Architecture overview. The DAAS was built to separate access to the application from data access (By example: routing information). This service’s sole purpose is to return data. Timestamp Sign: body+token+TS Timestamp Sign: body+token+TS XXXX Response
Architecture overview. Functionalities
Architecture overview. This is generic text describing the relationship between Access Network Tiles and the MSF Core Architecture Domain. A reproduction of section 2 of this document 4 Internal Architecture – This is a diagram showing the elements within the Access Network Tile together with the Internal and External reference points which connect to them.
Architecture overview. The DIRECTORY was built to separate access to the application from data access (By example: routing information). This service’s sole purpose is to return data.
Figure 1 After the default verifications such as XSD compliance and UAM a callout to the Privacy PDP is done.. The directory WS is composed by 5 operations: • publishLinks: This operation allows to publish links between some actors in the DB Annuaire • getLinks: This operation allows an actor to consult links that he has published in the DB Annuaire.
Architecture overview. This section provides a more detailed overview of all the main software components and relationships between them. The figure below shows a simplified DataCentre architecture containing some of the components described previously as well as the current workflow represented by the activity diagram highlighted in grey. As the figure shows, all external communications with data providers pass through the Connector Manager component. In case of synchronous communication, the provider client components send the requests according to provider’s protocol and implementation specification and the retrieved responses are immediately returned to the workflow engine. In case of asynchronous communication, the provider client components send the requests to the relevant service and the relevant responses will be later retrieved in two ways:
1. ARROW service performs a polling on the providers service
2. External providers invoke the ARROW Provider web service In both cases, the obtained responses are moved to the messaging broker. This asynchronous mechanism has been implemented using an external service (ActiveMQ) which fully supports transient, persistent and transactional JMS messaging. The DataCentre uses JMS listeners to fetch responses from the proper queue and delegate the responses to the workflow engine. Workflow engine component is implemented using jBPM framework. jBPM manages the process instances described by a process description document. This framework enables us to deal with workflow declaratively and in a more flexible manner.
Architecture overview. Figure 10: Architecture overview of the requirements intelligence unit.
1. We can develop each MS in the programming language the expert team feels most comfortable with.
2. This style allows us to scale because each MS can run on its own machine or even create duplicates on several machines.
3. MS are highly decoupled software components with a focus on small tasks, which enables us to easily exchange each MS as long as we follow their designed API.
4. MS requires a strong and detailed API.
5. Microservices are highly reusable as they are self-contained and usually have well- documented APIs.
6. Maintaining MS can be performed by the related expert team and does not require knowledge about other microservices but only the APIs that needs to be satisfied. On the other hand, this architecture introduces, among others, overhead due to the orchestration of the several MS (e.g., increased effort in deployment, monitoring, and service discovery) and their compatibility (e.g., keeping dependent services compatible when updating a single service). For a better visualization, we grouped the microservices into three layers: data analytics (DAL), data storage (DSL), and data collection (DCL). In the following, we discuss each layer in a separate section. Each of these sections contain all of its related microservices.
Architecture overview. The System is composed of the following components: - Portal - Portal Management - Infocast module configuration - DHCP server configuration - Interfaces/Glue between the various components (from Makeitwork and third parties) Those components are described in details in the next section:
Architecture overview. The overall architecture of the AAI is illustrated in Figure 27. The diagram shows a set of external Identity Providers (IdPs), and external Attribute Providers (AtPs), where, in the case of Shibboleth, the IdP itself is also an AtP37. At the boundary of the EUDAT core and community services (represented by the large circle) is a front end (or gateway), which accepts tokens and attributes from the existing AAI. The gateway converts an external credential to an internal credential. Note that it may be more efficient to use a single internal credential, rather than the many different credentials provided by the AAI, as otherwise every single service in EUDAT would have to be able to understand every type of credential. Instead, it is better to convert the external token into a single credential. One consequence of this approach is that the gateway now holds a credential with which it can act on behalf of the user. This credential has to be user-specific, as the service providers must know the individual users of the services (or be able to trace them in cases of misuse). The alternative is to use a single internal credential and then track very carefully who is doing what at which time, but this will not scale securely to a large multi-user multi- service infrastructure like EUDAT with multiple gateways38. 37 Of course, every IdP is an AtP: an attribute which says “I have authenticated this person” (e.g. ePTID) is an attribute; an attribute like commonName (e.g. “Xxx Bloggs”) is an attribute. The distinction that is being made here refers mainly to the use of the attribute: IdPs issue attributes which are used to identify the person, AtPs issue attributes used for authorizations to the entity identified by the identity attributes. The only way an IdP could authenticate a person without issuing an attribute is by generating only a session id.
Architecture overview. As in the EUDAT communities the currently most frequently used infrastructure to provide metadata services is the harvesting model, harvesting metadata according to the OAI-PMH49 protocol will be a main feature of the architecture of the Joint Metadata Domain. In this model every community repository has one (or a community central) metadata provider and allows its metadata to be harvested 49 xxxx://xxx.xxxxxxxxxxxx.xxx/OAI/openarchivesprotocol.html by one or more central metadata service providers. The EUDAT metadata service will offer basic metadata search and browsing services to researchers looking for or exploring the resources from other disciplines. With respect to the type of metadata and the involvement of the communities we will harvest metadata from the following types of communities:
1. Core communities providing XML type metadata through an OAI-PMH component.
2. Non-core communities providing XML type metdata through an OAI-PMH component.
3. Core communities providing other type of metadata that has to be harvested by other means.
Architecture overview. A FLUIDOS node builds on top of Kubernetes, which takes care of abstracting the underlying (physical) resources and capabilities in a uniform way, no matter whether dealing with single devices or full-fledged clusters (and the actual operating system) while providing at the same time standard interfaces for their consumption. Specifically, it properly extends Kubernetes with new control logic responsible for handling the different node-to-node interactions, as well as to enable the specification of advanced policies and intents (e.g., to constrain application execution), which are currently not understood by the orchestrator. Given this precondition, the main architectural components of a FLUIDOS node are depicted in Figure 4 and converge around the Node Orchestrator and the Available Resources database. The former is in charge of orchestrating service requests, either on the local node or on remote nodes of the same fluid domain, coordinate all the interactions with local components (e.g., local scheduler) and remote nodes (e.g., to set up the computing/network/storage/service fabrics), and make sure that the service behaves as expected (e.g., honoring trust and security relationships). The latter keeps up-to-date information about resources and services available either locally or acquired from remote nodes, following the resource negotiation and acquisition process. Additional modules (and their companion communication interfaces), are required to handle the discovery of other FLUIDOS nodes and carry out the resource negotiation process, to monitor the state of the virtual infrastructure and to make sure that offloaded workloads/services behave as expected both in terms of security and negotiated SLAs, to take care of security and privacy issues (e.g., isolation), and to create the virtual continuum within the fluid space.
