Core Services
Mosaic Core Services build a foundation and support operations of all other Services. Read about the overall description of Mosaic from the introduction article.
Core Services take over the following aspects and responsibilities:
-
Environments
-
Services provisioning/activation
-
Users & Roles
-
Authentication & Authorization
-
Logging & Reporting
-
Monitoring
-
… and more
Environments
The following concepts are fundamental for the Platform:
The system is multi-tenant, i.e. supports multiple customers ("tenants").
A tenant can have one or more Environments. Environment provides a context where multiple services can run together, isolated from all other Environments. Each Environment also has a set of users who can access the Environment. Fine-granular permissions can be set for users to access specific services and specific features inside the services.
Services are configured individually in each environment.
Core Services List
The following services belong to the Core Services, because they support operations of the Mosaic Platform as such:
-
Admin Service - responsible for managing the Environments and their activated Services
-
Identity Service - provides user authentication and permissions using 3rd party Identity Providers using OAuth 2.0, such as Google
-
AxAuth Service - Mosaic’s own Identity Provider, which maintains user identity and profile directly as a part of an Environment, without the need of a 3rd party integration
-
Orchestration Application Service - serves the Management System to the users
-
Micro-Frontend Service - hosts the Micro-Frontends for each Environment
-
Reporting Service - Central aggregation, stores and analyzes the reporting data for all services
Authentication
To access the services, users first have to authenticate themselves.
Humans accessing the system have their User Accounts. They can log in either with an email and password using AxAuth Service, or by using one of the supported 3rd party Identity Providers who use OAuth 2.0 (today: Google, more to follow).
Identity Providers can be enabled and configured individually for each Environment.
Software components interacting with Mosaic Services use Service Account. Service Account credentials are an account ID and account secret - both are long random numbers.
Authorization
Each Mosaic Service can define a set of its own Permissions. Each permission enables a specific operation with the data.
User Roles can be defined in each Environment. A Role is a combination of permissions. One Role can combine permissions accross multiple services. A Role can inherit from another Role.
A User can be assigned one or multiple Roles.
A Service Account can be assigned permissions directly, enabling very fine-grained control over the access level for the service accounts.
The same authorization scheme applies to Managed Services and Custom Services, so you don’t need to invent a custom authentication/authorization solution.
Service Provisioning/Activation
Core Services take care of the provisioning and activation of any other Managed Service to a specific Environment.
Logging & Reporting
All Services produce logs in a consistent manner. All logs are aggregated into a centralized system and are available for further analysis.
Using Reporting Service customer gets access to reports based on the collected information.
Reporting data is also used for billing purposes (see Billing).
Monitoring
All Services are continuously monitored for their health. Technical staff immediately reacts on alerts ensuring best possible availability.
Continue reading about Mosaic Managed Services and Customizable Services.