# Resources:Diagrams:Projects:BASE:SAD:Integration View #
* [[../|(UP)]]
{{indexmenu>.#2|nsort tsort}}
### Azure Stack
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
skinparam nodesep 50
title Azure Stack
frame "Azure Services" as T1{
rectangle "Shared Platform Services" as SPS
rectangle "Visual Studio Team Services" as VSTS
}
frame "Standard Azure Services" as T2 {
rectangle "Storage Service" as SAS
rectangle "Sql Service" as SS
rectangle "Networking Service" as NS
rectangle "Directory Service" as AAD
SAS -[HIDDEN]RIGHT- SS
SS -[HIDDEN]RIGHT- NS
NS -[HIDDEN]RIGHT- AAD
}
frame "." as T3 {
rectangle "Microsoft Azure (Compute & Storage)" as ACS
rectangle "MSA/LiveID" as MID
}
frame "." as T4 {
rectangle "Microsoft Global Foundation Services (GFS)" as GFS
}
T1 -[HIDDEN]DOWN- T2
T2 -[HIDDEN]DOWN- T3
T3 -[HIDDEN]DOWN- T4
SPS -DOWN-> SAS
SPS -DOWN-> SS
SPS -DOWN-> NS
SPS -DOWN-> AAD
VSTS -DOWN-> SAS
VSTS -DOWN-> SS
VSTS -DOWN-> NS
VSTS -DOWN-> AAD
SAS -DOWN-> ACS
SS -DOWN-> ACS
NS -DOWN-> ACS
AAD -DOWN-> ACS
SAS -DOWN-> MID
SS -DOWN-> MID
NS -DOWN-> MID
AAD -DOWN-> MID
MID -DOWN-> GFS
ACS -DOWN-> GFS
### Integration View/Service Integration Categories
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title High Level Service Components
component "Client\nUser Agent\n" as Client<>
together {
frame 3rdParty {
component "IDA\nService\n" as IDA<>
component "External\nData Sources\nand Services" as EDA<>
component "Malware\nVerification\nService" as MalwareService<>
component "SMTP\nService\n" as SMTPService
component "Geo/IP\nService" as GeoIPService
component "Social\nMedia\nServices" as SocialService
IDA -[HIDDEN]RIGHT- EDA
IDA -[HIDDEN]DOWN- MalwareService
MalwareService -[HIDDEN]RIGHT- SMTPService
SMTPService -[HIDDEN]DOWN- GeoIPService
GeoIPService -[HIDDEN]RIGHT- SocialService
}
frame "Cloud Service Provider" as CSP {
frame Storage {
component "Secure Key\nStorage\nService" as KeyVaultService<>
component "Sql\nDb\nService" as DbService<>
component "NoSql\nDb\nService" as DocDbService<>
component "Blob\nStorage\nService" as StorageService<>
StorageService -[HIDDEN]RIGHT- KeyVaultService
StorageService -[HIDDEN]DOWN- DbService
KeyVaultService -[HIDDEN]DOWN- DocDbService
DbService -[HIDDEN]RIGHT- DocDbService
}
frame Messaging {
component "Event\nServices\n" as EventServices<>
component "PubSub\nServices\n" as PubSubServices<>
}
frame Cache {
component "Mem\nCache\nService\n" as MemCacheService<>
}
frame Identity {
component "Directory\nServices\n\n"
}
frame "Web Services" as WebServices {
component "Sys\nCore\nService" as Service #LightSteelBlue
component "Sys\nModule\n1 to X" as ModuleX
}
Cache -[HIDDEN]RIGHT- Identity
Identity -[HIDDEN]RIGHT- WebServices
frame ETL {
component "Cloud\nETL\nService" as ETLService<>
}
frame Monitoring {
component "Metric\nMonitoring\nService" as AppInsights<>
}
note right on link #F0F0F0
Routing to Module API
endpoints, AAA, etc.
