Table of Contents

The modular system

Instead of pushing a monolithic system on to a customer, PhenixID server has a "only install what you need" approach. System functions are divided into smaller pieces, modules. Each module provides a very narrow and well defined set of functions, a micro service. By putting these microservices together PhenixID server becomes a very powerful system.

Modules are used/loaded by the system on demand and can be turned on and off through configuration. By only installing required modules PhenixID server is kept as small and effective as possible.

A module can have one out of two possible purposes:

  • Runtime module
  • UI module

Each module possibly has it's own configuration and is self contained.

Modules overview

flowchart LR
    subgraph Modules
        Config
        Authentication
        Session
        Radius
    end

Add modules

flowchart LR
    subgraph Modules
        Config
        Authentication
        Session
        Radius
    end
    subgraph NewModules [New Modules]
        Federation
    end
    NewModules --> Modules

Module interaction

flowchart TD
    subgraph Modules
        direction LR
        Config
        Authentication
        Session
        Radius
        Federation
    end
    EventBus[Event bus]
    Config <--> EventBus
    Authentication <--> EventBus
    Session <--> EventBus
    Radius <--> EventBus
    Federation <--> EventBus

Cluster and load balancing

flowchart LR
    subgraph Cluster
        direction TB
        subgraph Server1[Server #1]
            direction LR
            Sessions1[Sessions]
            Configuration1[Configuration]
            OneTouch1[OneTouch]
            Hazelcast1[Hazelcast]
            Sessions1 --> Hazelcast1
            Configuration1 --> Hazelcast1
        end
        subgraph Server2[Server #2]
            direction LR
            Sessions2[Sessions]
            Configuration2[Configuration]
            OneTouch2[OneTouch]
            Hazelcast2[Hazelcast]
            Sessions2 --> Hazelcast2
            Configuration2 --> Hazelcast2
        end
        subgraph Server3[Server #3]
            direction LR
            Sessions3[Sessions]
            Configuration3[Configuration]
            OneTouch3[OneTouch]
            Hazelcast3[Hazelcast]
            Sessions3 --> Hazelcast3
            Configuration3 --> Hazelcast3
        end
    end
    subgraph Db[External database]
        direction LR
        MSSQL[MS SQL]
        MariaDB[Maria DB/MySQL]
    end
    Hazelcast1 <--> Hazelcast2
    Hazelcast2 <--> Hazelcast3
    Hazelcast3 <--> Hazelcast1
    OneTouch1 --> Db
    OneTouch2 --> Db
    OneTouch3 --> Db

UI module

A UI module provides a graphical interface. They are mainly used for system configuration and Identity management. A UI module is installed inside a UI container called phenix-prism. Examples of UI modules are *start, report *and *guides. *These modules are found in the boot.json file.

Runtime module

Runtime modules are modules without any UI providing the day to day functionality. A runtime module can be installed onto any node in a potential cluster and is self contained.

A deployed runtime module will serve requests from any node in a cluster, not just the node it resides on. Runtime modules deployed on multiple nodes function as a unity, providing high availability.

Key modules

There are a number of functional and UI modules bundled with the PhenixID server. Some modules are used to solve edge use-cases but some are to be considered key and will be deployed in every installation:

  • com.phenixidentity~phenix-store-json - responsible for system configuration. Data is stored in RAM and persisted in a JSON file. Changes made in the file will cause a full system reload. System will not work without this module
  • com.phenixidentity~phenix-pipes - handles data access and manipulation. Reads data from data sources. Authenticates users.
  • com.phenixidentity~phenix-session-manager - handles all sessions in the system. Used by both UI and runtime modules.
  • com.phenixidentity~phenix-store-mpl -  persistance layer for reporting, user tokens and One Touch assignments.
  • com.phenixidentity~phenix-prism - UI container module. Responsible for deploying UI modules.
  • com.phenixidentity~auth-http - Handles UI modules and federation authentication.

Add a module for deployment

To deploy a module in the system the configuration file, phenix-store.json, needs to be updated.

Note

Changing phenix-store.json should be carried out using the configuration GUI. https://<phenixid_server>:<port>/config/

Locate the file and open it. Locate the NODES section in the file.

Within that section locate the node on which you want to deploy the module: "id" : "<the node name>",

Under that node locate the modules section: "modules" : \[ {..........

add the new module configuration into the list:

{
  "module" : "<module name>",
  "enabled" : "true",
  "config" : {}    
}

Save the file.

If the module is deployed successfully the configuration just added is updated with a "_deployed" : "true" entry.