architecture - gallery.azure.com › artifact › 20151001 › auraportal.auraportal … ·...

Installation

Architecture

(March 09, 2018)

This publication belongs to the Documentation Service of AuraPortal (APDS) and all rights

are reserved. The reproduction total or partial of this document is not allowed, nor its

transmission to third parties without written permission by the APDS.

www.auraportal.com | [email protected] | Skype: AuraPortal | Tel: +34 962 954 497 |

International: +18 572 390 070

http://intranet.auraportal.com/

mailto:[email protected]

skype:auraportal?call

INSTALLATION. ARCHITECTURE of 18

CONTENTS

INTRODUCTION ............................................................................................................................................................ 3

1. LOGICAL ARCHITECTURE ...................................................................................................................................... 3

1.1. USER LEVEL ..................................................................................................................................................... 3

1.2. PRESENTATION LAYER .................................................................................................................................. 4

1.3. BUSINESS LOGIC LAYER ................................................................................................................................ 4

1.4. DATA ACCESS LAYER .................................................................................................................................... 5

1.5. BPM MOTOR & BUSINESS RULES ................................................................................................................. 5

1.6. INTEGRATION MODULES ................................................................................................................................ 5

1.6.1. Data Importer ........................................................................................................................................... 5

1.6.2. Web Services ........................................................................................................................................... 5

1.6.3. Execution of Code and Scripts ................................................................................................................ 6

1.6.4. AuraPortal Adapters Server ..................................................................................................................... 6

1.6.5. SQL Reporting Services .......................................................................................................................... 6

1.6.6. SAP .......................................................................................................................................................... 6

1.6.7. Email ........................................................................................................................................................ 6

1.6.8. MS Excel .................................................................................................................................................. 6

1.6.9. MS Word .................................................................................................................................................. 6

1.6.10. Office 365 Events .................................................................................................................................. 7

1.7. DATA STORAGE ............................................................................................................................................... 7

2. PHYSICAL ARCHITECTURE .................................................................................................................................... 8

2.1. USER LEVEL ..................................................................................................................................................... 8

2.2. APPLICATION SERVER LEVEL ....................................................................................................................... 9

2.3. DATABASE SERVER LEVEL ........................................................................................................................... 9

2.4. PHYSICAL STORAGE LEVEL .......................................................................................................................... 9

3. INFRASTRUCTURE .................................................................................................................................................. 9

3.1. AURAPORTAL CLOUD ................................................................................................................................... 10

3.2. USER LEVEL ................................................................................................................................................... 11

3.2.1. Secure Connection via Internet ............................................................................................................. 12

3.3. APPLICATION LEVEL ..................................................................................................................................... 12

3.4. STORAGE ........................................................................................................................................................ 13

3.4.1. Database ............................................................................................................................................... 13

3.4.2. File System ............................................................................................................................................ 13

3.4.3. Storage Calculation ............................................................................................................................... 14

3.5. DEVELOPMENT, TESTING AND PRODUCTION ENVIRONMENTS ............................................................. 15

3.5.1. BPMS Module ........................................................................................................................................ 15

3.5.2. Three Synchronized Environments Complement .................................................................................. 15

3.6. AUTHENTICATION .......................................................................................................................................... 16

3.6.1. Active Directory ...................................................................................................................................... 16

3.6.2. Windows Local ....................................................................................................................................... 17

3.6.3. MS SQL Database ................................................................................................................................. 17

3.6.4. External Providers (SAML, LDAP, SSO, etc.) ....................................................................................... 17


INTRODUCTION

This document summarizes the logical, physical, and infrastructure architecture of AuraPortal, throughout

the following chapters:

- Logical Architecture

- Physical Architecture

- Infrastructure

The AuraPortal official documentation contains all the details described here.

1. LOGICAL ARCHITECTURE

The AuraPortal architecture is designed with cutting-edge technology, with a highly contrasted level of

reliability and robustness.

Its layered design allows all kinds of scenarios, from the most simple concentrated on one individual server,

to easily scalable distributions over multiple servers to support the most demanding workloads.

The following levels can be distinguished, as can be seen in the image further on:

- User Level

- Presentation Layer

- Business Logic Layer

- Data Access Layer

- BPM Motor & Business Rules

- Integration Modules

- Data Storage

We will now have a look at each level.