done by Core
(via Interception)
end note
Client -DOWN(0- Service : " HTTPS\n"
Service -LEFT(0- ModuleX : "leverage\ncommon\nrouting\n,broker\n& other\nservices"
WebServices -[HIDDEN]DOWN- Messaging
WebServices -[HIDDEN]DOWN- Storage
WebServices -[HIDDEN]DOWN- Monitoring
WebServices -[HIDDEN]DOWN- ETL
Messaging -[HIDDEN]DOWN- ETL
Messaging -[HIDDEN]DOWN- Monitoring
}
}
### Integration View/Service Component Integration
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title High Level Service Components
together {
component "Client\nUser Agent\n" as Client<>
component "IDA\nService\n" as IDA<>
component "External\nData Sources\n" as EDA<>
component "Malware\nVerification\nService" as MalwareService<>
IDA -[HIDDEN]RIGHT- EDA
EDA -[HIDDEN]RIGHT- Client
}
frame "Cloud Service Provider" {
together {
component "Secure\nKey Storage\nService" as KeyVaultService<>
component "Core\nService" as Service #LightSteelBlue
component "Module 1 to X\n" as ModuleX
KeyVaultService -[HIDDEN]RIGHT- Service
Service -[HIDDEN]RIGHT- ModuleX
}
together {
component "Mem\nCache\nService" as MemCacheService<>
component "Blob\nStorage\nService" as StorageService<>
component "Application\nInsights\nService" as AppInsights<>
component "Sql\nService\n" as DbService<>
component "Doc\nDb\nService" as DocDbService<>
component "Event\nServices\n" as EventServices<>
component "Cloud\nETL\nService" as ETLService<>
MemCacheService -[HIDDEN]RIGHT- StorageService
AppInsights -[HIDDEN]RIGHT-DbService
DbService -[HIDDEN]RIGHT-DocDbService
DocDbService -[HIDDEN]RIGHT-ETLService
ETLService -[HIDDEN]RIGHT-EventServices
}
Client -DOWN(0- ModuleX : " HTTPS\n"
note right on link #F0F0F0
Note:
Routing to Module API
endpoints, AAA, etc.
done by Core
(via Interception)
end note
Client -DOWN(0- Service : " HTTPS\n"
Service -UP0)- IDA : "trust\n"
Service -UP0)- EDA : consume
Service -UP0)- MalwareService : use
Service -LEFT(0- ModuleX : "leverage\ncommon\nbroker\nservices"
KeyVaultService -RIGHT0)- Service : "retrieve\nsecrets\n"
Service -DOWN(0- MemCacheService : HTTPS
Service -DOWN(0- EventServices : HTTPS
Service -DOWN(0- StorageService : HTTPS
Service -DOWN(0- AppInsights: " notify"
Service -DOWN(0- DbService : 1433
Service -DOWN(0- DocDbService : HTTPS
Service -DOWN(0- ETLService : HTTPS
StorageService -RIGHT0)- AppInsights : retreive\nHTTPS\n
AppInsights -RIGHT-> DbService : monitor
}
### Integration View/High Level Component
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with remote Services
frame Clients {
component "Web\nBrowser" as UA
component "Remote\nSystems" as Remote
note as N0
APIs can be invoked
from multiple devices
endnote
UA - N0
N0 - Remote
}
frame System {
component "BASE" as SysBASE #D0D0D0
component "DB" as SysDB
SysBASE -LEFT- SysDB : cache\nremote\ndata\nTCP 1433
note left of SysDB
Data can be cached
closest to client Use
by using APIs to
retrieve it from on
prem servers (through
necessary DMZ)
endnote
}
frame DMZ {
component Proxy
note left of Proxy
An IIS + Url Rewrite Module
+ (optionally) ARR Module
based Proxy can be used to
pass API calls through the
DMZ
endnote
}
frame "App Server" as AppServer {
component "BASE" as AppBASE #D0D0D0
component "DB" as AppDB
AppBASE -LEFT- AppDB : cache\nremote\ndata\nTCP 1433
note left of AppDB
Data can be cached
closest to cloud use
using ETL for legacy
systems or APIs in
current systems
endnote
}
frame "Source" as Source {
component "Source System" as SourceSys
note left of SourceSys
Data can be sourced from one
or multiple internal sources.
endnote
}
UA -(0- SysBASE : HTTPS
Remote -(0- SysBASE : HTTPS
SysBASE -(0- Proxy : HTTPS
Proxy -(0- AppBASE : HTTPS
AppBASE -(0- SourceSys : API sync\nHTTPS
AppDB -(0- SourceSys : ETL sync\nTCP 1433
### Integration View/Load Balancer
...
