of 18
- Uploader. When editing a document in MS Word, the Uploader allows it to be saved directly in
AuraPortal.
- Automatic Documents. A template (or Base Document) is prepared in MS Word and documents
are created automatically with the content of each scenario during the execution of the BPM
Processes.
- Guaranteed Signature. The inclusion in documents of Guaranteed signatures introduced in forms
during the execution of the BPM Processes.
- Certified Signature. To sign MS Word documents integrated in BPM Processes with a Certificate.
1.6.10. Office 365 Events
The Calendar View provides the employees with an easy and graphic way of identifying and controlling
tasks that have a Forecast Date for their completion, clearly differentiating the tasks whose dates have not
yet been reached from those whose dates have already been reached or exceeded.
1.7. Data Storage
AuraPortal Data Storage is based primarily on the powerful and reliable MS SQL Server database engine.
Any current version can be used, from 2005 to 2008 or 2012.
The connection with Data Storage is made mainly through the Data Access Layer, which communicates
with ADO .Net technology, and Queries, Views and Stored Procedures.
Direct communication is also possible through some of the Integration Modules, Reporting Services for
example, which can perform direct queries to the databases.
Simultaneously, AuraPortal also includes the possibility to store data in File System, mainly documents,
images, videos and any other file type likely to be housed in the AuraPortal Libraries in Dictionary.
There are some important advantages when using File System:
- All identifying details about the documents are saved in the SQL database, such as their location,
metadata and storage path, but not the physical file itself which is what occupies space; this is
stored in File System. This prevents the common problems derived from elevated growth of the
SQL database, such as disk space, performance, backup, etc.
- Unlimited number and size of files. If the database is used as the storage location, the size and
number are limited.
- The stored files are independent from the database so they can still be accessed even if the
structure where they are stored changes in the future. Therefore, this system is commonly used
for “Long Life Repositories.”
When a system element, either from the Presentation Layer (a user request) or from any other component,
requires a document that is stored in File System, the Business Logic Layer locates the document in the SQL
Database through the Data Access Layer. If the physical file is required, to download or open it for
example, then the system retrieves it from the File System where it is saved. I.e., the localization of the file is
performed through SQL, but when the file is physically required, it is retrieved from File System. This way,
the full power and speed of SQL Management is leveraged, and so is the unlimited capacity of the robust
and tested storage in File System.
INSTALLATION. ARCHITECTURE Page 8 of 18
So far, we have looked at the breakdown of elements in the AuraPortal Logical Structure. In the following
chapter, we will analyze AuraPortal from the viewpoint of the Physical Architecture.
2. PHYSICAL ARCHITECTURE
In this section, we will look at the Physical Architecture compared to the Logical Architecture described in
the previous section.
2.1. User Level
To work with AuraPortal at User Level, the only thing that is needed is an internet browser (Internet
Explorer, Chrome, Firefox, Safari, Opera, or similar); it is not necessary to install any client software on the
users’ computers.
Therefore, the only connection that must be established with the AuraPortal Servers is through the http or
https protocol (SSL), either via a local network or the internet.
To access AuraPortal, the users just has to write the URL in their internet browser to access AuraPortal’s
.aspx pages in the Presentation Layer.