1.1. User Level

User Level (User Clients in the image) refers to the end users of the tool, those that work daily with it

introducing and obtaining information.

At this level, it is important to mention that to work with AuraPortal the users only need an internet

browser (Internet Explorer, Edge, Chrome, Firefox, Safari, Opera, or similar); no client software needs to

be installed on the computers to connect to AuraPortal.

Therefore, the only connection that must be established with the AuraPortal servers is through the http or

https protocol (SSL), either via a local network or the internet.

Similarly, all standard security systems are compatible, such as VPN, Firewall, Kerberos authentication, etc.

Additionally, the users may have complementary software to perform their other functions, such as office

tools like Microsoft Office or similar, which can interact with AuraPortal for additional features like

document editing, etc.


LOGICAL ARCHITECTURE

SQL

DataBases

(User Interface)

.Net Framework 4 (.aspx pages,

C#, AJAX, Javascript, Java Applets)

Connectors

External Devices & Applications

MS SQL

(2005, 2008, 2012,

2014, 2016, 2017)

(Libraries On Dicctionary)

Data Storage

File System

EAIEnterprise

Aplication

Integration)

Enterprise

Service Bus

Adapters Server

Reporting

SAP

Only an Internet browser

is required

(Internet Explorer, Edge,

Chrome, Safari, FireFox,

Opera, …)HTTP or HTTPS (SSL)

User Clients(Computers, Tablets,

Mobiles, …)

Motor BPM &

Business Rules

SharePoint

Presentation Layer

(.Net Framework 4 & C#)

Business Logic Layer

Data Access Layer

(ADO .Net, Queries,

StoreProcedures & Views)

ESB

Email

Code Execution

Excel

Word

Data Importer

Events

Web Services

1.2. Presentation Layer

AuraPortal is designed using the most advanced programming technology, structured in three layers:

Presentation Layer, Business Logic Layer and Data Access Layer.

The Presentation Layer, which is the layer seen by the users when they connect and on which they work in

AuraPortal, is designed with 100% web technology, meaning that an internet browser is all that is required

to work with the tool.

Any standard internet browser is compatible (Internet Explorer, Chrome, Firefox, Safari, Opera, etc.). No

software must be installed by the users to be able to connect to the system.

The Presentation Layer is developed using .aspx pages that connect to .dll in the Business Logic Layer, all

developed with .Net Framework 4, C#, AJAX, JavaScript and Java Applet technology, with the aim of

improving the user experience and achieving the power required of a BPM system like AuraPortal, which

will be the orchestrator of all the business processes in the company or organization.

1.3. Business Logic Layer

The Business Logic Layer contains the executable code where all the logic is developed, i.e., the

application’s intelligence.

This layer receives the user requests, it processes them consulting the database and acts accordingly; for

example, it returns the corresponding information to the user, storing the processed data or interacting

with other elements integrated in the system.


This layer is developed with .Net Framework and C# and it communicates with the following elements:


- Data Access Layer

- BPM Motor and Business Rules


1.4. Data Access Layer

Finally, the Data Access Layer, based on ADO .Net technology and Queries, Views and Stored Procedures,

connects with the Data Storage layer to store all the information that arrives from the Business Logic

Layer.

1.5. BPM Motor & Business Rules

AuraPortal includes a powerful BPM Motor which orchestrates all the Business Processes and their

integration with all the system elements. The BPM Motor manages the workflow of the users, sending the

tasks to the correct users at the relevant moment, sending alerts and alarms when the established

conditions are not met, and is ultimately responsible for the control, management and security of the BPM

(Business Process Management) module.

AuraPortal also has its own Business Rules Motor which, besides working in coordination with the Process

Motor (BPM Motor), is used as a general repository to store and consult all the company’s performance

standards and operating procedures, user manuals, etc., that affect its general day-to-day operation.

This is a significant and innovative contribution from AuraPortal to the modern world of Business Rules in

BPM, because, when a process is executed, the Process Motor itself directly consults the related Business

Rules, which is where all elements related to the business environment (market, politics, strategy, etc.) are

defined. As in general, most modifications stem from variations in the business environment and the

Business Rules can be modified ad hoc, the design of the Processes can remain virtually unchanged (unless

any modifications are required to improve the design).

