OneList server components are containerized for maximum deployment flexibility, scalability, reliability and cost-effectiveness. The most common deployment approach is to leverage Kubernetes, either cloud-hosted (AWS, Azure, Google Cloud Platform) or on-premise.

Customers are required to enable secure (HTTPS) network routing between source workflow systems and the Kubernetes Service.  

• For mobile app connectivity to OneList, the Kubernetes service end-points must be internet accessible (default setting).
• The necessary firewall and reverse proxy layers should be put in place to mitigate intrusion attempts.
• For user-friendly connectivity, the Kubernetes server end-points must have registered domain name entries (DNS) and must be secured via an SSL certificate (eg https://onelist.yourcompany.com).

The OneList application performs end-user authentication leveraging OpenID mapping to the customers’ Identify Management Solution (eg Microsoft Azure Active Directory, O365) for credential management. OneList supports two-factor authentication. Application-level authorizations are defined by claims grouped into roles and assigned to users in the Role Manager component of OneList.

For push notifications to mobile devices including updating badge counts, the AKS service establishes outbound connectivity to Apple and Google Push Notification service end-points.

Components

OneList cloud deployment consists of the following containerized applications and services:

• OneList Web App
• OneList Server
• Role Manager
• Communications Hub
• Diagnostic Service
• Custom Theme Provider
• Redis (Docker public image) – signalR eventing
• Mongo (Docker public image) – diagnostic logging

Databases

Each instance of OneList deployment requires the following 3 SQL Databases to be provisioned, adopting the naming convention below where X is the environment (D=Development, Q=Quality, P=Production) eg OneList_P is the Production OneList database.

• OneList_{X}
• RoleManager_{X}
• Comms_{X}

SSL Certificates

An SSL certificate is required for each environment (D,Q,S and P).

• Key size 2048 bits
• Issued by public certificate authority

Access to be provided

In order for IQX to install and support the customer’s installation, the following access is required:

• Remote access in all environments;
• OneList SQL database login with “db_owner” access in all environments for all installation, upgrade and monitoring activities;
• SMTP credentials for outbound email notifications;
• If email approval is required, a dedicated OneList mailbox (with credentials) for production and non-production;
• Service accounts for each source system for workflow integration;

Following are the detail instructions