Skip to main content

Environments

Overview

Mosaic is a multi-tenant system, i.e. it supports multiple customers ("tenants").

A tenant can have one or more environments. An environment provides a context where multiple services can run together, isolated from all other environments. Each environment has a distrinct set of users and service accounts that can access the environment. Fine-granular permissions can be set for users to access specific services and specific features inside the services.

Relationships between tenants, environments, services, and users

Environment Isolation

All resources which are generated within Mosaic have an environment-level isolation.

Customizable services need a separate deployment for each Mosaic environment.

Managed services maintain separate data for each environment where they are configured.

For example, the same user with the email address abc@domain.com may exist in the environment ABC, as well as in the environment XYZ. There is no conflict, as the storage of the environments is isolated.

The records which are created by the user abc@domain.com (e.g., an uploaded image) in the environment ABC are not visible to the same user in environment XYZ.

Multi-Tenant Managed Services

Once you enable a managed service for an environment, the service starts accepting requests from that environment (originating from a User or a Service Account). The requests can take multiple forms. These could be HTTP requests if they are, for example, invoking a service’s GraphQL endpoint. It could also be a RabbitMQ message posted to an exchange when using asynchronous messaging to make the requests. However, the URL endpoints of these Managed Services always remain the same (as they are multi-tenant aware services), and you do not receive new URLs for each environment where you enable a service.

To distinguish the environments, each managed service considers the contents of the access-token attached to every request. Each access token contains the following two fields uniquely identifying the environment:

{
"tenantId": "b0f7081a-8097-455d-8216-a3ff680855e1",
"environmentId": "70cbf548-3669-4fbf-a333-ec789e188e67"
...
}

Before the request is executed, the service checks that it is activated on the specified environment.

Environment Administration

To perform any environment administration tasks (create/configure/delete environment), you can use the Admin Portal (https://admin.service.eu.axinom.com). Using the same portal, you can introduce more tenant administrators when needed.

To log in there you can use the same account that you used to register on the Axinom Portal (https://portal.axinom.com).

Environments management

width=800

Enabling/disabling Services

Services are configured individually in each environment. Within each environment you maintain, you can enable the Managed Services you want to use, and disable them when you no longer plan on using those services. The Core Services, however, are mandatory for each environment. They are enabled automatically during environment creation and cannot be disabled afterwards.

Caution

Customizable services do not appear in this list, as they are not directly managed by the Mosaic platform. You have to deploy them yourself and bind to a specific environment using configuration.

Enabling/disabling a service

width=800

Service Configuration

Some services provide configuration options. You can click on a service and configure it according to your needs. Both Managed Services and Core Services can be configured in this way.

Configuration options for Identity Service

width=800