Frends Data Flowcharts

When performing actions and executing Processes in Frends, data and commands are delivered over multiple components in the Frends Architecture.

At all stages secure keys and certificates are stored in the Azure Key Vault and accessed by the Web Application when needed.

Process Development

The illustration below describes the flow in Frends Architecture when developing a new Process.

User acess

The flow begins when a user accesses Frends through the provided endpoint in the Frends web application. All connections are secured using valid SSL certificates and pass through the Azure WAF.

The user inputs configuration information to the Frends web application to develop a new Process.

Saving developed Process

When saving a new Process, the given configuration information is persisted in the Configuration Database, which is always encrypted as per Azure SQL Security best practices.

Additionally, the new integration is compiled into a NuGet package which is stored in the Process Version Control Storage which is an Azure Blob Storage account. The blob storage account data is encrypted via AES 256.

Deploying the Process

The compilation sends a message notifying the Frends Agent of a new deployment request to the Agent Connectivity Queues which are Azure Service Bus queues. The queues are secured using SSL and accessed via SAS authentication by the Frends Agent.

The Frends Agent listens to new incoming messages in the queue and upon receiving a deployment notice the Agent connects to a specified Process Version Control Storage to retrieve the compiled Frends Process NuGet package. The connection is secured with SSL and authenticated via SAS authentication. After downloading the new package, the Agent simply loads the newly compiled libraries and Processes into use.

At this point the Agent is ready for the Process execution flow described next.

Process Execution logging

The illustration below describes the flow in Frends Architecture when a Process is executed.

Agent executes the Process

A Frends Agent processes an integration and all the messages/data within. In real time, status messages are sent to the Agent Connectivity Queues or Azure Service Bus queues. The connectivity between the queue and the Agent is secured using SSL and authenticated via SAS tokens.

Some of the logging data will be stored on the Agent locally, such as Process Instance details and Promoted Values, while the steps within the Process Instance are delivered for storage to the Azure Blob.

Frends Web App

The Frends Web App listens to incoming logging messages from all the queues created within that Frends Tenant.

Log storage

When an incoming logging message is received the message is first inserted into the Logging Database for monitoring purposes. The Database is Always Encrypted using AES 256.

Logging data is be split between the database and an Azure Blob Storage. The Blob Storage is used because it does not have performance bottlenecks in heavy load situations. Similar to the logging database, the data is Always Encrypted using AES 256. In this model the data is stored as encrypted, and GZIP’ed JSON data files are accessed by the Frends Web Application.

Optionally, if chosen by the customer, the Logging Database can be deployed outside the Frends Azure Virtual Network as a standard SQL Server. In this case the customer is responsible for the security of said database and the security of the data within the database.

Gathering logged data

The logging data is gathered by back-end server functionality within the Frends Web Application and exposed to the end user.

User access

Finally, the end user can access the data through the Azure WAF within the Frends Control Panel or UI.