Additionally, the users may have complementary software to perform their other functions, such as office
tools like Microsoft Office or similar, which can interact with AuraPortal for additional features like
document editing, etc.:
PHYSICAL / LOGICAL ARCHITECTURE
AuraPortal Server
Data Base Server
PHYSICAL LOGICAL
Business Logic
Layer
DataBase
Servers
Application
Servers
End User
Clients
Physical
Storage
Internet Browser
SQL Engine
Only an Internet browser is required
- Internet Explorer
- Edge,
- Chrome,
- Safari,
- FireFox,
- Opera, …
Physical Storage
- Windows Server 2008 or 2012
- IIS (Application Server)
- AuraPortal
- Motor BPM
- Windows Server 2008, 2012 or 2016
- MS SQL Server (2005, 2008, 2012,
2016 or 2017)
- Hard Disk Array with Fault Tolerance
- Data Storage for MS SQL Databases
and File System for Libraries On
Dicctionary
Data Storage
Disk Array
AuraPortal
Data Access
Layer
Presentation
Layer
INSTALLATION. ARCHITECTURE Page 9 of 18
2.2. Application Server Level
The Application Level includes the AuraPortal servers that manage the execution of the tool on the
following levels:
- Presentation Layer
- Business Logic Layer
- Data Access Layer
- Integration Modules
- BPM Motor
The following components are installed on these servers:
- Windows Server 2008 or 2012 Operating System (and their corresponding R2 editions)
- IIS (Application Server Role)
- AuraPortal
- BPM Motor
2.3. Database Server Level
The Database level includes the server that manages the database engine for storing information received
from the Data Access Layer.
It also provides the information that is required for certain integration modules such as Reporting Services.
The following components are installed on this server for these purposes:
- Windows Server 2008, 2012 and 2016 Operating System (and their corresponding R2 editions)
- MS SQL Server 2005, 2008, 2012, 2014, 2016 and 2017 (and their corresponding R2 editions)
2.4. Physical Storage Level
While this level is directly related and connected to the Database Servers, it is generally recommended for
it to be physically separate, for example in disk arrays with Fault Tolerance, NAS or similar, depending on
the scenario.
3. INFRASTRUCTURE
In this section, we will look at the general infrastructure proposed for AuraPortal.
For information about the necessary number and capacity of servers in relation to the number of users,
consult the official AuraPortal documentation about Requirements and Recommendations.
There are two clearly differentiated infrastructure models, AuraPortal Cloud and On-Premises:
- AuraPortal Cloud. The servers are controlled and managed by AURA, rented to the customer
depending on their usage.
- On-Premises. The servers are based in the customer’s facilities.
We will now look at the benefits of AuraPortal Cloud compared to the On-Premises model.
INSTALLATION. ARCHITECTURE Page 10 of 18
3.1. AuraPortal Cloud
AuraPortal Cloud is the most secure, efficient and economical way to use AuraPortal:
- Secure because specialized AuraPortal Cloud technicians are in charge of keeping AuraPortal
running in optimum conditions.
- Efficient because in AuraPortal Cloud, the performance of AuraPortal is monitored to ensure the
best functioning and to identify the need to scale to higher performance hardware if necessary.
- Economical because the customer only pays a monthly lease while they use it. They don’t have to
invest in a complete system with hardware that will quickly become obsolete, nor do they have to
worry about the maintenance; they just work as normal with AuraPortal while the specialized
technicians of AuraPortal Cloud make sure that everything is running perfectly. This all results in
significant savings in direct and indirect costs.
With AuraPortal Cloud, customers don’t need to worry about anything related to the AuraPortal
installation, they just have to work as normal and take care of their own business.
The advantages of AuraPortal Cloud can be classified in three aspects:
- Infrastructure. AuraPortal Cloud is based on Azure, a platform of enormous prestige and
performance, which has the best servers and hardware infrastructures guaranteeing optimum
performance of the whole system. Additionally, customers don’t have to purchase any elements;
instead they lease them through the IaaS (Infrastructure as a Service) and SaaS (Software as a
Service) modalities, with the economic advantage of only having to pay for their monthly use
without having to purchase hardware that is likely to become obsolete sooner or later.
- Specialized Services. In addition to having the best infrastructure, AuraPortal Cloud is directly
managed by the most specialized AuraPortal technicians; a combination that guarantees customer
peace of mind and optimum performance and efficiency.
- Scalability made easy. One of the most important advantages of AuraPortal Cloud is its
scalability, i.e., the possibility to extend its infrastructure. This means that there is no need to
purchase oversized hardware to provision for possible future demands until that moment really
INSTALLATION. ARCHITECTURE Page 11 of 18
arrives, resulting in significant economic savings. A reduced infrastructure can be used to begin
with, adequate for the demand at the time of implementation, which can be extended as the use
of AuraPortal in the organization grows and the monitoring or user experience evolves.
