Versions Compared

Old Version 27

changes.mady.by.user svc_ayfie_onedrive@ayfie.com

Saved on

compared with

New Version 28

changes.mady.by.user svc_ayfie_onedrive@ayfie.com

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Markdown
- [Introduction](#introduction)
- [Ayfie Nexus](#ayfie-nexus)
- [PowerShell Modules](#powershell-modules)
- [Docker Engine](#docker-engine)
    - [Installing Docker Manually](#installing-docker-manually)
- [Docker Registry](#docker-registry)
- [Online License](#online-license)
- [Resolving Host IP](#resolving-host-ip)
- [External Microsoft SQL Server Database](#external-microsoft-sql-server-database)
- [Connector Source Systems](#connector-source-systems)
- [Authority Service External Communication](#authority-service-external-communication)
- [Personal Assistant External Communication](#personal-assistant-external-communication)

# Introduction
The Saga host server must have Internet access to the sites described in this article to function. Connections to all other sites can be blocked.

# Ayfie Nexus

The table below lists all Nexus feeds used to download Saga and connectors. Access to **go.microsoft.com** is required to register Nexus package sources.

|URLs                                                              |Purpose                                        |Optional                                         |Occurrence                                            |
|:-----------------------------------------------------------------|:----------------------------------------------|:------------------------------------------------|:-----------------------------------------------------|
|https://nexus.ayfie.dev/repository/Raw-Hosted/locator-releases    |Downloading the Saga install script.           |Yes. Script can be provided manually.            |During Saga installation and restarts.                |
|https://nexus.ayfie.dev/repository/nuget-sdk/                     |Downloading the Saga install bundle.           |Yes. Bundle can be provided manually.            |During Saga installation and restarts.                |
|https://nexus.ayfie.dev/repository/connector-installer/           |Downloading connector installers.              |Yes. Installer packages can be provided manually.|During Saga and connector installations and restarts. |
|https://nexus.ayfie.dev/service/rest/v1/assets                    |Downloading connector installers.              |Yes. Installer packages can be provided manually.|During Saga and connector installations and restarts. |
|https://nexus.ayfie.dev/service/rest/v1/repositories              |Downloading connector installers.              |Yes. Installer packages can be provided manually.|During Saga and connector installations and restarts. |

# PowerShell Modules

Saga may require these two PowerShell modules during installation and restarts:

|PowerShell Module |Purpose                                                                                                                                                  |
|:-----------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------|
|CredentialSpec    |Used to configure gMSA account for Docker containers. Used only if Saga uses Active Directory as primary authentication realm.|

If module above is needed and not already installed, then the Saga installer will require access to these sites:
 - www.powershellgallery.com
 - onegetcdn.azureedge.net
 - psg-prod-centralus.azureedge.net
 - psg-prod-eastus.azureedge.net

# Docker Engine

Saga requires Docker and Docker Compose. The Saga installer installs these automatically if they are not already installed. For that access to the following FQDNs is required:
 - download.docker.com
 - github.com
 - *.githubusercontent.com

## Installing Docker Manually
These are the steps to install Docker and Docker Compose manually if one chose to not have the Saga installer do it automatically:

- Docker:
  - Download the Docker install script from `https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1`
  - Run the downloaded install script from within a directory for which there is no space character in the directory's path

- Docker-Compose:
  - Run the command: `Invoke-WebRequest "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Windows-x86_64.exe" -OutFile $env:windir\System32\docker-compose.exe` to install Docker-Compose in directory "C:\Windows\System32"

# Docker Registry

Saga consists of multiple Docker containers, depending on the configuration. All Docker images are maintained by ayfie. The table below lists all containers and the images they are created fromSaga consists of multiple Docker images. These images are hosted at [Dockerhub](https://hub.docker.com) under the *ayfiehub* organization (except the ayfie-chat-db service, see the table below).  To benefit from these images, *Authentication* and *Docker Pull/Push* must be set in Docker's [allow-list](https://docs.docker.com/desktop/allow-list/).

