Architecture

From Genesys Documentation
Jump to: navigation, search
This topic is part of the manual Genesys Authentication Private Edition Guide for version Current of Genesys Authentication.

Learn about Genesys Authentication architecture.

Introduction

The diagram below shows the architecture of the Genesys Authentication components:

  • Authentication API service
  • Authentication UI service
  • Environment API service

For information about the overall architecture of Genesys Multicloud CX private edition, see the high-level Architecture page.

See also High availability and disaster recovery for information about high availability/disaster recovery architecture.

Architecture diagram — Connections

The numbers on the connection lines refer to the connection numbers in the table that follows the diagram. The direction of the arrows indicates where the connection is initiated (the source) and where an initiated connection connects to (the destination), from the point of view of Genesys Authentication as a service in the network.

Pe auth architecture.png

Connections table

The connection numbers refer to the numbers on the connection lines in the diagram. The Source, Destination, and Connection Classification columns in the table relate to the direction of the arrows in the Connections diagram above: The source is where the connection is initiated, and the destination is where an initiated connection connects to, from the point of view of Genesys Authentication as a service in the network. Egress means the Genesys Authentication service is the source, and Ingress means the Genesys Authentication service is the destination. Intra-cluster means the connection is between services in the cluster.

ConnectionSourceDestinationProtocolPortConnection ClassificationData that travels on this connection
1 Consumer browser Identity provider HTTPS 443 Ingress For single sign-on support, the consumer's browser communicates with the identity provider (IdP).
2 Consumer browser and API clients Authentication Service HTTPS 443 Ingress Consumer browsers and API clients use one of the supported OAuth 2.0 grant types to authenticate. See the Authentication API for details.
3 Consumer browser Authentication UI HTTPS 443 Ingress If an application uses the Genesys Authentication UI, users are redirected to the log in page. See Log in to Genesys Multicloud CX for details.
4 Authentication Service Voice Platform Configuration Server TCP 8888 Ingress Data from Configuration Server.
5 Other Genesys services Authentication Service HTTP/HTTPS 80/443 Ingress Genesys services authenticate with Authentication API. Enable Transport Layer Security for this connection with internal_ingress.tls_enabled in the values.yaml file.
6 Other Genesys services Authentication UI HTTP/HTTPS 80/443 Ingress Applications that use the Genesys Authentication UI. Enable Transport Layer Security for this connection with internal_ingress.tls_enabled in the values.yaml file.
7 Other Genesys services / curl commands Environment Service HTTP/HTTPS 80/443 Ingress Other Genesys services and the private edition installer (through curl commands) use the Environment API to manage their environments, contact centers, and settings. Enable Transport Layer Security for this connection with internal_ingress.tls_enabled in the values.yaml file.
8 Genesys Authentication Consul HTTPS 443 Egress Discovery of Configuration Server endpoints. This connection is optional and controlled by the consul. options in the values.yaml file.
9 Genesys Authentication Elasticsearch TCP 9200 Egress Logging data.
10 Genesys Authentication Redis TCP 6379 (non SSL) or 6380 (SSL) Egress Session data. SSL is controlled by redis.use_tls in the values.yaml file.
11 Genesys Authentication PostgreSQL TCP 5432 Egress Configuration data for the Authentication Service and the Environment Service.