For more information about the advantages of AuraPortal Cloud over On-Premises installations, we
recommend reading the official documentation.
3.2. User Level
As has been mentioned previously, it is important to highlight that to work with AuraPortal at User Level
(External & Internal User Clients in the image) the only thing that is needed is an internet browser
(Internet Explorer, Chrome, Firefox, Safari, Opera, or similar); it is not necessary to install any client
software on the users’ computers.
This applies to both Internal Users (in the same Local Network) and External Users (over the internet).
Below is a diagram of the general infrastructure:
Internet
(Data Storage for MS SQL Data Bases
and File System)
AURAPORTAL GENERAL INFRASTRUCTURE(High Availability, Fault Tolerance & Load Balancing)
Firewall
- SO: Windows Server 2018, 2012 or 2016
- SQL Server 2005, 2008, 2012, 2014,
2016 or 2017
- SO: Windows Server 2008 or 2012
- Role. Application Server (IIS)
- Application: AuraPortal
- Motor BPM
Features:
Features:
Load
Balancer
AuraPortal
High
Availability
File System
Disk Array
Internal User
Clients
External
User
Clients
Application
Level
Database
Level
INSTALLATION. ARCHITECTURE Page 12 of 18
3.2.1. Secure Connection via Internet
For AuraPortal to be available to the External Users who connect over the internet, a scenario that
guarantees security is required.
AuraPortal is compatible with all standard security systems.
Below are two examples of valid scenarios, basic and maximum security:
Internet
Client
Computer
FIREWALL LAYOUT - BASIC SECURITY
(Firewall)
AuraPortal
RouterFirewall
Internal
Client
Computers
LAN
Firewall
MAXIMUM SECURITY(DMZ with 3 Firewalls)
AuraPortal
External Server
DMZ(DeMilitarized
Zone)
AuraPortal
Internal Server
Database
Server
Firewall
Firewall
Internal
Client
Computers
LANDatabase
Server
Internet Internet
Internet
Client
Computer
Note
The publication of AuraPortal on the Internet only requires the TCP 80 port (for
http) or the TCP 443 port (for https – SLL). However, if higher security is desired, a
prior connection with an encrypted VPN may be required, either Site-to-Site or
Client-to-Site, or private point-to-point type connections.
3.3. Application Level
The Application Level is where AuraPortal is installed and therefore the servers take charge of executing
and processing all the requests from users and other system elements.
These servers in turn connect with the database servers (section titled Storage) to save any new
information and obtain the saved information, as required.
INSTALLATION. ARCHITECTURE Page 13 of 18
At this level, the servers form part of an NLB (Network Load Balancing) Cluster, a system which is included
with the Windows Server Operating System at no extra cost.
Note.
The BPM Motor is installed on one of the Application servers that form part of the
Load Balancing, but it is also possible to dedicate a server exclusively for this
purpose, which will therefore be excluded from the NLB.
3.4. Storage
The Data Storage is composed of two elements:
- Database
- File System
3.4.1. Database
The main AuraPortal storage is based on a server with the MS SQL Server Database Engine (versions 2005,
2008, 2012, 2014, 2016 or 2017, and its R2 editions).
This server deals with requests from the AuraPortal servers (Application Level), saving newly received
information and obtaining and managing stored information, as required.
As High Availability and Fault Tolerance are required, it is necessary to use one of the classic systems
designed for this purpose, such as the Cluster system at database level, which is included in MS SQL Server
at no extra cost.
3.4.2. File System
The Library in Dictionary Storage in AuraPortal allows files of any type (documents, images, videos and any
file that can be stored in a Library) to be stored directly in File System.
