Management Suite Architecture
- Peregrine Management Suite
- Management Suite Architecture
The following diagram shows the overall architecture of Peregrine Management Suite and its components. Other sections describe these individual parts in detail.
As per Microservice architecture, each service that provides a logical set of operations should be deployed and managed independently. For this purpose, an organization may choose to run multiple Neuron ESB instances on same or different servers and configure each instance to run a specific Neuron Application such as Sales, Inventory, Purchasing etc.
Each Neuron ESB instance runs a solution in a deployment group can be included in an environment. A Neuron ESB instance runs the Neuron ESB Service and other child services such as Audit, Management, Configuration and Control Services. It can also run multiple Endpoint Host processes to provide further domain isolation for various endpoints running in Neuron. For more details on Deployment groups and other Neuron ESB Components, refer to the Neuron ESB documentation.
An Environment consists of Neuron Instance + Deployment Group + Neuron host Machine names + EPS host and its dependencies configuration. An instance that is part of the environment can run only one Neuron Application. There can be multiple environments for each application such as Dev, Test and Production. Each environment can include multiple applications running on different Neuron Servers or instances.
Consider the following arrangement to understand the relationship between machine, instance, host, application, deployment group and EPS machine.
Further, the EPS service depends on the Elastic Search and RabbitMQ services. You need to configure an Environment in Management Suite for managing each Neuron ESB instance. This step sets up Management Suite and enables it to control each environment.
In the above diagram the Neuron Server/Cluster on the left-hand side represents an Environment that is configured in the Management Suite.
Event Processor Service
Management Suite collects information about Neuron Environments via the Event Processor Service (EPS). The EPS can be considered as a log forwarder to Management Suite for Neuron instances configured under Management Suite Environments. When configured to use the Management Suite, Neuron Instances pump errors/warnings, service rate, tracking, audit and other performance information to the Management Suite via the EPS.
Elastic Search Service
Elastic Search is the backing store for the Management Suite that contains all the logs, audited messages, service rate and other performance counters collected by the EPS.
The EPS uses RabbitMQ as a message forwarder to isolate Neuron Instances from Management Suite with loose coupling. Neuron Instances publish messages to RabbitMQ service. The EPS pulls these messages from RabbitMQ and sends them to the Elastic Search service for storage and indexing.
Neuron ESB Service
The Neuron ESB Service and its child services such as Management, Audit, Configuration, Control and Endpoint hosts combine implement the actual Neuron ESB application integration platform. Refer to the Neuron ESB documentation for more details.
Alerting and Notifications
You can configure Management Suite with Alert rules to send out email and text notifications when certain conditions occur as determined by searches on the logs, service rates, history etc.
The Management Suite installs a Task service. This service is used to manage Neuron instances configured as Environments. When Management Suite operations call this Task service, it runs Powershell scripts for start/stop and configure instance on remote Neuron machines. It can run a full installation of Neuron and any patches on the Neuron Servers and patches /updates for Management Suite itself. The task service also runs all the configured searches on Elastic Search to generate alerts and notifications.
The Management Suite also installs an Installation Service. This service is for managing updates to Management Suite and Task Service when new versions or patches for Management Suite are available.
You can configure Business Processes defined in the Neuron ESB solutions to run as scheduled jobs according to a highly customizable calendar schedule. You can supply user defined job data to be passed in during execution of these jobs. You can also use custom .NET assemblies to run scheduled tasks that rely on many external libraries or when using existing libraries for batch jobs.
The Discovery and Operation Service allows Management Suite to retrieve information about the Neuron instances configured as environments. It also allows Management Suite to control the Neuron instances remotely with operations such as start/stop topics, workflows, endpoints and endpoint hosts.
The Authorization service is responsible for issuing and validating authentication tokens. When other applications access Management Suite’s pages or services, they need to pass authorization tokens to the service call so that only properly authenticated users and applications can access the functionality. Management Suite also makes the authorization service available to secure Neuron hosted client connectors and even other non-neuron applications in the organization. More on that can be found under the API management documentation.
User Info/Sign out
Using this button users can view their profile information and sign-out of Management Suite.
Management Suite provides a full featured API. You can use it to embed Management Suite options in other enterprise applications of web sites. The following Swagger documents show the range of API options.
To invoke the Management Suite APIs, a calling application must get an authorization token and include it with very call.
SSL / TLS
You can configure the Management Suite Portal and Authorization service with SSL/TLS. A separate document is available for configuring SSL on the Management Suite Portal. You can also configure Rabbit MQ and Elastic Search with SSL. Refer to the Appendix A Peregrine Portal Secure setup section at the end for details.
Neuron Services can be configured on multiple servers in a manner that provides high availability. You will need a load balancer/router for services that use HTTP (Elastic Search, Event Processor and Peregrine MS Portal).
Peregrine MS license allows you to deploy the Event Processor service and the Management Suite portal on multiple servers for load balancing and high availability purposes without any extra cost. RabbitMQ and Elastic Search are available for free. The Management Suite installer lets you install these services, or you may install them directly.
Security and Separation of duties
You can get fine grained access control and security with Management Suite for operations and monitoring. Only authorized users can login to the Management Suite Portal. Administrator assigned user roles dictate the options that are available to them. The Management Suite may be configured with its own identity server or it can be configured with Azure Active Directory.
The installation creates a default Administrator user and two roles, namely, Users and Global Administrators by default. The administrator user can in turn create other users and roles. The number of Management Suite users are limited by the licensing agreement of Management Suite.
Administrator can assign permissions to Users and Roles allowing them to perform various tasks for each environment configured in the Peregrine Management Suite. Permissions can be very granular and based on Functions and Operations per application in the Management Suite.
*You can create any number of users in another class of users for APIs. These users can only use the Management Suite OAuth service to authenticate but cannot use the Management Suite portal.