Bridge Domains
One Bridge can manage several node instances, which are aggregated into a Bridge domain as shown in the following picture:
Figure: Representation of Node Instances in a Bridge Domain
For more information on the Bridge architecture in general, particularly the Domain, Server and Runtime architecture, refer to Bridge Architecture Overview.
Domain Concept
Depending on your requirements, there may be different scenarios on how to use domains.
- For instance, it may not be sufficient to fulfill all requests to a service running on only one node instance. You may want to run the same composite service on different node instances to set up load balancing using DNS Round Robin.
- Another possible configuration would be to have several services with different implementations separated on technically independent node instances. Furthermore, you want to have the same user and group access rights on each of these systems for the administration tasks.
Both scenarios can be realized with a domain. Every node instance in both scenario contexts can be managed from an arbitrary Bridge installation, which is member of the domain.
As previously mentioned, a domain is an aggregation of several node instances.
You need a Bridge installation on each node instance that will be included in the domain. A Bridge can manage as many node instances of a domain as you want respectively what makes sense from an organizational point of view. There are no technical limitations on that.
User and group access rights are defined at domain level and are valid for each node instance that belongs to the same domain. Each modification is always distributed to all members of the domain.
The example below shows the administration view of the domain E2E_Education with the user admin logged in. This domain has three node instances called e2ebridge.e2e.ch, e2ebridge2.e2e.ch, and e2ebridge3.e2e.ch, which are technically independent from each other. This means they can run different deployed services. You can manage each service of each node instance in the domain from any Bridge installation (in this example, the administration console of the Bridge running on the node instance e2ebridge.e2e.ch is opened in the browser).
Advantages
The advantages of domains are summarized as follows.
- Several node instances can be aggregated in one domain. Each service running on different node instances can be managed from one Bridge installation. It is possible to deploy, start, and stop services even if they run on other node instances within the domain.
- User and group access rights are shared between each node instance that belongs to the same domain.
- Domains enable you to setup flexible configurations, e.g. load balancing configurations.
Recommendations
Keep the following in mind, if you are using Bridge domains:
- All nodes must have installed the same Bridge version. Operating with different versions is not supported.
- With every click in the web-based interface, a new HTML page will be loaded – including the complete left-hand side navigation panel. This means, the more nodes you have in the server domain, the longer it takes to render the HTML page. If a node fails, it even gets slower, as the rendering engine has to wait for the timeout of the requested node that failed.
- The Bridge communicates with the other nodes via HTTPS via the normal port (default 8080). The Bridge, whose URL is entered in the browser is the client and sends requests to the other Bridge nodes (server).
For robust setups in productive environments that should have low dependencies between the systems, you should use server domains only with special care. We recommend to use it only for proxy requirements.
- Management of Bridge users is less convenience when not using server domains. However, you could also copy the user definition file (XML) from one node to the other manually (as Bridge users will not be changed often in practice).
- Instead of managing all node instances with one Bridge domain, you could also use single bookmarks to each Bridge node.
Managing a Bridge Domain
After installation, the Bridge is in an initial state called stand-alone, which also means that the node instance is not included in a domain, yet. You have two possibilities:
- Import the node instance into an existing domain. Switch the browser to another Bridge installation whose node instance is already member of a domain. From there, import your node instance into this domain.
- Create a new domain. Your node instance will be the first one that is assigned to the new domain. Afterwards, import other node instances into the domain. You can only import node instances that are not included in another domain.
That way, you may setup your domain depending on your organizational requirements.
You can remove a node instance from a domain at any time by using the corresponding Remove function.
If there is only one node instance left in a domain, the Bridge installation can be converted back to a stand-alone installation. The domain and all users and groups of the domain will be removed.
For more details, refer to Managing a Bridge Domain.
Group Management
Groups can be added or removed to/from a domain. User and group access rights are defined at domain level and are valid for each node instance that belongs to the same domain.
Groups are based on three roles:
Role | Description |
---|---|
ADMIN | Users belonging to a group with this role may invoke any function of the Bridge. |
MODELER | This role enables a user to perform the most important actions, but limits access to certain features. For instance, a user belonging to such a group may only start, stop, or replace a service, if it was deployed by a member of the same group. |
USER | Only read-only actions may be invoked when having this group role, except that the user may change his user name and password. |
For more details, refer to Managing Groups.
User Management
Users are defined at domain level and can be added or removed to/from a domain.
Installing the Bridge creates a predefined Bridge administration user with user id admin. You had to define a password for this user during the installation process. The admin user enables you to perform all necessary actions to maintain node instances, composite services, groups, users, and the Bridge itself.
To provide a higher granularity and address security issues for accessing features of the Bridge, you may add or remove users from/to groups of a domain.
Depending on the user's membership to a group, he is allowed to invoke functions like starting, stopping, replacing, or deleting services.
Users are defined at domain level. Mutations of users are replicated to each node instance that belongs to the same domain.
For more details, refer to Managing Users.