The architecture of Automation Service offers a series of technical features that provide a highly secure, reliable, and scalable Platform As A Service. Automation Service delivers runtime environments which are optimized to run in the cloud.
For introductory information about Automation Service, refer to Automation Service overview.
A service oriented architecture
Automation Service introduces a service-oriented architecture, which was designed and built for the cloud.
By implementing a highly-modular structure (principles from a service oriented architecture), Automation Service produces compatible and independently-deployable services which are easy to replace, while leveraging modern services which enhance security, reliability, and scalability.
This structure and architecture enable Bizagi's continuous delivery process that keeps up with the demands of software evolution.
Though powered by Azure (as its Infrastructure As A Service provider) and managed by Bizagi, Automation Service takes it one step further by building a Bizagi service layer on top of some of the robust Azure services being leveraged.
Automation Service architecture empowers a design which:
•Optimizes the execution environment of your business applications.
•Complies with strict governance and security requirements.
•Is built to handle service interruptions and remain reliable (resiliency).
•Can dynamically scale up or down.
•Adheres to traditional Bizagi principles, such as offering: a consistent user experience across different supported devices (mobile phones, laptops and desktops), experience design to empower knowledge workers, and no coding required for your applications.
The following diagram illustrates how end users around the globe access Automation Service, and make the most out of the architecture features oriented to performance, security, reliability and scalability:
Automation Service offers a virtual private cloud that grants each customer access to an isolated environment where the customer data and resources are not shared (encompassed within a dedicated Customer subscription), and the ability to choose appropriate levels of performance to match demand. Having separate resources, along with data isolation, allows for more predictable performance and gives a base for strict compliance in terms of data privacy and best governance and security practices.
The following architecture considers end users accessing Automation Service to work on the processes.
This architecture is comprised of:
Network and security
•DNS: Resolves the service's URL.
•Traffic manager: Routes requests to the customer's subscription, while considering availability of the service.
•Security layer: A logical tier, filters requests and protects access, while having:
oNext generation firewall: Offers IDS, IPS, antimalware, along with preventing leaks and protecting the ports.
oApplication gateway (includes a WAF): Offering extra security at the web application level (that prevents sql injection, cross-site scripting attacks or other treats), while routing requests to the target environment and its authorized endpoint (performing as well load balancing).
•Subscription network: Encompasses the different environments of the customer (i.e., testing or production) and resources supporting Automation Service.
•Environment subnets: Encompasses separately each of the resources of the different environments.
These are resources that apply for all the cloud-based services.
•Customer Portal: Web app that allows to manage users of all the services acquired from the Bizagi Cloud Platform. See How to manage users of your service.
•Platform: Controls access to Bizagi’s platform resources, for example, users in the subscription or available environments.
•Accounts: Authenticates administrator users added to the customer subscription, and validates users included within each project of a subscription. See How to Manage users of your subscription. THESE ARE NOT END USERS OF THE WORK PORTAL.
•Catalog: Metadata repository of all your cloud-based services.
Environment web apps and storage layer
•Work Portal: This is the web app of the Work Portal’s computing resources for one environment.
•Scheduler: A web app executing all programmed jobs.
•Management Console Web: This is a web app for managing all environment's parameters. Refer to Management console web
•Connector: Web app for invoking Bizagi connectors.
•Storage layer: A logical tier that holds the storage services which process applications rely on. This tier holds
-Database (a relational, SQL database for process applications definitions and business data) and the
-Table storage service (holding logs), and encrypts data at rest.
-Blob storage: storage for all the files uploaded in Bizagi through the Work Portal.
SMTP services: When working with Automation Service, you are entitled to use Bizagi's emailing service (comes shipped in along with the subscription). This module is configured for all the environments of your subscription.
When using this service, your process applications will send out email notifications from a Sendgrid cloud service.
Sendgrid is the emailing solution recommended by Azure to work best with Azure's cloud services.
If you do not plan to use Bizagi's emaling service and wish to use your own email service, submit a support ticket stating so.
A Bizagi security center monitors the security across all components so that incoming and outgoing network traffic is strictly controlled (traffic is also encrypted).
An appointed team of experts (Bizagi Cloud Operations team) is appointed to monitor 7x24 such aspects, along with receiving alerts upon potentially malicious traffic.