This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
cs:architecture [2019/07/25 11:59] – [Tenant] voegeli | connectivity-suite:architecture [2020/03/18 09:18] – ↷ Links adapted because of a move operation juraschek | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Introduction ====== | ====== Introduction ====== | ||
- | The Connectivity Suite is a The lean remote management system to build your private network infrastructure and maintain NetModule devices. Therefore the Connectivity Suite has three key capabilities: | + | The Connectivity Suite is the lean remote management system to build your private network infrastructure and maintain NetModule devices. Therefore, the Connectivity Suite has three key capabilities: |
- | * Build complete network infrastructures remotely by setting up automatically | + | * Build complete network infrastructures remotely by setting up automatically |
* Monitor networks and devices in real time | * Monitor networks and devices in real time | ||
* Manage networks and devices centralized by scheduled OTA updates and configurations | * Manage networks and devices centralized by scheduled OTA updates and configurations | ||
- | The Connectivity Suite has been designed to have a scalable architecture. It allowes | + | The Connectivity Suite has been designed to have a scalable architecture. It allows |
- | {{ :cs: | + | {{ connectivity-suite:software_architecture_basic2.png? }} |
- | *User interface: | + | *User interface: |
- | *Middleware: | + | *Middleware: |
- | *Core: | + | *Core: |
- | The solution can be used in standalone mode by using the interactive | + | The solution can be used in standalone mode by using the interactive user interface provided by NetModule or by integrating the Connectivity Suite into customer applications by using the powerful REST API. |
===== Services ===== | ===== Services ===== | ||
+ | The Connectivity Suite runs several standalone services (microservices) in the Core, servicing REST API requests. Each service handles its own configuration and persistence and is running as an individual Docker container. The services are using the service of the Kafka or the PostgreSQL database for persistence. Following services are provided: | ||
- | The Connectivity Suite runs several standalone services (microservices) in the Core, servicing REST API requests. Each service handles its own configuration and presistence and is running as an individual Docker container. The services are using the service of the Kafka cluster or the PostgreSQL database for presistance. The Connectivity provides following services: | + | **Inventory**\\ |
- | + | The Inventory | |
- | **Identity**\\ | + | |
- | The Identity | + | |
- | + | ||
- | **Devices**\\ | + | |
- | The Devices microservice provides | + | |
- | The microservice keeps also track of currently valid IP addresses through which each device can be reached. | + | |
**Configuration**\\ | **Configuration**\\ | ||
- | The Configuration microservice provides endpoints to manage the available | + | The Configuration microservice provides endpoints to manage the available |
- | Configurations cannot be deleted, only replaced | + | Configurations cannot be deleted, only replaced |
**Deployment**\\ | **Deployment**\\ | ||
- | The Deployment microservice provides endpoints to manage the deployment of firmware | + | The Deployment microservice provides endpoints to manage the deployment of software |
**Health**\\ | **Health**\\ | ||
- | The Health microservice provides health data from devices to monitore | + | The Health microservice provides health data from devices to monitor |
- | =====Home===== | ||
- | The Home represents the Connetivity Suite which may be running on a single machine, or as a distributed system with several instances of each microservice. The Home is running on a Home server which includes an OpenVPN server as one of the Docker components. It is used to securely connect to devices in the customer networks, and for network devices to connect to the Home server (notify about new devices, update IP when switching VPN servers). | ||
===== Provisioning ===== | ===== Provisioning ===== | ||
- | Provisioning is called the process to connect a device for the first time to the Connectivity Suite. The Provisioning is required since a device is initially not able to connect to the Connectivity Suite. | + | Provisioning is called the process to connect a device for the first time to the Connectivity Suite. The Provisioning is required since a device is initially not able to connect to the Connectivity Suite. |
- | During the provisioning the device is provisioned with the network address of the Connectivity Suite installation, | + | During the provisioning the device is provisioned with the network address of the Connectivity Suite installation, |
===== Tenant ===== | ===== Tenant ===== | ||
+ | Tenant is a group of devices. From the user perspective a Tenant could be used to separate devices depending on the country, region, business unit or something else. Administration rights can be assigned for each Tenant separately to restrict user access per Tenant. Devices that belong to one Tenant can not communicate with devices which are connected to another Tenant. | ||
- | Tenant | + | Devices within a Tenant |
- | Devices within a Tenant are connected and can communicate, | + | =====1:1 NAT===== |
- | + | 1:1 NAT (Network Address Translation) is a mode of NAT that maps one internal address to one external address each. 1:1 NAT is used on every Tenant; it can also be enabled on a device | |
- | ====1:1 NAT==== | + | |
- | 1:1 NAT (Network Address Translation) is a mode of NAT that maps one internal address to one external address each. 1:1 NAT is used on every Tenant; it can also be enabled on a Device | + | |
- | 1:1 NAT on Tenants allows using the same address space for multiple Tenant subnets. | + | |
- | 1:1 NAT on a Device behaves likewise, thus making it possible to access its End Devices via the Connectivi-ty | + | |
===== System architecture ===== | ===== System architecture ===== | ||
=== Home network === | === Home network === | ||
- | + | The Home network is a VPN subnet consisting of all Tenants. The Home network is used to address all devices (and possible end devices) which ar assigned to Tenants. Its size can be roughly estimated like this: Maximum number of devices | |
- | The Home network is a VPN subnet consisting of all Tenants.The Home network is used to address all devices (and possible end devices) which ar assigned to Tenants. Its size can be roughly estimated like this: Maximum number of Devices | + | |
- | + | ||
- | <WRAP center round info 60%> | + | |
- | Note: The Home server does not belong to the Home network but all devices in the home network are connected to the Home server. | + | |
- | </ | + | |
- | {{ :cs:home2.png? }} | + | {{ connectivity-suite:home2.png? }} |
=== Provisioning network === | === Provisioning network === | ||
+ | A Provisioning network is a VPN subnet consisting of devices newly detected by the Connectivity Suite but not assigned to a Tenant yet. Only the Platform Administrator has access to this subnet and can move Devices to a Tenant. A Connectivity Suite instance has exactly one Provisioning network. | ||
- | A provisioning network is a VPN subnet consisting of Devices newly detected by the Connectivity Suite but not assigned to a Tenant yet. Only the Platform Administrator has access to this subnet and can move Devices to a Tenant. A Connectivity Suite instance has exactly one Provisioning Network. | + | {{ connectivity-suite:provisioning5.png? }} |
- | + | ||
- | <WRAP center round info 60%> | + | |
- | The Provisioning server is in the same subnet as the Home server | + | |
- | </ | + | |
- | + | ||
- | + | ||
- | {{ :cs: | + | |
==== Tenant network ==== | ==== Tenant network ==== | ||
- | A Tenant is a VPN subnet consisting of Devices | + | A Tenant is a VPN subnet consisting of devices (routers) |
- | {{ :cs:tenants2.png? }} | + | {{ connectivity-suite:tenants5.png? }} |
+ | ==== Example ==== | ||
+ | The following figure shows the main components that constitute the Connectivity Suite and its associated networks. The Connectivity Suite provides the function to connect networks which have identical IP addresses within their subnet. This function is enabled by 1:to:1 NAT. | ||
- | [[cs:start|← Back to Connectivity Suite Main Page]] | + | {{ connectivity-suite:system_architecture2.png? |
- | ==== Example ==== | + | [[connectivity-suite: |
- | {{ : |