Both modules are developed with .Net Framework 4 and C#.

The BPM Motor is a Windows Service based on an executable file that connects with the Business Logic

Layer via the corresponding .dlls.

1.6. Integration Modules

AuraPortal includes all the components and modules necessary for integration with any external

application, such as the following:

1.6.1. Data Importer

The Data Importer is a service that imports data to AuraPortal from external databases. It connects with

external databases via several mechanisms (such as ODBC), and to AuraPortal through Web Services.

1.6.2. Web Services

Most of the information stored in AuraPortal is available through Web Services, both for introducing

information in the system and for retrieving it.


Similarly, AuraPortal also has specific mechanisms (System Tasks) to invoke both standard and proprietary

external Web Services.

1.6.3. Execution of Code and Scripts

AuraPortal includes several System Tasks for executing custom code and scripts to suit every need.

This makes the integration with any system possible, with practically no limitations.

1.6.4. AuraPortal Adapters Server

The AuraPortal BPM module includes a system called AuraPortal Adapters Server, which acts as a data

exchanger between external databases (ERP, CRM, etc.) and the AuraPortal Processes.

AuraPortal Adapters Server is used as follows:

Firstly, the AuraPortal Adapters Server Console is installed on a server that has a local network connection

with the external database, either the AuraPortal server itself or the external database server.

Then the corresponding Connectors are established from the Console with the data from the external

database.

Once the AuraPortal Adapters Connectors are configured, they are automatically published with Web

Services so that a connection can be established from AuraPortal to exchange data, either via Internet or

the local network, depending on the scenario.

1.6.5. SQL Reporting Services

AuraPortal includes direct integration with MS SQL Reporting Services, which is included free of charge

with the MS SQL Server database engine itself, for making use of all information.

With the components mentioned here and others included in the Presentation layer (such as External

Forms, amongst other features), direct integration is possible with virtually any external application.

1.6.6. SAP

SAP integration solutions help to connect AuraPortal to SAP, to use and exchange data during the

execution of the BPM processes.

1.6.7. Email

Using a POP3 server connection, the Email Connector feature allows emails to be analyzed and an

AuraPortal process to be started, if the emails meet certain conditions.

1.6.8. MS Excel

The functionality of the Excel Connector allows data structured in an MS Excel Sheet to be automatically

extracted and recorded in Process Panels.

1.6.9. MS Word

With the MS Word connector, several interesting features can be used, such as the following:


- Uploader. When editing a document in MS Word, the Uploader allows it to be saved directly in

AuraPortal.

- Automatic Documents. A template (or Base Document) is prepared in MS Word and documents

are created automatically with the content of each scenario during the execution of the BPM

Processes.

- Guaranteed Signature. The inclusion in documents of Guaranteed signatures introduced in forms

during the execution of the BPM Processes.

- Certified Signature. To sign MS Word documents integrated in BPM Processes with a Certificate.

1.6.10. Office 365 Events

The Calendar View provides the employees with an easy and graphic way of identifying and controlling

tasks that have a Forecast Date for their completion, clearly differentiating the tasks whose dates have not

yet been reached from those whose dates have already been reached or exceeded.

1.7. Data Storage

AuraPortal Data Storage is based primarily on the powerful and reliable MS SQL Server database engine.

Any current version can be used, from 2005 to 2008 or 2012.

The connection with Data Storage is made mainly through the Data Access Layer, which communicates

with ADO .Net technology, and Queries, Views and Stored Procedures.

Direct communication is also possible through some of the Integration Modules, Reporting Services for

example, which can perform direct queries to the databases.

Simultaneously, AuraPortal also includes the possibility to store data in File System, mainly documents,

images, videos and any other file type likely to be housed in the AuraPortal Libraries in Dictionary.

There are some important advantages when using File System:

- All identifying details about the documents are saved in the SQL database, such as their location,

metadata and storage path, but not the physical file itself which is what occupies space; this is

stored in File System. This prevents the common problems derived from elevated growth of the

SQL database, such as disk space, performance, backup, etc.

- Unlimited number and size of files. If the database is used as the storage location, the size and

number are limited.

- The stored files are independent from the database so they can still be accessed even if the

structure where they are stored changes in the future. Therefore, this system is commonly used

for “Long Life Repositories.”

