Ctrl+K
⚠️ This document is work in progress. Feedback is welcome. ⚠️

Nubus for Kubernetes - Architecture Manual 0.1.6

Capability mapping

2.3. Capability mapping#

This section maps the capabilities outlined in Capabilities to the functional components outlined in Functional components. It describes which functional component provides which capability in Univention Nubus. The structure follows the perspectives from the capabilities.

2.3.1. End user perspective#

Fig. 2.11 shows the functional components involved in realizing the User account self service, Uniform integrated user interface, and Single Sign-On / Single Sign-Out capabilities. It shows the dependency chain of the functional components that play a critical role in achieving the capabilities outlined.

Capability mapping for end user perspective

Fig. 2.11 Capability mapping for end user perspective#

Identity Store and Directory Service

The Identity Store and Directory Service is the starting point of functional components to realize the capabilities in the end user perspective. The Identity Store provides its functionality to the Directory Manager, Portal, and Identity Provider functional components.

Identity Provider

The Identity Provider is the functional component to realize the Single Sign-On / Single Sign-Out capability. It also provides its functionality to the Authorization Service functional component.

Portal

The Portal Service is the functional component that participates in the realization of the Uniform integrated user interface and Single Sign-On / Single Sign-Out capabilities. It uses the functionality of the Identity Store and Directory Service, and Management UI functional components.

Directory Manager

The Directory Manager uses the functionality from the Identity Store and Directory Service. It provides its functionality to the Management UI and Authorization Service functional components.

Authorization Service

The Authorization Service uses the functionality from the Directory Manager and the Identity Provider. It provides its functionality to the Management UI functional component.

Management UI

The Management UI uses the functionality from the Directory Manager and the Authorization Service. It provides its functionality to the Portal and End User Self Service functional components.

The Management UI also realizes the Uniform integrated user interface capability together with the Portal functional component.

End User Self Service

The End User Self Service uses the functionality from the Management UI. It realizes the User account self service capability.

2.3.2. Provider and operation perspective#

Fig. 2.12 shows the functional components involved in realizing the Operation in Kubernetes cluster, Management of user accounts, DVS compatible, and Integration with external IAM systems capabilities. It shows the dependency chain of the functional components that play a critical role in achieving the capabilities outlined.

The capabilities Operation in Kubernetes cluster and DVS compatible don’t have direct relationships to functional components of Nubus. However, the architecture of Nubus plays an important role in realizing these capabilities.

Capability mapping for provider and operation perspective

Fig. 2.12 Capability mapping for provider and operation perspective#

Identity Store and Directory Service

The Identity Store and Directory Service is the starting point of functional components to realize the capabilities in the provider and operation perspective. The Identity Store provides its functionality to the Directory Manager functional component.

Directory Manager

The Directory Manager uses the functionality from the Identity Store and Directory Service. It provides its functionality to the Management UI and IAM Connector functional components.

Management UI

The Management UI uses the functionality from the Directory Manager. It provides its functionality to the End User Self Service functional component.

The Management UI realizes the Management of user accounts capability together with the End User Self Service functional component.

End User Self Service

The End User Self Service uses the functionality from the Management UI. It realizes the Management of user accounts capability together with the Management UI capability.

IAM Connector

The IAM Connector uses the functionality from the Directory Manager. It realizes the Integration with external IAM systems capability.

2.3.3. Development and governance perspective#

Fig. 2.13 shows the functional components involved in realizing the Support & Maintenance, Integration of components and applications, and Available as Open Source Software capabilities.

The capabilities Support and Maintenance and Available as Open Source Software don’t have a direct relationships to the functional components of Nubus. However, the availability of the source code and the professional support and maintenance by Univention play an important role in the realization of these capabilities.

Capability mapping for development and governance perspective

Fig. 2.13 Capability mapping for development and governance perspective#

Intercom Service

The Intercom Service plays a critical role to achieve the Integration of components and applications capability together with the Provisioning Service functional component.

Provisioning Service

The Provisioning Service plays a critical role to achieve the Integration of components and applications capability together with the Intercom Service functional component.

On this page