Overview
The architecture of Automation Service offers a series of technical features that provide a highly secure, reliable, and scalable Platform As A Service. Automation Service delivers runtime environments which are optimized to run in the cloud.
For introductory information about Automation Service, refer to Automation Service overview.
A service oriented architecture
Automation Service introduces a service-oriented architecture, which was designed and built for the cloud.
By implementing a highly-modular structure (principles from a service oriented architecture), Automation Service produces compatible and independently-deployable services which are easy to replace, while leveraging modern services which enhance security, reliability, and scalability.
This structure and architecture enable Bizagi's continuous delivery process that keeps up with the demands of software evolution.
Though powered by Azure (as its Infrastructure As A Service provider) and managed by Bizagi, Automation Service takes it one step further by building a Bizagi service layer on top of some of the robust Azure services being leveraged.
Infrastructure
Automation Service architecture empowers a design which:
•Optimizes the execution environment of your business applications.
•Complies with strict governance and security requirements.
•Is built to handle service interruptions and remain reliable (resiliency).
•Can dynamically scale up or down.
•Adheres to traditional Bizagi principles, such as offering: a consistent user experience across different supported devices (mobile phones, laptops and desktops), experience design to empower knowledge workers, and no coding required for your applications.
The following diagram illustrates how end users around the globe access Automation Service, and make the most out of the architecture features oriented to performance, security, reliability and scalability:
Automation Service offers a virtual private cloud that grants each customer access to an isolated environment where the customer data and resources are not shared (encompassed within a dedicated Customer subscription), and the ability to choose appropriate levels of performance to match demand. Having separate resources, along with data isolation, allows for more predictable performance and gives a base for strict compliance in terms of data privacy and best governance and security practices.
A Bizagi security center monitors the security across all components so that incoming and outgoing network traffic is strictly controlled (traffic is also encrypted). An appointed team of experts monitors 7x24 such aspects, along with receiving alerts upon potentially malicious traffic.
The following architecture considers end users accessing Automation Service to work on the processes.
This architecture is comprised of:
Network and security
•DNS: Resolves the service's URL.
•Traffic manager: Routes requests to the customer's subscription, while considering availability of the service.
•Security layer: A logical tier, filters requests and protects access, while having:
oNext generation firewall: Offers IDS, IPS, antimalware, along with preventing leaks and protecting the ports.
oApplication gateway (includes a WAF): Offering extra security at the web application level (that prevents sql injection, cross-site scripting attacks or other treats), while routing requests to the target environment and its authorized endpoint (performing as well load balancing).
•Subscription network: Encompasses the different environments of the customer (i.e., testing or production) and resources supporting Automation Service.
•Environment subnets: Encompasses separately each of the resources of the different environments.
•Private Connection: Access is made via VPN or Vnet peering, ensuring data travels encrypted using TLS in transit and TDE at rest.
•Public Connection: Uses a public endpoint protected by Microsoft security, with controlled access through SQL credentials and whitelists.
General Resources
These are resources that apply for all the cloud-based services.
•Customer Portal: Web app that allows to manage users of all the services acquired from the Bizagi Cloud Platform.
•Platform: Controls access to Bizagi’s platform resources, for example, users in the subscription or available environments.
•Accounts: Authenticates administrator users added to the customer subscription, and validates users included within each project of a subscription. THESE ARE NOT END USERS OF THE Work Portal.
•Catalog: Metadata repository of all your cloud-based services.
Environment web apps and storage layer
•Work Portal: This is the web app of the Work Portal’s computing resources for one environment.
•Scheduler: A web app executing all programmed jobs.
•Management Console: This is a web app for managing all environment's parameters. Refer to Management Console
•Connector: Web app for invoking Bizagi connectors.
•Triggers and Actions (T&A): Out of the box options to start cases and move cases forward, based on triggers
•Bizagi Apps: Modern enterprise applications fit for persona and purpose
•Storage layer: A logical tier that holds the storage services which process applications rely on. This tier holds
-Database (a relational, SQL database for process applications definitions and business data) and the
-Table storage service (holding logs), and encrypts data at rest.
-Blob storage: storage for all the files uploaded in Bizagi through the Work Portal.
- ODS (Operational Data Store): is a service that replicates the environment's database in real time, allowing queries in read-only mode without affecting transactional processes.
Last Updated 11/22/2024 4:57:46 PM