How does Architecture Dashboard work
Architecture Dashboard includes the following pieces:
- Architecture Dashboard LifeTime Plugin
- A LifeTime plugin that's published in a platform installation (on-premises or cloud) with probes to collect data and communicate with the SaaS.
- Architecture Dashboard SaaS
- A "Software as a Service" app that processes and shows all data collected from the Plugin.
Communication
Communications between the Architecture Dashboard plugin and the Architecture Dashboard SaaS are always initiated by the plugin. This reduces connectivity requirements on your side since all that needs to be ensured is connectivity from the Plugin in the LifeTime environment to the Architecture Dashboard SaaS endpoint.
The plugin can use a forward proxy to connect to the Architecture Dashboard SaaS endpoint.
Data collected in plugin and sent to SaaS
Architecture Dashboard collects the following data from your infrastructure:
-
Platform metamodel data, including infrastructure activation code, environments information (name and Platform Server version), teams, list of apps and modules (including name and identifier), and platform configurations.
-
Modules and dependency information for code analysis.
-
LifeTime Analytics data for runtime performance analysis.
-
Upon acceptance of the agreement, during Architecture Dashboard set up: users information (name, username, email address, user creation date, last login date) and LifeTime permissions.
-
Optionally: Discovery snapshot data (architectural references, applications, and modules) for architecture analysis.
Data of each installation is kept in the OutSystems cloud and isolated from all other installations using the platform's multi-tenant mechanisms. This ensures data from one installation is not accessible by users of other installations.
Data in transit
-
The Plugin and SaaS share data in binary format through a well-known HTTPS endpoint.
-
IP or DNS addresses aren't transmitted.
-
No ports besides the defaults need to be open for the correct use of Architecture Dashboard Probes.
-
No firewall issues should arise, although you need to be able to access the endpoint detailed in How to set up Architecture Dashboard.
Data at rest in SaaS
- Data of each installation is kept isolated from all other installations using the platform's multi-tenant mechanisms. This ensures data from one installation isn't accessible by users of other installations.
More information about security and compliance
Read more about security and compliance in the following FAQ sections:
Permissions
The permissions that IT users have while using Architecture Dashboard with an infrastructure, depend on the role and permissions set in LifeTime for the code-analysis environment of that infrastructure.
The set of permissions that an IT user has for the code-analysis environment is determined by the permissions of the assigned roles, and also by how the roles are assigned.
Roles and their permissions can be assigned as a default role, as a role for a team, or as role for an app.
The permissions of a role assigned for a team override the permissions for the team's apps assigned by the default role.
The permissions of a role assigned for an app override the permissions for the specific app assigned by the default role and of roles assigned for a team.
The following tables map the Architecture Dashboard permissions to the LifeTime permissions and to the way the roles are assigned to IT users.
Main features permissions
LifeTime permission | LifeTime role assignment | Architecture Dashboard permission | ||||
---|---|---|---|---|---|---|
View teams | View apps and modules | Open findings report | Export findings report | Resolve findings | ||
No Access / Access |
Assigned as default role | No | No | No | No | No |
Assigned for a team | No | No | No | No | No | |
Assigned for an app | No | No | No | No | No | |
List Applications / Monitor and Add Dependencies |
Assigned as default role | No | All appsA | No | No | No |
Assigned for a team | Assigned team | Team's appsB | Team's appsB | No | No | |
Assigned for an app | No | Assigned app | Assigned app | No | No | |
Open and Debug Applications | Assigned as default role | No | All appsA | All appsA | No | No |
Assigned for a team | Assigned team | Team's appsB | Team's appsB | No | No | |
Assigned for an app | No | Assigned app | Assigned app | No | No | |
Change and Deploy Applications / Full Control |
Assigned as default role | All teams | All appsA | All appsA | All appsA | All appsA |
Assigned for a team | Assigned team | Team's appsB | Team's appsB | Team's appsB | Team's appsB | |
Assigned for an app | No | Assigned app | Assigned app | Assigned app | Assigned app |
A- Specific apps may not appear if a lower permission is attributed by a role assigned specifically for those apps or assigned for teams assigned to those apps. ; B- Specific apps may not appear if a lower permission is attributed by a role assigned specifically for those apps.
Maintenance and operations permissions
LifeTime permission | LifeTime role assignment | Architecture Dashboard permission | |||
---|---|---|---|---|---|
Ignore modules | Enable AI auto-classification | Override module AI auto-classification | Update probes | ||
Open and Debug Applications or lower | Assigned as default role | No | No | No | No |
Assigned for a team | No | No | No | No | |
Assigned for an app | No | No | No | No | |
Change and Deploy Applications | Assigned as default role | All modulesA | No | No | No |
Assigned for a team | Team's modulesB | No | No | No | |
Assigned for an app | Assigned app's modules | No | No | No | |
Full Control | Assigned as default role | All modulesA | Yes | All modules | Yes |
Assigned for a team | Team's modulesB | No | No | No | |
Assigned for an app | Assigned app's modules | No | No | No |
A- Specific modules may not appear if a lower permission is attributed by a role assigned specifically for those modules' apps or by a role assigned for teams assigned to those modules' apps. ; B- Specific modules may not appear if a lower permission is attributed by a role assigned specifically for those modules' apps.