Architecture Overview

Overview

For enterprises, the workflow platform is divided into two primary parts. The Enterprise Environment and the Platform Services. Each time a customer creates a new project this will provision a new Enterprise Environment for that project to run in with. This project and its related environment resources are registered with the Platform Services. The overview that follows is focused on using our Enterprise version of the AppTree Platform.

Platform Services

The Platform Services are responsible for the following:

  • Environment Management

    • Adding/Removing Environments

    • Scaling Environments

    • Billing Management

  • User Management

    • Adding/Removing users to your environment

    • Managing user roles

  • Public Package Registry

Enterprise Environment

Features of a Environment are:

  • Each Environment gets it's own static IP(s)

  • Each environment gets a free apptreeio.com domain.

  • Private Queue

  • Private Cache

  • Private Package Registry

  • Remote Engine support

  • Can be scaled to meet your workflow demands

  • Can be multi-regional

Private Queue

When using an Enterprise Environment, the queue is private to your enterprise. This means that no outside workflows can take precedence over your enterprises workflows.

Private Cache

Each Enterprise Environment gets its own MongoDB cache that is managed by AppTree. This can be used to securely store data relevant to your running workflows and provides you an easy mechanism for boosting performance of your workflows when connected to large enterprise systems. The cache can be access by any workflow running in your environment.

Private Package Registry

AppTree provides a public repository of Step Packages that customers can use for common tasks like parsing data, sending SMS, or receiving Voice Chat interactions. However, you may have steps that you would like to keep private to your enterprise. Each environment comes with a private package registry that will only be available when running workflows in your environment. You can choose to mix public and private packages when creating a workflow.

Remote Engine Support

When using an Enterprise Environment, you can register Remote Engines. Remote engines allow you to run specific steps in your workflow on an engine that lives in your own data center.

Hosting

The AppTree Workflow Cloud is hosted on Google Cloud Platform by default. However, both the Enterprise Environments and the Platform Services are deployed via Kubernetes. You may choose to host your environment on any region of any cloud provider such as AWS, Azure, GCP, or Digital Ocean and even on Premise. Please note that additional costs and support agreements will be required if you choose to not use our default hosting.

Authentication

  • Uses OAuth 2.0 + OpenID Connect

  • MFA is supported

  • Social network providers are supported for sign in (Google, Facebook, Amazon etc.)

  • SAML 2.0 is supported

Security

Workflow Engine

  • Remote Engines communication is secured using a private/public key pair following the Mozilla Server Side TLS Modern Profile and using TLS 1.2+

  • All data is encrypted at REST including logs, analytics, user defined cache data and work queues.

  • Communication with the APIs are protected using OAuth 2.0 over SSL/TLS.

  • No credentials are stored in the system

  • Each environment gets a set of static IPs that can be whitelisted.

UX Clients

  • End to end encryption

  • No credentials stored on device

  • Authentication using OAuth 2.0 + OpenID Connect

  • Support MFA

Technologies Used

  • Golang - All platform code is implemented in Golang

  • GRPC - Remote Engine communication and interprocess communication between engines

  • Twirp - CLI based APIs

  • MongoDB - All data is stored in a MongoDB ReplicaSet

  • Docker - All aspects of the Platform including environments are containerized using Docker

  • Kubernetes - Container orchestration is managed

  • Helm - AppTree provides a Helm Chart to simplify the deployments of new environments

  • Amazon Cognito - Authentication and Authorization

  • Google Cloud Platform - Default hosting provider

  • Elastic Search/Kibana - Powers