There are some important advantages when using File System:
- All identifying details about the documents are saved in the SQL database, such as their location,
metadata and storage path, but not the physical file itself which is what occupies space; this is
stored in File System. This prevents the common problems derived from elevated growth of the
SQL database, such as disk space, performance, backup, etc.
- Unlimited number and size of files. If the database is used as the storage location, the size and
number are limited.
- The stored files are independent from the database so they can still be accessed even if the
structure where they are stored changes in the future. Therefore, this system is commonly used
for “Long Life Repositories.”
Note.
File System is the traditional and contrasted system of network shared Windows
files. AuraPortal uses this technology to avoid problems resulting from excessive
growth of the databases when physical document, image or video files are stored in
MS SQL databases.
INSTALLATION. ARCHITECTURE Page 14 of 18
When a system element, either from the Presentation Layer (a user request) or from any other component,
requires a document that is stored in File System, the Business Logic Layer locates the document in the SQL
Database through the Data Access Layer. If the physical file is required, to download or open it for
example, then the system retrieves it from the File System where it is saved. I.e., the localization of the file is
performed through SQL, but when the file is physically required, it is retrieved from File System. This way,
the full power and speed of SQL Management is leveraged, and so is the unlimited capacity of the robust
and tested storage in File System.
As mentioned in a previous section, it is possible to use the Passive MS SQL Server as the Active server for
File System and vice versa. Normally, both servers would be working, each with their own duties and only
in the event of failure of one of them would the other assume both roles.
3.4.3. Storage Calculation
To calculate the necessary storage capacity, three essential aspects must be considered:
- Documents. This is the most important parameter in the calculation of necessary disk space. This
refers to any file (document, image, video or similar) that can be saved in AuraPortal, so the space
they occupy will be directly proportional to the number and size.
- Processes. On the other hand, during the general execution of the BPM Processes, information is
stored in SQL databases, so the storage space required depends on the number of Processes and
the number of Fields in each one.
As an example, in a Class of Processes of which 1,229,996 Processes have been started, each one
with 59 fields (shown in the list below), 135,168 KB have been used. That is, 0.10 KB per Process:
- 11 One Line Text fields
- 10 Multiple Line Text
- 6 Whole Number
- 5 Decimal Number
- 5 Date
- 5 Date-Time
- 5 Simple Selection
- 7 Prefix
- 1 Relation
- 2 Dictionary
- 2 System that have been started
- Families. This is the same calculation as for the Processes.
These three aspects (Documents, Processes and Families), are essential when calculating necessary disk
storage, although in other scenarios there may be other aspects to consider.
INSTALLATION. ARCHITECTURE Page 15 of 18
3.5. Development, Testing and Production Environments
AuraPortal provides two scenarios for separating the Development, Testing and Production Environments,
with the aim of keeping any changes made to the design of the Classes of Processes and their tests
separate to the processes that are already running in Production.
The two scenarios are:
- BPMS Module
- Three Synchronized Environment Complement
3.5.1. BPMS Module
AuraPortal’s BPMS Module allows there to be Classes of Processes in Production with users working with
real data, while at the same time other Classes of Processes are being modified and tested.
This is possible thanks to the combination of Versioning, Similar Creation and the Class of Processes
Modes, namely: Production Environment, Testing Environment and Development Environment. All this is
included in the same AuraPortal installation, which can also be combined with a Backup installation for
performing critical tests, such as the installation of Windows ServicePacks or AuraPortal ExtensionPacks,
etc., before being passed to the Production stage.
The Backup installation can also be considered as a combined Development and Testing Environment for
carrying out new Class of Processes designs, but it must be taken into account that to put the new designs
into Production, the whole design will have to be repeated on the main installation.
3.5.2. Three Synchronized Environments Complement
The Three Synchronized Environments Complement goes a step further in control and security because it
allows the three environments to be physically separate on three independent installations. This means
that any changes to the design and testing of the Classes of Processes are performed on different and
independent installations to the one that includes the real data, and they are only transferred from one
installation to another via a controlled and secure mechanism named Synchronization.
