Platform Architecture
Overview
The Kinetic Platform comprises a series of microservices that facilitate various platform functionality. The system was designed to be multi-tenanted, meaning multiple customers can securely leverage the same infrastructure. Additionally, each service was designed to scale horizontally independently based on load.
The diagram below illustrates the different platform microservices and separates them into front-end, back-end, and data storage components.
Platform Components
- Core: A multi-tenanted service responsible for managing user authentication and authorization, groups, and data storage. This service captures data from end users and feeds it into workflows. This service manages all form submissions and the platform's form-building capabilities.
- Task: A single-tenanted service responsible for managing workflow-related functionality. This service allows tenant administrators to define process business logic and is the engine responsible for executing workflows.
- Indexer: A multi-tenanted service that creates and manages indexes used for searching capabilities within the application.
- Loghub: A multi-tenanted service that acts as a proxy for securely reading logs stored in the Elasticsearch database and providing them to the Space Console for viewing.
- LogCollector: A multi-tenanted service that moves logs from the application servers to the Elasticsearch database.
- Agent: A multi-tenanted service that facilitates connections to external systems and manages all bridged resources that are used to pull data from external sources.
- System Coordinator: This manages the single-tenanted service and all Kubernetes-related APIs needed to provision tenants within the Platform. It also manages certificates and database connections within the platform. The system coordinator can modify most connections to external dependencies (ElasticSearch, Cassandra, RDS).
- OAS Console: An NGNIX web server that hosts interactive API documentation.
- System Console: An NGNIX web server that hosts the system administration console. This is where system-level administrators can create new tenants, manage database connections, and rotate system certificates.
- Space Console: An NGNIX Web Server for hosting tenant-level administrative functions. This is where tenant administrators go to build forms, workflows, etc.
- Front-end Code: Formerly referred to as "bundles," this is an NGNIX web server for hosting end-user experience portals.
Registration, Authentication and Authorization
The Kinetic Platform leverages Spring Security within the Core service to manage authentication. When a user tries to hit an endpoint that requires authentication, the authentication flow is initiated, and the user is redirected to the configured identity management platform (IDP). Once authenticated, their Kinetic user profile is created or updated to match the attributes defined for the given tenant. More information about configuring single sign-on (SSO) can be found in the following guides:
The Kinetic Platform leverages ABAC (Attribute Based Access Control) to manage authorization. Each accessible resource in the platform is configured with an ABAC policy that manages the access that can be granted to the authenticated user. These policies can combine information about the user, the environment, and the data to determine privileges. This customization lets you configure different policies on who can access, create, or modify users, who can access, create, or modify data collected via forms, etc. These permissions are configured during the application development and tailored to specific use cases and personas. More information on authorization can be found in the following guides:
External Integrations
The Kinetic Platform is designed to work alone but is usually configured to integrate with third-party applications. Our Pre-Built Integrations page contains several resources for integrating the Platform with other applications, but you can also view the Integrations Overview and related guides to learn more about creating custom integrations for your environment.
Other Foundational Technologies
The Kinetic Platform can also leverage these foundational technologies to build, deploy, and manage complex, scalable, and secure digital solutions:
- Cassandra: A highly scalable and distributed NoSQL database used to manage large volumes of data across multiple servers without any single point of failure, ensuring high availability and performance.
- Elasticsearch: A search and analytics engine known for its speed and scalability, Elasticsearch supports complex search operations and is utilized within the Kinetic Data Platform to enhance data retrieval processes.
- Filebeat: A lightweight shipper for forwarding and centralizing log data, integrated within the platform to facilitate log file analysis and monitoring.
- Docker: A platform used for developing, shipping, and running applications inside lightweight containers, which enhances consistency across multiple development and release cycles, isolating applications from their environment.
- Kubernetes: An open-source system for automating the deployment, scaling, and management of containerized applications, ensuring that the Kinetic Platform can scale and manage its workloads effectively.
Updated 4 months ago