...
| Table of Contents | ||
|---|---|---|
|
...
The Maestrano platform is composed of the following components:
1 - Frontend App(s)
The frontend applications are interfaces between the users - customers, staff, partners - and the actual Maestrano platform. While most implementations only include one frontend application - usually a customer portal/marketplace/dashboard - one could decide to create a different application for staff users such as support or administrator people. One could also decide to use the Maestrano platform in order to serve multiple business purposes - multiple business units - and create multiple frontend applications accordingly.
Maestrano supports multi-tenancy out of the box. This means that frontend applications can be setup with access to the same customer base or different customer bases (isolated frontend applications).
Frontend applications are lightweight, dependency-less Ruby on Rails (RoR) applications connecting via API to MnoHub (see section below). Frontend applications do not need a database such as MySQL or Oracle to function as all data are accessed via API from the hub. A database can always be added if application specific data or metadata need to be stored.
While Maestrano provides a RoR template to build frontend applications, one could easily choose another application stack to build their own frontend as the only hard dependency is to be able to consume the MnoHub JSON REST API.
2 - MnoHub
The Maestrano Hub acts as an orchestrator for the whole platform. It holds any data related to customer identification, billing and product purchase/subscription. The hub is also responsible for maintaining the Access Control Lists (ACL) for all platform users.
The hub contains customer related application logic exposed via two different APIs:
- The HUB API is used by frontend applications (see section 1) to retrieve and update customer data.
- The Developer API is used by third party applications to query data about their customer portfolio as well as submit bills for any subscription that users may have taken inside their app
The hub also acts as a Single Sign-On provider for accessing Cloud and Hosted application (= not "data only" or "connector" applications such as QuickBooks). Users coming from frontend applications and wishing to access an app are redirected to the hub wish then handle authorisation as well as single sign-on handshake with the applications.
Finally, the hub also contains an authorisation API called "IDM" (Identity Manager) that can be used by other services - such as Connec!™ - to authorise API queries. This is typically the case when users load their Impac!™ dashboard. A session token is enclosed in the query and transmitted through Impac!™ to Connec!™ which then contacts the hub to verify that the provided token (user) has access to the data. While Connec!™ is currently the only service to use the IDM, other services - such as Nex!™ for third party access to the apps - are expected to leverage the IDM in the near future.
3 - Nex!™
Nex!™ is Maestrano's Platform as a Service (PaaS). It has the ability to deploy and host applications on-demand. Some applications such as vTiger, Dolibarr, WordPress cannot be shared by multiple customer at once and require to be individually hosted for each customer. These applications are different from the likes of Ranqx, SignMee and other which have this multi-tenancy ability - cloud service able to handle multiple customers.
Nex!™ allows applications that would usually require to be hosted on-premise - usually on a dedicated server - to be seamlessly requested in the cloud, in a few seconds.
In the background Nex!™ uses powerful orchestration, hosting, routing, monitoring and storage mechanisms to deploy, configure, host, secure and backup these applications. Nex!™ also automatically handles the scalability of its infrastructure by provisioning/removing servers etc.
When a customer requests a new application from a frontend application, this request gets passed to the hub which asks Nex!™ to provision an instance of specific application. Once provisioned, customers can access them like any other Single Sign-On ready application.
4 - Connec!™
Connec!™ is Maestrano's data sharing platform. It seamlessly synchronise data between applications in real-time so that users do not need to re-enter data twice in different applications.
From the outside Connec!™ is an API platform allowing applications to submit data updates when then get propagated to other applications via webhooks. Connec!™ API also feature powerful querying functionalities as well as reporting endpoints - typically used by Impac!™ for aggregated reporting.
Connec!™ also has the ability to synchronise data from external services exposing public APIs (instead of integrating via our SDK). This is typically the case for "Connector Applications" such as QuickBooks or MYOB. Connec!™ runs internal algorithms and synchronisation processes allowing it to detect changes in data and automatically retrieve these changes from these remote services.
