Initial project snapshot
This commit is contained in:
@@ -0,0 +1,129 @@
|
||||
# Final platform technical direction (summary)
|
||||
|
||||
## Product definition
|
||||
A distributed secure access platform with:
|
||||
- multi-tenant organizations
|
||||
- proven persistent session broker for RDP
|
||||
- cluster of platform-managed and customer-managed nodes
|
||||
- node-agent based service fabric
|
||||
- connector/VPN layer
|
||||
- future split/full tunnel capability
|
||||
- future collaboration extensions
|
||||
|
||||
## Main top-level domains
|
||||
|
||||
### Platform
|
||||
Owns:
|
||||
- global policies
|
||||
- cluster control plane
|
||||
- platform admins
|
||||
- node trust
|
||||
- artifact signing and update policy
|
||||
- disaster recovery authority
|
||||
|
||||
### Organization
|
||||
Owns:
|
||||
- users
|
||||
- groups
|
||||
- organization admins
|
||||
- identity sources
|
||||
- resources
|
||||
- policies
|
||||
- connectors
|
||||
- audits
|
||||
- quotas
|
||||
- domains / branding later
|
||||
|
||||
### Node
|
||||
Has:
|
||||
- node identity
|
||||
- ownership type (platform-managed, customer-managed)
|
||||
- capabilities
|
||||
- enabled services
|
||||
- health
|
||||
- update policy
|
||||
- version state
|
||||
- partition state
|
||||
|
||||
### Node Agent
|
||||
Small stable agent that:
|
||||
- keeps running
|
||||
- supervises services
|
||||
- downloads signed updates
|
||||
- verifies integrity
|
||||
- restarts crashed services
|
||||
- rolls back if needed
|
||||
- reports health
|
||||
|
||||
### Connector
|
||||
Reusable network access method:
|
||||
- direct
|
||||
- VPN
|
||||
- relay-backed
|
||||
- future egress mode
|
||||
Bound to resources by policy, not duplicated blindly per server.
|
||||
|
||||
### Session broker
|
||||
Already proven for RDP persistent lifecycle.
|
||||
|
||||
## Mandatory capabilities
|
||||
|
||||
### Multi-tenant
|
||||
- org isolation
|
||||
- organization memberships
|
||||
- user may belong to multiple organizations
|
||||
- clear org switching UX later
|
||||
- org admins only see their org
|
||||
|
||||
### Identity federation
|
||||
- local accounts
|
||||
- LDAP / AD
|
||||
- OIDC
|
||||
- group/claim mapping to access
|
||||
|
||||
### Resource authorization
|
||||
- local manual mapping
|
||||
- external group / claim driven mapping
|
||||
- feature scopes:
|
||||
- RDP only
|
||||
- connector/VPN only
|
||||
- both
|
||||
- future scopes
|
||||
|
||||
### Cluster behavior
|
||||
- dynamic membership
|
||||
- encrypted inter-node communication
|
||||
- no mandatory single center
|
||||
- quorum-based authority
|
||||
- degraded / recovery / isolated modes
|
||||
- manual partition promotion only by highly privileged recovery admin
|
||||
- multi-hop route support
|
||||
- not every node needs full mesh
|
||||
|
||||
### Updates
|
||||
- signed artifacts
|
||||
- canary rollout
|
||||
- staged rollout
|
||||
- rollback
|
||||
- thin node vs artifact-cache node
|
||||
|
||||
### Customer-managed nodes
|
||||
- can join common cluster
|
||||
- can be scoped to their organization
|
||||
- can serve ingress / connector / egress functions for that organization
|
||||
- must not automatically become cluster-global trusted nodes
|
||||
|
||||
## What to implement first
|
||||
- organization model
|
||||
- memberships and roles
|
||||
- org-scoped resource model
|
||||
- identity source model
|
||||
- node and node-agent control plane model
|
||||
- service capabilities / enabled services model
|
||||
|
||||
## What to delay
|
||||
- full mesh engine
|
||||
- full connector scheduler
|
||||
- internet exit mode
|
||||
- collaboration/video meetings
|
||||
- heavy media routing
|
||||
Reference in New Issue
Block a user