Zum Ende der Metadaten springen
Zum Anfang der Metadaten

You are viewing an old version of this content. View the current version.

Unterschiede anzeigen View Version History

« Vorherige Version anzeigen Version 5 Aktuelle »

Hosting

DATA UNIT Hosting

The Approval Portal is designed as SaaS (Software-as-a-Service) Application. This means, its hosted and maintained by DATA UNIT AG. The Approval Portal is secured by KeyCloak. Below, you can find infrastructure setup.

In this setup, the whole application is hosted and maintained by DATA UNIT AG. The Application is hosted on a ISO 27001 certified Cluster. If documents are needed, they can be provided.

KeyCloak

KeyCloak is an Identity Provider and provides the user with several possibilities for Single Sign On (SSO). Such as AzureAD, Microsoft Active Directory (LDAP) or other Social Logins (Google, Facebook) or simple SAP Login (Database).

Hybrid Hosted

Because the installation of KeyCloak takes a while, its possible to make a hybrid installation. In this scenario, the Approval will use the KeyCloak hosted on the DATA UNIT AG Servers.

In this case, its not needed to open Ports. Only a valid certificate and internal DNS Settings are required.

In this scenario, KeyCloak is maintained by DATA UNIT AG. The Approval Service, including Ubuntu Server, Kubernetes and the Service its self is not maintained by DATA UNIT AG. Its not possible to install Updates Over the Air.

In this scenario, the Approval Portal is not accessible from outside by default. If the Portal must be accessible from Outside, Firewall Rules are needed.

Self Hosted

As already mentioned, the application is designed as SaaS Application. Sometimes, the customer has some criticial security requirements and does not want to open any ports.

For this purpose, its possible to install the System OnPremise. Due to its non-alignment with the current scenario, additional manpower is required for installation, incurring associated costs. The extent of these costs varies depending on the specifications of the customer's system and will be individually calculated for each installation.

Requirements

  • Ubuntu Server in the latest LTS Version is needed (for best expierence a dedicated VM)

  • Wildcard Certificate for Domain

  • Internal DNS Entries fo

    • keycloak.your-domain.com

    • approval.your-domain.com

In this scenario, KeyCloak, PostgreSQL and the Approval Portal will be installed on a Micro Kubernetes System located on the Ubuntu Server. Everything is maintained by the Customer. Its not possible to install Updates Over the Air.

In this scenario, the Approval Portal is not accessible from outside by default. If the Portal must be accessible from Outside, Firewall Rules are needed.

Summary

Setup

Maintained by DATA UNIT

Maintained by Customer

PRO

Contra

DATA UNIT Cloud

All Services

n/a

  • No extra costs

  • Always updated Software

  • Fastest Setup

  • Accessible everywhere

  • Clustered and High availability Hosting

  • Customer need to open Ports 8080 / 9090

Hybrid Hosted

KeyCloak

Ubuntu Server, Kubernetes, Approval Service

  • Compared to Self Hosted, faster installation

  • No need to open Ports

  • Not accessible from Outside by Default

  • Customer has to maintain Servers

  • Not clustered

  • No over-the-air Updates

  • Extra Costs if the Customer wants new Updates

Self Hosted

n/a

All Services

  • No need to open Ports

  • Setup costs are the highest

  • Not accessible from Outside by Default

  • Customer has to maintain Servers

  • Not clustered

  • No over-the-air Updates

  • Whole System is maintained by Customer

  • Extra Costs if the Customer wants new Updates

Installation

DATA UNIT Hosted

Following Tasks must be completed before the Approval Service is ready:

  • Create a C-NAME DNS Entry with: approval.my-domain.com → ingress.cloudscale-lpg-2.appuio.cloud

  • Installation Approval on the SAP / B1i System

  • Open Ports 8080 and 9090 and Whitelist the IP-Address: 185.98.123.195

  • Install the PDF-Service (if needed) on the SAP Server

    • It depends on the CMS System

  • Configure the KeyCloak with your preferred Identity Provider (Azure, Microsoft AD…)

    • For local Identity Providers, such as LDAP, the customer has to open a Port

  • Last Configuration on the Approval Portal

  • Run the System

Hybrid Hosted

Following Tasks must be completed before the Approval Service is ready:

  • Install a Ubuntu Server LTS

  • Install Kubernetes

  • Install the Approval Portal on the Kubernetes Cluster

  • Install Traefik on the Kubernetes

  • Create local DNS Entries for approval.my-domain.com → Ubuntu Server IP-Address

  • Install the PDF-Service (if needed) on the SAP Server

    • It depends on the CMS System

  • Configure the KeyCloak with your preferred Identity Provider (Azure, Microsoft AD…)

    • For local Identity Providers, such as LDAP, the customer has to open a Port

  • Last Configuration on the Approval Portal

  • Run the System

Self Hosted

Following Tasks must be completed before the Approval Service is ready:

  • Install a Ubuntu Server LTS

  • Install Kubernetes

  • Install the Approval Portal on the Kubernetes Cluster

  • Install Traefik on the Kubernetes

  • Install the PostgreSQL Database on the Kubernetes Cluster

  • Install the KeyCloak Service on the Kubernetes Cluster

  • Install a valid or self-signed certificate on the Host

  • Create local DNS Entries for approval.my-domain.com → Ubuntu Server IP-Address

  • Install the PDF-Service (if needed) on the SAP Server

    • It depends on the CMS System

  • Configure the KeyCloak with your preferred Identity Provider (Azure, Microsoft AD…)

    • For local Identity Providers, such as LDAP, the customer has to open a Port

  • Last Configuration on the Approval Portal

  • Run the System

  • Keine Stichwörter