### Integration with remote IdP
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with remote IdP
component Client
component Service {
}
component "IdP Service" as IdP
Client -RIGHT(0- IdP : Retrieve Id Token\nover HTTPS
Service -RIGHT(0- IdP : Verify Token\nover HTTPS
Client -DOWN(0- Service : ODATA REST\nover HTTPS
#### Integration with remote Principal Context Information Services
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with remote Principal Context Information Services
component Client
component Service {
component "System Authorisation Service" as AuthService
}
frame ESL {
component "IdP Service" as IdP
component "EOI Service" as EOI
component "Relationships Service" as Relationships
component "Goverance Rules Service" as Rules
}
frame I4L {
frame EVA {
component "Components" as EVAComponents
}
frame SISI {
component "Components" as SISIComponents
}
}
Client -(0- IdP : retrieve Id Token\nover HTTPS
AuthService -(0- IdP: verify Token\nover HTTPS
AuthService -(0- EOI: verify EOI score of Identity\nover HTTPS
AuthService -(0- Relationships: query org/family\nrelationships\nover HTTPS
AuthService -(0- Rules: query org rules\nover HTTPS
Relationships -(0- SISIComponents : rely upon
Client -(0- EVAComponents : query
#### Integration with remote Principal Context Information Services
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with remote Principal Context Information Services
component Client
component Service {
component "System Authorisation Service" as AuthService
}
component "IdP Service" as IdP
component "EOI Service" as EOI
component "Relationships Service" as Relationships
component "Goverance Rules Service" as Rules
Client -(0- IdP : retrieve Id Token\nover HTTPS
AuthService -(0- IdP: verify Token\nover HTTPS
AuthService -(0- EOI: verify EOI score of Identity\nover HTTPS
AuthService -(0- Relationships: query org/family\nrelationships\nover HTTPS
AuthService -(0- Rules: query org rules\nover HTTPS
### Integration with Public Blob Storage
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Public Blob Storage Integration
component "Service Client" as Client
frame "Azure AD" {
component "Azure AD" as AAD
}
frame Azure {
frame "App Services" as AS {
component Core
}
frame "Azure Key Vault Services" as AKVS {
component "Key Vault" As AKV
}
}
frame Cloud {
component "AntiMalware Service" as AMS
}
Client -(0- Core : upload media
Core -UP-> AAD : depends on to\nprovide service\naccount token
AKV -UP-> AAD : depends on to\nvalidate token\nand provide RBAC
Core -(0- AKV : retrieve Service\nAccount Id\nand Secrets
Core -(0- AMS : provide media + subscription secrets\nto remote service\nto validate media\nover HTTPS
### Integration with Public Blob Storage
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Public Blob Storage Integration
component "Service Client" as Client
frame "Azure AD" {
component "Azure AD" as AAD
}
frame Azure {
frame "App Services" as AS {
component Core
}
frame "Azure Storage Services" as ASS {
component "Storage Account" As SA {
component "Public Storage Account Container" as PSAC
}
}
frame "Azure Key Vault Services" as AKVS {
component "Key Vault" As AKV
}
}
Core -RIGHT(0- PSAC : HTTPS
Core -UP-> AAD : depends on to\nprovide service\naccount token
AKV -UP-> AAD : depends on to\nvalidate token\nand provide RBAC
Core -(0- AKV : retrieve Account\nor Container SAS
Core -UP-> Client : Provide\nURL + Item SAS\n to Client
Client -DOWN-> PSAC : use URL + SAS\nto retrieve media\nover HTTPS
### Integration with Private Blob Storage
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Private Blob Storage Integration
frame "Azure AD" {
component "Azure AD" as AAD