When a system element, either from the Presentation Layer (a user request) or from any other component,

requires a document that is stored in File System, the Business Logic Layer locates the document in the SQL

Database through the Data Access Layer. If the physical file is required, to download or open it for

example, then the system retrieves it from the File System where it is saved. I.e., the localization of the file is

performed through SQL, but when the file is physically required, it is retrieved from File System. This way,

the full power and speed of SQL Management is leveraged, and so is the unlimited capacity of the robust

and tested storage in File System.


So far, we have looked at the breakdown of elements in the AuraPortal Logical Structure. In the following

chapter, we will analyze AuraPortal from the viewpoint of the Physical Architecture.

2. PHYSICAL ARCHITECTURE

In this section, we will look at the Physical Architecture compared to the Logical Architecture described in

the previous section.

2.1. User Level

To work with AuraPortal at User Level, the only thing that is needed is an internet browser (Internet

Explorer, Chrome, Firefox, Safari, Opera, or similar); it is not necessary to install any client software on the

users’ computers.

Therefore, the only connection that must be established with the AuraPortal Servers is through the http or

https protocol (SSL), either via a local network or the internet.

To access AuraPortal, the users just has to write the URL in their internet browser to access AuraPortal’s

.aspx pages in the Presentation Layer.

Additionally, the users may have complementary software to perform their other functions, such as office

tools like Microsoft Office or similar, which can interact with AuraPortal for additional features like

document editing, etc.:

PHYSICAL / LOGICAL ARCHITECTURE

AuraPortal Server

Data Base Server

PHYSICAL LOGICAL

Business Logic

Layer

DataBase

Servers

Application

Servers

End User

Clients

Physical

Storage

Internet Browser

SQL Engine

Only an Internet browser is required

- Internet Explorer

- Edge,

- Chrome,

- Safari,

- FireFox,

- Opera, …

Physical Storage

- Windows Server 2008 or 2012

- IIS (Application Server)

- AuraPortal

- Motor BPM

- Windows Server 2008, 2012 or 2016

- MS SQL Server (2005, 2008, 2012,

2016 or 2017)

- Hard Disk Array with Fault Tolerance

- Data Storage for MS SQL Databases

and File System for Libraries On

Dicctionary

Data Storage

Disk Array

AuraPortal

Data Access

Layer

Presentation

Layer


2.2. Application Server Level

The Application Level includes the AuraPortal servers that manage the execution of the tool on the

following levels:


- Business Logic Layer

- Data Access Layer


- BPM Motor

The following components are installed on these servers:

- Windows Server 2008 or 2012 Operating System (and their corresponding R2 editions)

- IIS (Application Server Role)

- AuraPortal

- BPM Motor

2.3. Database Server Level

The Database level includes the server that manages the database engine for storing information received

from the Data Access Layer.

It also provides the information that is required for certain integration modules such as Reporting Services.

The following components are installed on this server for these purposes:

- Windows Server 2008, 2012 and 2016 Operating System (and their corresponding R2 editions)

- MS SQL Server 2005, 2008, 2012, 2014, 2016 and 2017 (and their corresponding R2 editions)

2.4. Physical Storage Level

While this level is directly related and connected to the Database Servers, it is generally recommended for

it to be physically separate, for example in disk arrays with Fault Tolerance, NAS or similar, depending on

the scenario.

3. INFRASTRUCTURE

In this section, we will look at the general infrastructure proposed for AuraPortal.

For information about the necessary number and capacity of servers in relation to the number of users,

consult the official AuraPortal documentation about Requirements and Recommendations.

There are two clearly differentiated infrastructure models, AuraPortal Cloud and On-Premises:

- AuraPortal Cloud. The servers are controlled and managed by AURA, rented to the customer

depending on their usage.

- On-Premises. The servers are based in the customer’s facilities.

We will now look at the benefits of AuraPortal Cloud compared to the On-Premises model.


3.1. AuraPortal Cloud

AuraPortal Cloud is the most secure, efficient and economical way to use AuraPortal:

- Secure because specialized AuraPortal Cloud technicians are in charge of keeping AuraPortal

running in optimum conditions.

- Efficient because in AuraPortal Cloud, the performance of AuraPortal is monitored to ensure the

best functioning and to identify the need to scale to higher performance hardware if necessary.