From the inside, Connec!™ has powerful API definition and routing capabilities. One can easily configure how data should be shared between applications.
Connec!™ also features audit capabilities. Every transaction inside Connec!™ gets recorded internally, which allows one to easily track changes and rollback transactions if required.
Connec!™ is stateless from an authorisation point of view. Any API query gets authorised by contacting the MnoHub IDM which then handles authorisation. This makes ACL management much easier to maintain from Connec!™ point of view.
5 - Impac!™
Impac!™ is Maestrano's reporting engine and frontend. It allows users, application providers and enterprise customers to retrieve aggregated data from Connec!™ around Finance, HR, Payroll, Sales and more. Data can be either nicely presented to end users using a series of widgets or be directly accessed via API.
Impac!™ is essentially a reporting engine exposed via API. It retrieves data using Connec!™ transactional and aggregated API and runs aggregation/calculation algorithms to extract meaningful summaries and KPIs to be presented to users.
Impac!™ is stateless from an authorisation point of view. Any authorisation header sent to Impac!™ gets delegated to Connec!™ when retrieving data. Connec!™ then delegates authorisation to MnoHub via the IDM.
Impac!™ also features a JavaScript based frontend called "impac-angular". This frontend is directly loaded by the browser and is completely stateless from a data point of view. Impac-Angular is available open source on github under Maestrano's profile.
While Maestrano publicly provides Impac-Angular as a convenient way to display data provided by Impac!™ engine, one could easily choose to implement their own frontend using any technology/framework that they may see fit.
6 - Internal - Nex!™ Applications
The Nex!™ web applications are all packaged using Docker. Docker allows one to define an OS image containing everything that is needed to run a particular web application such as vTiger, Dolibarr, WordPress and Joomla. So far, all applications hosted by Nex!™ are open source. Examples of these applications can be found on Github under Maestrano's account (e.g.: https://github.com/maestrano/vtiger6). Actual Docker packages can be found on Docker Hub under Maestrano's account (e.g.: https://hub.docker.com/r/maestrano/vtiger6).
These open source applications have been modified by Maestrano to include Maestrano-specific features such as Single Sign-On and Connec!™ Data Sharing. They leverage Maestrano's SDKs - found on Github under Maestrano's account - for this.
Customers can easily point a custom domain name to their applications if required. Each application comes with a default unique url which can be used by customers to point a CNAME.
While most Nex!™ applications are served using HTTPS, some applications - such as Joomla and WordPress - require to be served under HTTP. At first, this may be considered as a potential security issue but most of these applications require a custom domain and a custom SSL certificate in any case. Therefore this "HTTP vulnerability" is only a temporary situation that any customer would resolve anyway after purchasing a custom domain and certificate.
7 - External - Cloud Applications
Cloud applications are online services that have used Maestrano's SDK to integrate with the platform and enable features such as Single Sign-On, Single Billing and Data Sharing. They reside outside of the Maestrano infrastructure but are still considered part of the ecosystem.
Because they integrate with the platform, customers do not need to signup separately to these services. Using Single Sign-On customers can automatically get setup on these kind of services.
Cloud applications are expected to communicate with two components of the platform: MnoHub and Connec!™. MnoHub is used by cloud applications to retrieve information about their customers as well as submit bills related to customer subscriptions. Connec!™ is used for Data Sharing, meaning that cloud applications are expected to send data updates to Connec!™ when records are updated on their side as well as receive updates whenever things get updated on the Connec!™ side (= data pushed by another application).
8 - External - Connector Applications
Connector applications are online services that exchange data with Connec!™. These applications did not integrate using one of Maestrano's SDKs. Instead Maestrano connected them to Connec!™ using their public APIs.
These applications do not feature any Single Sign-On or Single Billing capability. Customers are required to have an account on these services before connecting them to the platform.
9 - Overview Diagram
The diagram below show how all components interact together.
.png?version=1&modificationDate=1476146394943&cacheVersion=1&api=v2&width=1330)