Architecture Overview
For enterprises, the workflow platform is divided into two primary parts. The Enterprise Environment and the Platform Services. Each time a customer creates a new project this will provision a new Enterprise Environment for that project to run in with. This project and its related environment resources are registered with the Platform Services. The overview that follows is focused on using our Enterprise version of the AppTree Platform.
.jpeg?alt=media&token=d1f10847-cff6-4bd8-b62d-c434fca0c2c5){kind=spacer}
The Platform Services are responsible for the following:
Environment Management
Adding/Removing Environments
Scaling Environments
Billing Management
User Management
Adding/Removing users to your environment
Managing user roles
Public Package Registry
Features of a Environment are:
Each Environment gets it's own static IP(s)
Each environment gets a free apptreeio.com domain.
Private Queue
Private Cache
Private Package Registry
Remote Engine support
Can be scaled to meet your workflow demands
Can be multi-regional
When using an Enterprise Environment, the queue is private to your enterprise. This means that no outside workflows can take precedence over your enterprises workflows.
Each Enterprise Environment gets its own MongoDB cache that is managed by AppTree. This can be used to securely store data relevant to your running workflows and provides you an easy mechanism for boosting performance of your workflows when connected to large enterprise systems. The cache can be access by any workflow running in your environment.
AppTree provides a public repository of Step Packages that customers can use for common tasks like parsing data, sending SMS, or receiving Voice Chat interactions. However, you may have steps that you would like to keep private to your enterprise. Each environment comes with a private package registry that will only be available when running workflows in your environment. You can choose to mix public and private packages when creating a workflow.
When using an Enterprise Environment, you can register Remote Engines. Remote engines allow you to run specific steps in your workflow on an engine that lives in your own data center.
The AppTree Workflow Cloud is hosted on Google Cloud Platform by default. However, both the Enterprise Environments and the Platform Services are deployed via Kubernetes. You may choose to host your environment on any region of any cloud provider such as AWS, Azure, GCP, or Digital Ocean and even on Premise. Please note that additional costs and support agreements will be required if you choose to not use our default hosting.
Uses OAuth 2.0 + OpenID Connect
MFA is supported
Social network providers are supported for sign in (Google, Facebook, Amazon etc.)
SAML 2.0 is supported
Remote Engines communication is secured using a private/public key pair following the Mozilla Server Side TLS Modern Profile and using TLS 1.2+
All data is encrypted at REST including logs, analytics, user defined cache data and work queues.
Communication with the APIs are protected using OAuth 2.0 over SSL/TLS.
No credentials are stored in the system
Each environment gets a set of static IPs that can be whitelisted.
End to end encryption
No credentials stored on device
Authentication using OAuth 2.0 + OpenID Connect
Support MFA
Golang - All platform code is implemented in Golang
GRPC - Remote Engine communication and interprocess communication between engines
Twirp - CLI based APIs
MongoDB - All data is stored in a MongoDB ReplicaSet
Docker - All aspects of the Platform including environments are containerized using Docker
Kubernetes - Container orchestration is managed
Helm - AppTree provides a Helm Chart to simplify the deployments of new environments
Amazon Cognito - Authentication and Authorization
Google Cloud Platform - Default hosting provider
Elastic Search/Kibana - Powers