The difference between these two possible scenarios (BPMS Module <> Three Synchronized Environments
Complement) is obvious:
INSTALLATION. ARCHITECTURE Page 16 of 18
Flexibility < versus > Security
- Flexibility in the BPMS module because the three environments can coexist, independently
and in a controlled manner, with sufficient security, within the same installation. In this scenario,
the designers must bear in mind that the three environments share certain configuration
elements, such as the Dictionary of Terms, so they must take extra care when designing the new
Class of Processes to not disrupt the processes that are running in Production mode.
- Security in the Three Synchronized Environments Complement because the three
environments are separate on physically independent installations. In this scenario, there is less
flexibility because all the options related to the design of the processes are blocked in the
Production Environment, and modifications can only be made in the Development Environment.
To transfer any modifications to the Production Environment, synchronization must be performed
from Development > Testing and then from Testing > Production.
Note.
The AuraPortal Class of Processes Export - Import feature is not oriented at
transferring designs from Development into Production, it is prepared for the
commercial distribution of Classes of Processes that have been designed on an
AuraPortal installation to be imported to other totally independent installations.
Therefore, it has the following limitations:
- The import should only be performed once. If performed a second time after
making new modifications to the design, a new Class of Processes will be
created.
- After the import, the Class of Processes must be adjusted to the new installation,
which could mean having to redo 20-30% of the design.
All the details about this feature can be consulted in the Three Synchronized Environments
documentation.
3.6. Authentication
Authentication refers to the security mechanism used for validating the authenticity of the users that
connect to AuraPortal.
The following types of authentication can be used in AuraPortal:
- Active Directory
- Windows Local
- Database
- External providers (ADFS, SAML, LDAP, SSO, etc.)
3.6.1. Active Directory
AuraPortal can be authenticated in Windows Active Directory.
If Active Directory is already available in the organization where AuraPortal is being installed, it can be
used.
INSTALLATION. ARCHITECTURE Page 17 of 18
If Active Directory isn’t available, it can be installed for the use of AuraPortal.
Based on Active Directory, the authentication can be performed with the following mechanisms:
- Windows (Employee and External Users)
- Basic (Employee and External Users)
- Forms (all users, Employee, External and Guests).
Databases
AuraPortal
Active
Directory
ACTIVE DIRECTORY AUTHENTICATION
3.6.2. Windows Local
In reduced installations where there is only one server that performs the application (AuraPortal), database
(MS SQL) and BPMS Motor functions, it is possible to authenticate in the local user database in Windows
Server.
In this scenario, the same mechanisms as for Active Directory are valid:
- Windows (Employee and External Users)
- Basic (Employee and External Users)
- Forms – customizable (all users, Employee, External and Guests).
3.6.3. MS SQL Database
Guest Users have the credentials database in MS SQL. In this case, the authentication is performed
through customizable Forms.
3.6.4. External Providers (SAML, LDAP, SSO, etc.)
AuraPortal can also be integrated in scenarios with external authentication providers.
Here are some examples of these scenarios:
INSTALLATION. ARCHITECTURE Page 18 of 18
- AuraPortal is installed in AuraPortal Cloud but it must be authenticated with the corporate system
of the organization that has purchased AuraPortal, without being able to access it directly,
because, for example, it is not desired for the AuraPortal server to be added to the corporate
Active Directory.
- Another classic example is where the corporate authentication is based on other systems instead
of Active Directory, such as SAML or LDAP.
In all these cases, a server is installed with Windows ADFS (Active Directory Federation Services), which
performs the intermediary functions between AuraPortal and the corporate authentication system.
This allows SAML, LDAP and SSO authentications, and any others that support ADFS.
Databases
AuraPortal
Active
Directory
ADFS AUTHENTICATION (SAML, LDAP, SSO, …)
ADFS
Active Directory
Federation Services
Authentication Provider