- Economical because the customer only pays a monthly lease while they use it. They don’t have to

invest in a complete system with hardware that will quickly become obsolete, nor do they have to

worry about the maintenance; they just work as normal with AuraPortal while the specialized

technicians of AuraPortal Cloud make sure that everything is running perfectly. This all results in

significant savings in direct and indirect costs.

With AuraPortal Cloud, customers don’t need to worry about anything related to the AuraPortal

installation, they just have to work as normal and take care of their own business.

The advantages of AuraPortal Cloud can be classified in three aspects:

- Infrastructure. AuraPortal Cloud is based on Azure, a platform of enormous prestige and

performance, which has the best servers and hardware infrastructures guaranteeing optimum

performance of the whole system. Additionally, customers don’t have to purchase any elements;

instead they lease them through the IaaS (Infrastructure as a Service) and SaaS (Software as a

Service) modalities, with the economic advantage of only having to pay for their monthly use

without having to purchase hardware that is likely to become obsolete sooner or later.

- Specialized Services. In addition to having the best infrastructure, AuraPortal Cloud is directly

managed by the most specialized AuraPortal technicians; a combination that guarantees customer

peace of mind and optimum performance and efficiency.

- Scalability made easy. One of the most important advantages of AuraPortal Cloud is its

scalability, i.e., the possibility to extend its infrastructure. This means that there is no need to

purchase oversized hardware to provision for possible future demands until that moment really


arrives, resulting in significant economic savings. A reduced infrastructure can be used to begin

with, adequate for the demand at the time of implementation, which can be extended as the use

of AuraPortal in the organization grows and the monitoring or user experience evolves.

For more information about the advantages of AuraPortal Cloud over On-Premises installations, we

recommend reading the official documentation.

3.2. User Level

As has been mentioned previously, it is important to highlight that to work with AuraPortal at User Level

(External & Internal User Clients in the image) the only thing that is needed is an internet browser

(Internet Explorer, Chrome, Firefox, Safari, Opera, or similar); it is not necessary to install any client

software on the users’ computers.

This applies to both Internal Users (in the same Local Network) and External Users (over the internet).

Below is a diagram of the general infrastructure:

Internet

(Data Storage for MS SQL Data Bases

and File System)

AURAPORTAL GENERAL INFRASTRUCTURE(High Availability, Fault Tolerance & Load Balancing)

Firewall

- SO: Windows Server 2018, 2012 or 2016

- SQL Server 2005, 2008, 2012, 2014,

2016 or 2017

- SO: Windows Server 2008 or 2012

- Role. Application Server (IIS)

- Application: AuraPortal

- Motor BPM

Features:

Features:

Load

Balancer

AuraPortal

High

Availability

File System

Disk Array

Internal User

Clients

External

User

Clients

Application

Level

Database

Level


3.2.1. Secure Connection via Internet

For AuraPortal to be available to the External Users who connect over the internet, a scenario that

guarantees security is required.

AuraPortal is compatible with all standard security systems.

Below are two examples of valid scenarios, basic and maximum security:

Internet

Client

Computer

FIREWALL LAYOUT - BASIC SECURITY

(Firewall)

AuraPortal

RouterFirewall

Internal

Client

Computers

LAN

Firewall

MAXIMUM SECURITY(DMZ with 3 Firewalls)

AuraPortal

External Server

DMZ(DeMilitarized

Zone)

AuraPortal

Internal Server

Database

Server

Firewall

Firewall

Internal

Client

Computers

LANDatabase

Server

Internet Internet

Internet

Client

Computer

Note

The publication of AuraPortal on the Internet only requires the TCP 80 port (for

http) or the TCP 443 port (for https – SLL). However, if higher security is desired, a

prior connection with an encrypted VPN may be required, either Site-to-Site or

Client-to-Site, or private point-to-point type connections.

3.3. Application Level

The Application Level is where AuraPortal is installed and therefore the servers take charge of executing

and processing all the requests from users and other system elements.

These servers in turn connect with the database servers (section titled Storage) to save any new

information and obtain the saved information, as required.


At this level, the servers form part of an NLB (Network Load Balancing) Cluster, a system which is included

with the Windows Server Operating System at no extra cost.

