OneList server components are containerized for maximum deployment flexibility, scalability, reliability and cost-effectiveness. The most common deployment approach is to leverage Kubernetes, either cloud-hosted (AWS, Azure, Google Cloud Platform) or on-premise.
Customers are required to enable secure (HTTPS) network routing between source workflow systems and the Kubernetes Service.
- For mobile app connectivity to OneList, the Kubernetes service end-points must be internet accessible (default setting).
- The necessary firewall and reverse proxy layers should be put in place to mitigate intrusion attempts.
- For user-friendly connectivity, the Kubernetes server end-points must have registered domain name entries (DNS) and must be secured via an SSL certificate (eg https://onelist.yourcompany.com).
The OneList application performs end-user authentication leveraging OpenID mapping to the customers’ Identify Management Solution (eg Microsoft Azure Active Directory, O365) for credential management. OneList supports two-factor authentication. Application-level authorizations are defined by claims grouped into roles and assigned to users in the Role Manager component of OneList.
For push notifications to mobile devices including updating badge counts, the AKS service establishes outbound connectivity to Apple and Google Push Notification service end-points.
Components
OneList cloud deployment consists of the following containerized applications and services:
- OneList Web App
- OneList Server
- Role Manager
- Communications Hub
- Diagnostic Service
- Custom Theme Provider
- Email Approval
- Redis (Docker public image) – signalR eventing
- Mongo (Docker public image) – diagnostic logging
Databases
Each instance of OneList deployment requires the following 3 SQL Databases to be provisioned, adopting the naming convention below where X is the environment (D=Development, Q=Quality, P=Production) eg OneList_P is the Production OneList database.
- OneList_{X}
- RoleManager_{X}
- Comms_{X}
SSL Certificates
An SSL certificate is required for each environment (D,Q,S and P).
- Key size 2048 bits
- Issued by public certificate authority
Minimum Sizing Requirements
Production Environment
Service | Specification |
---|---|
Kubernetes | Cluster node count:3 Cluster node size: 2 vCPU, 8GB RAM |
SQL Server | Number of Databases: 3 Azure SQL Service: Standard, Max Size 50GB |
Development, QA Environments and Pre-Production
For each non-productive environment, the following services are required:
Service | Specification |
---|---|
Kubernetes | Cluster node count:3 Cluster node size: 2 vCPU, 8GB RAM |
SQL Server | Number of Databases: 3 Azure SQL Service: Standard, Max Size 10GB |
These certificates are required to be installed on the Kubernetes ingress service and corresponding source systems (incl SAP).
Access to be provided
In order for IQX to install and support the customer’s installation, the following access is required:
- Kubernetes Portal access in all environments
- OneList SQL database login with “db_owner” access in all environments for all installation, upgrade and monitoring activities
- SMTP credentials for outbound email notifications
- If email approval is required, a dedicated OneList mailbox (with credentials) for production and non-production
- Service accounts for each source system for workflow integration
Following are the detail instructions
Child pages (Children Display) |
---|