}
frame Azure {
frame "App Services" as AS {
component Core
}
frame "Azure Storage Services" as ASS {
component "Storage Account" As SA {
component "Private Storage Account Container" as PSAC
}
}
}
Core -RIGHT(0- PSAC : HTTPS
Core -UP-> AAD : depends on to\nprovide service\naccount token
PSAC -UP-> AAD : depends on to\nvalidate token\nand provide RBAC
### Integration with Relational Database Service
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with Relational Database Service
frame "Azure AD" {
component "Azure AD" as AAD
}
frame Azure {
frame "App Services" as AS {
component Core
}
frame "Azure SQL Services" as AKVS {
component "Database Server" As DBS {
component "Database" as DB
}
}
}
Core -RIGHT(0- DB : integrated security\nover TCP 1433
Core -UP-> AAD : depends on to\nprovide service\naccount token
DB -UP-> AAD : depends on to\nvalidate token\nand provide RBAC
#### Integration with Directory Services
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with Directory Services
frame Azure {
frame "App Services" as AS {
component Core
}
}
frame "Azure AD" {
component "Azure AD" as AAD
}
Core -RIGHT(0- AAD : service account
#### Integration with Key Vault Services
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with Key Vault Services
frame "Azure AD" {
component "Azure AD" as AAD
}
frame Azure {
frame "App Services" as AS {
component Core
}
frame "Azure Key Vault Services" as AKVS {
component "Key Vault" As AKV
}
}
Core -RIGHT(0- AKV
Core -UP-> AAD : depends on to\nprovide service\naccount token
AKV -UP-> AAD : depends on to\nvalidate token\nand provide RBAC
#### Integration with Key Vault Services
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with Document Db Storage Service
frame "Azure AD" {
component "Document Db Service" as AAD
}
frame Azure {
frame "App Services" as AS {
component Core
}
frame "Default Azure Services" as AZS {
component "Document Db Service" As DDBS
}
}
Core -RIGHT(0- DDBS
Core -UP-> AAD : depends on to\nprovide service\naccount token
AKV -UP-> AAD : depends on to\nvalidate token\nand provide RBAC
#### Integration with Azure Document Storage
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with Document Db Storage Service
frame "Azure AD" {
component "Azure AD" as AAD
}
frame Azure {
frame "App Services" as AS {
component Core
}
frame "Default Azure Services" as AZS {
component "Document Db Service" As DDBS
}
}
Core -RIGHT(0- DDBS
Core -UP-> AAD : depends on to\nprovide service\naccount token
DDBS -UP-> AAD : depends on to\nvalidate token\nand provide RBAC
#### Integration with Redis Cache
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with On Memory Cache Service
component Client
frame Azure {
frame Compute {
frame "Dynamically Horizontally Scalable" {
component "Service" as ServiceA
component "Service" as ServiceB
}
}
component "In Memory Cache Service" as InMemCacheService
ServiceA -DOWN(0- InMemCacheService : SSL\nTCP 6380
ServiceB -DOWN(0- InMemCacheService : SSL\nTCP 6380
}
Client -(0- ServiceA
Client -(0- ServiceB
## Integration With On Premise Services
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt
title Integration with On Premise Services
component Client
frame Azure {
frame Storage {
component StorageAccount
}
frame Compute {
component Service
}
frame SqlDatabase {
component Db
}
Client -DOWN(0- Service : HTTPS
Service -RIGHT(0- Db : 1433
StorageAccount -RIGHT0)- Service : HTTPS
}
frame OnPremise {
frame DMZ {
component Proxy
}
frame Corp {
frame Apps {
component "Service" as OPService
}
frame DW {
component "Db" as DWDb
}
}
Proxy -DOWN(0- OPService
OPService -DOWN(0- DWDb
}
Service -DOWN(0- Proxy
### Standard Services ###