Note.

The BPM Motor is installed on one of the Application servers that form part of the

Load Balancing, but it is also possible to dedicate a server exclusively for this

purpose, which will therefore be excluded from the NLB.

3.4. Storage

The Data Storage is composed of two elements:

- Database

- File System

3.4.1. Database

The main AuraPortal storage is based on a server with the MS SQL Server Database Engine (versions 2005,

2008, 2012, 2014, 2016 or 2017, and its R2 editions).

This server deals with requests from the AuraPortal servers (Application Level), saving newly received

information and obtaining and managing stored information, as required.

As High Availability and Fault Tolerance are required, it is necessary to use one of the classic systems

designed for this purpose, such as the Cluster system at database level, which is included in MS SQL Server

at no extra cost.

3.4.2. File System

The Library in Dictionary Storage in AuraPortal allows files of any type (documents, images, videos and any

file that can be stored in a Library) to be stored directly in File System.

There are some important advantages when using File System:

- All identifying details about the documents are saved in the SQL database, such as their location,

metadata and storage path, but not the physical file itself which is what occupies space; this is

stored in File System. This prevents the common problems derived from elevated growth of the

SQL database, such as disk space, performance, backup, etc.

- Unlimited number and size of files. If the database is used as the storage location, the size and

number are limited.

- The stored files are independent from the database so they can still be accessed even if the

structure where they are stored changes in the future. Therefore, this system is commonly used

for “Long Life Repositories.”

Note.

File System is the traditional and contrasted system of network shared Windows

files. AuraPortal uses this technology to avoid problems resulting from excessive

growth of the databases when physical document, image or video files are stored in

MS SQL databases.


When a system element, either from the Presentation Layer (a user request) or from any other component,

requires a document that is stored in File System, the Business Logic Layer locates the document in the SQL

Database through the Data Access Layer. If the physical file is required, to download or open it for

example, then the system retrieves it from the File System where it is saved. I.e., the localization of the file is

performed through SQL, but when the file is physically required, it is retrieved from File System. This way,

the full power and speed of SQL Management is leveraged, and so is the unlimited capacity of the robust

and tested storage in File System.

As mentioned in a previous section, it is possible to use the Passive MS SQL Server as the Active server for

File System and vice versa. Normally, both servers would be working, each with their own duties and only

in the event of failure of one of them would the other assume both roles.

3.4.3. Storage Calculation

To calculate the necessary storage capacity, three essential aspects must be considered:

- Documents. This is the most important parameter in the calculation of necessary disk space. This

refers to any file (document, image, video or similar) that can be saved in AuraPortal, so the space

they occupy will be directly proportional to the number and size.

- Processes. On the other hand, during the general execution of the BPM Processes, information is

stored in SQL databases, so the storage space required depends on the number of Processes and

the number of Fields in each one.

As an example, in a Class of Processes of which 1,229,996 Processes have been started, each one

with 59 fields (shown in the list below), 135,168 KB have been used. That is, 0.10 KB per Process:

- 11 One Line Text fields

- 10 Multiple Line Text

- 6 Whole Number

- 5 Decimal Number

- 5 Date

- 5 Date-Time

- 5 Simple Selection

- 7 Prefix

- 1 Relation

- 2 Dictionary

- 2 System that have been started

- Families. This is the same calculation as for the Processes.

These three aspects (Documents, Processes and Families), are essential when calculating necessary disk

storage, although in other scenarios there may be other aspects to consider.


3.5. Development, Testing and Production Environments

AuraPortal provides two scenarios for separating the Development, Testing and Production Environments,

with the aim of keeping any changes made to the design of the Classes of Processes and their tests

separate to the processes that are already running in Production.

The two scenarios are:

- BPMS Module

- Three Synchronized Environment Complement

3.5.1. BPMS Module

AuraPortal’s BPMS Module allows there to be Classes of Processes in Production with users working with

real data, while at the same time other Classes of Processes are being modified and tested.

This is possible thanks to the combination of Versioning, Similar Creation and the Class of Processes

Modes, namely: Production Environment, Testing Environment and Development Environment. All this is

included in the same AuraPortal installation, which can also be combined with a Backup installation for

performing critical tests, such as the installation of Windows ServicePacks or AuraPortal ExtensionPacks,

etc., before being passed to the Production stage.