At the time of writing the allow-list from Docker are:
- https://auth.docker.io
- https://cdn.auth0.com
- https://login.docker.com
- https://hub.docker.com
- https://registry-1.docker.io
- https://production.cloudflare.docker.com

For simplicity one can allow any *docker.com*, *docker.io* and https://cdn.auth0.com URL. If one prefer to be more restrictive, then one can consult the table below to obtain the exact URLs of all Docker images used by Saga. However, it is our experience that one can end up being redirected to *www.docker.com* in which case one has to include that variant of the URLs as well.

|Docker Container            |Docker Image Registry URLs                                                                                                                                        |Optional |
|:---------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
|ayfie-locator               | docker.io/ayfiehub/locator:\*, registry-1.docker.io/v2/ayfiehub/locator/blobs/\*, registry-1.docker.io/v2/ayfiehub/locator/manifests/\*                          |No       |
|ayfie-search-ui             |docker.io/ayfiehub/search-ui:\*, registry-1.docker.io/v2/ayfiehub/search-ui/blobs/\*, registry-1.docker.io/v2/ayfiehub/search-ui/manifest/\*                      |No       |
|ayfie-lingo                 |docker.io/ayfiehub/lingo:\*, registry-1.docker.io/v2/ayfiehub/lingo/blobs/\*, registry-1.docker.io/v2/ayfiehub/lingo/manifests/\*                                 |No       |
|ayfie-saga-authority        |docker.io/ayfiehub/gateway-keycloak:\*, registry-1.docker.io/v2/ayfiehub/gateway-keycloak/blobs/\*, registry-1.docker.io/v2/ayfiehub/gateway-keycloak/manifests/\*|No       |
|ayfie-saga-document         |docker.io/ayfiehub/document:\*, registry-1.docker.io/v2/ayfiehub/document/blobs/\*, registry-1.docker.io/v2/ayfiehub/document/manifests/\*                        |No       |
|ayfie-saga-gateway          |docker.io/ayfiehub/traefik:\*, registry-1.docker.io/v2/ayfiehub/traefik/blobs/\*, registry-1.docker.io/v2/ayfiehub/traefik/manifests/\*                           |No       |
|ayfie-saga-licensing        |docker.io/ayfiehub/licensing:\*, registry-1.docker.io/v2/ayfiehub/licensing/blobs/\*, registry-1.docker.io/v2/ayfiehub/licensing/manifests/\*                     |No       |
|ayfie-saga-converter        |docker.io/ayfiehub/converter:\*, registry-1.docker.io/v2/ayfiehub/converter/blobs/\*, registry-1.docker.io/v2/ayfiehub/converter/manifests/\*                     |No       |
|ayfie-saga-connector-broker |docker.io/ayfiehub/connector-broker:\*, registry-1.docker.io/v2/ayfiehub/connector-broker/blobs/\*, registry-1.docker.io/v2/ayfiehub/connector-broker/manifests/\*|No       |
|ayfie-saga-index            |docker.io/ayfiehub/solr:\*, registry-1.docker.io/v2/ayfiehub/solr/blobs/\*, registry-1.docker.io/v2/ayfiehub/solr/manifests/\*                                    |No       |
|ayfie-saga-index-coordinator|docker.io/ayfiehub/zookeeper:\*, registry-1.docker.io/v2/ayfiehub/zookeeper/blobs/\*, registry-1.docker.io/v2/ayfiehub/zookeeper/manifests/\*                     |No       |
|ayfie-queue                 |docker.io/ayfiehub/kafka:\*, registry-1.docker.io/v2/ayfiehub/kafka/blobs/\*, registry-1.docker.io/v2/ayfiehub/kafka/manifests/\*                                 |No       |
|ayfie-saga-db               |docker.io/ayfiehub/postgres:\*, registry-1.docker.io/v2/ayfiehub/postgres/blobs/\*, registry-1.docker.io/v2/ayfiehub/postgres/manifests/\*                        |Yes. Used only if Saga is configured to run with PostgreSQL database. |
|ayfie-saga-db-ui            |docker.io/ayfiehub/pgadmin:\*, registry-1.docker.io/v2/ayfiehub/pgadmin/blobs/\*, registry-1.docker.io/v2/ayfiehub/pgadmin/manifests/\*                           |Yes. Used only if Saga is configured to run with PostgreSQL database. |
|ayfie-saga-metrics          |docker.io/ayfiehub/prometheus:\*, registry-1.docker.io/v2/ayfiehub/prometheus/blobs/\*, registry-1.docker.io/v2/ayfiehub/prometheus/manifests/\*                  |Yes. Used only if Metrics are enabled. |
|ayfie-saga-metrics-ui       |docker.io/ayfiehub/grafana:\*, registry-1.docker.io/v2/ayfiehub/grafana/blobs/\*, registry-1.docker.io/v2/ayfiehub/grafana/manifests/\*                           |Yes. Used only if Metrics are enabled. |
|ayfie-saga-metrics-exporter |docker.io/ayfiehub/cstatsexporter:\*, registry-1.docker.io/v2/ayfiehub/cstatsexporter/blobs/\*, registry-1.docker.io/v2/ayfiehub/cstatsexporter/manifests/\*      |Yes. Used only if Metrics are enabled. |
|ayfie-saga-scheduler        |docker.io/ayfiehub/scheduler:\*, registry-1.docker.io/v2/ayfiehub/scheduler/blobs/\*, registry-1.docker.io/v2/ayfiehub/scheduler/manifests/\*                     |Yes. Used only if Report Engine is enabled. |
|ayfie-saga-notification     |docker.io/ayfiehub/notification:\*, registry-1.docker.io/v2/ayfiehub/notification/blobs/\*, registry-1.docker.io/v2/ayfiehub/notification/manifests/\*            |Yes. Used only if Report Engine is enabled. |
|ayfie-report-engine         |docker.io/ayfiehub/report-engine:\*, registry-1.docker.io/v2/ayfiehub/report-engine/blobs/\*, registry-1.docker.io/v2/ayfiehub/report-engine/manifests/\*         |Yes. Used only if Report Engine is enabled. |
|ayfie-report-engine-ui      |docker.io/ayfiehub/report-engine-ui:\*, registry-1.docker.io/v2/ayfiehub/report-engine-ui/blobs/\*, registry-1.docker.io/v2/ayfiehub/report-engine-ui/manifests/\*|Yes. Used only if Report Engine is enabled. |
|ayfie-smart-classifier      |docker.io/ayfiehub/smart-classifier:\*, registry-1.docker.io/v2/ayfiehub/smart-classifier/blobs/\*, registry-1.docker.io/v2/ayfiehub/smart-classifier/manifests/\*|Yes. Used only if Smart Classifier is enabled. |
|ayfie-chat                  |docker.io/ayfiehub/chat:\*, registry-1.docker.io/v2/ayfiehub/chat/blobs/\*, registry-1.docker.io/v2/ayfiehub/chat/manifests/\*                                    |Yes. Used only if Personal Assistant is enabled. |
|ayfie-chat-worker           |docker.io/ayfiehub/chat:\*, registry-1.docker.io/v2/ayfiehub/chat/blobs/\*, registry-1.docker.io/v2/ayfiehub/chat/manifests/\*                                    |Yes. Used only if Personal Assistant is enabled. |
|ayfie-chat-db               |docker.io/jcreach/redis:\*, registry-1.docker.io/v2/jcreach/redis/blobs/\*, registry-1.docker.io/v2/jcreach/redis/manifests/\*                                    |Yes. Used only if Personal Assistant is enabled. |

