Architecture

The system architecture for the Cenova Command module is shown below.

NOTE

The early 0.4 beta does not adhere to all aspects of the architecture as defined below. Most notably user authentication is not part of the the 0.4 beta release.

System architecture

Description

• User authentication using oauth2 / openid connect protocols. There are two supported options Keystone and Keystone Lite (if Windows Authentication is desired). If Keystone Lite is selected this will be installed on-premises using a separate MSI.
• The system acts on behalf of user with dedicated service accounts for the server and edge worker Windows services. The edge service should run with a service account appropriate for accessing network resources.
• Licensing is a separate concern from authentication and is handled with license keys
• Cenova gateway runs on port 9797 by default and will create a firewall rule on the VM (if selected during installation)
• Grafana ** runs on port 4815 and can optionally also be exposed with a firewall rule if direct access is required. Otherwise it is accessible in-app via the Cenova gateway.
• NATS runs on port 4222 by default and need not be exposed outside the VM if the edge worker and server services are colocated on the same machine (currently the only option for the initial release of the system). NATS is used to communicate between the edge and server components.

Installed components

• Cenova binary for use running the Cenova services
• Grafana ** for the purposes of dashboarding
• NSSM for running Windows services
• DB Browser for manual inspection of SQLite files locally
• Selected extensions for use with SQLite

WARNING

** Grafana is planned to be removed in an upcoming beta release and replaced with native application dashboards