The Backup installation can also be considered as a combined Development and Testing Environment for

carrying out new Class of Processes designs, but it must be taken into account that to put the new designs

into Production, the whole design will have to be repeated on the main installation.

3.5.2. Three Synchronized Environments Complement

The Three Synchronized Environments Complement goes a step further in control and security because it

allows the three environments to be physically separate on three independent installations. This means

that any changes to the design and testing of the Classes of Processes are performed on different and

independent installations to the one that includes the real data, and they are only transferred from one

installation to another via a controlled and secure mechanism named Synchronization.

The difference between these two possible scenarios (BPMS Module <> Three Synchronized Environments

Complement) is obvious:


Flexibility < versus > Security

- Flexibility in the BPMS module because the three environments can coexist, independently

and in a controlled manner, with sufficient security, within the same installation. In this scenario,

the designers must bear in mind that the three environments share certain configuration

elements, such as the Dictionary of Terms, so they must take extra care when designing the new

Class of Processes to not disrupt the processes that are running in Production mode.

- Security in the Three Synchronized Environments Complement because the three

environments are separate on physically independent installations. In this scenario, there is less

flexibility because all the options related to the design of the processes are blocked in the

Production Environment, and modifications can only be made in the Development Environment.

To transfer any modifications to the Production Environment, synchronization must be performed

from Development > Testing and then from Testing > Production.

Note.

The AuraPortal Class of Processes Export - Import feature is not oriented at

transferring designs from Development into Production, it is prepared for the

commercial distribution of Classes of Processes that have been designed on an

AuraPortal installation to be imported to other totally independent installations.

Therefore, it has the following limitations:

- The import should only be performed once. If performed a second time after

making new modifications to the design, a new Class of Processes will be

created.

- After the import, the Class of Processes must be adjusted to the new installation,

which could mean having to redo 20-30% of the design.

All the details about this feature can be consulted in the Three Synchronized Environments

documentation.

3.6. Authentication

Authentication refers to the security mechanism used for validating the authenticity of the users that

connect to AuraPortal.

The following types of authentication can be used in AuraPortal:

- Active Directory

- Windows Local

- Database

- External providers (ADFS, SAML, LDAP, SSO, etc.)

3.6.1. Active Directory

AuraPortal can be authenticated in Windows Active Directory.

If Active Directory is already available in the organization where AuraPortal is being installed, it can be

used.


If Active Directory isn’t available, it can be installed for the use of AuraPortal.

Based on Active Directory, the authentication can be performed with the following mechanisms:

- Windows (Employee and External Users)

- Basic (Employee and External Users)

- Forms (all users, Employee, External and Guests).

Databases

AuraPortal

Active

Directory

ACTIVE DIRECTORY AUTHENTICATION

3.6.2. Windows Local

In reduced installations where there is only one server that performs the application (AuraPortal), database

(MS SQL) and BPMS Motor functions, it is possible to authenticate in the local user database in Windows

Server.

In this scenario, the same mechanisms as for Active Directory are valid:

- Windows (Employee and External Users)

- Basic (Employee and External Users)

- Forms – customizable (all users, Employee, External and Guests).

3.6.3. MS SQL Database

Guest Users have the credentials database in MS SQL. In this case, the authentication is performed

through customizable Forms.

3.6.4. External Providers (SAML, LDAP, SSO, etc.)

AuraPortal can also be integrated in scenarios with external authentication providers.

Here are some examples of these scenarios:


- AuraPortal is installed in AuraPortal Cloud but it must be authenticated with the corporate system

of the organization that has purchased AuraPortal, without being able to access it directly,

because, for example, it is not desired for the AuraPortal server to be added to the corporate

Active Directory.

- Another classic example is where the corporate authentication is based on other systems instead

of Active Directory, such as SAML or LDAP.

In all these cases, a server is installed with Windows ADFS (Active Directory Federation Services), which

performs the intermediary functions between AuraPortal and the corporate authentication system.

This allows SAML, LDAP and SSO authentications, and any others that support ADFS.

Databases

AuraPortal

Active

Directory

ADFS AUTHENTICATION (SAML, LDAP, SSO, …)

ADFS

Active Directory

Federation Services

Authentication Provider