Additionally dockerDocker is using these URLs:
- https://production.cloudflare.docker.com/\*
- https://auth.docker.io/\*
- https://registry-1.docker.io/v2/\*
- https://docker.io/v2/ayfiehub/\*

# Online License

The license can be activated offline with a license file or online with a license key. The latter requires access to **activate.virtualworks.com**.

# Resolving Host IP

Saga installer attempts to resolve host IP by contacting **internetbeacon.msedge.net**. This is skipped if host IP address is provided manually.

# External Microsoft SQL Server Database

If Saga is set up with an external Microsoft SQL Server (see earlier section), then Saga will also be connecting to that server. By default Microsoft SQL Server uses port 1433.

# Connector Source Systems

Connectors require access to the source system from which they are to retrieve data. See [connector documentation](https://ayfie-dev.atlassian.net/wiki/spaces/SAGA/pages/2928246816/Ayfie+Connector+Data+Sheets) for details.

# Authority Service External Communication

If Authority Service is configured to use Azure Active Directory as identity provider, access to **login.microsoftonline.com** is required.

# Personal Assistant External Communication

If Personal Assistant is enabled and configured, access to the following URLs is required:
- https://ayfie-dev-openai-fr.openai.azure.com/*
- https://api.openai.com/v1/*
- https://openaipublic.blob.core.windows.net/encodings/cl100k_base.tiktoken

...