# AppSealing On-Premise Architecture
AppSealing on-premise version has many modules and requires some external resources like “MySQL Server” and “ElasticSearch Service”. Diagram in Fig.1 shows the interactions between AppSealing modules.
Details of AppSealing Modules and external resources are listed below.
# List of AppSealing Internal Modules
|AppSealing Module Name||Description|
|ADC (AppSealing Developer Console)||Built-in Web Site for managing users, and handling Sealing Requests.|
|API||Restful API for handling Requests from ADC and CLI.|
|Internal API||Handling Interfaces between AppSealing modules.|
|Sealing Server||Provides RASP capability to the application files uploaded by the customer.|
|Users can request “Sealing” via ADC/CLI.|
|Log Scheduler||Collect Reports from mobile devices where AppSealing RASP is running.|
|Data Schedulers||Create Daily Statistics and Usage Report|
|Android CLI||Command Line Interface provided by AppSealing Service|
# List of External Resources
|MySQL||RDBMS. Version 5.6.10 or higher is required.|
|ElasticSearch Service||ElasticSearch Platform is a data store for collected Reports. Version 7.8.1 or higher is required.|
|Kibana||Kibana is an open-source analytics and visualization platform designed to work with Elasticsearch.|
# Proposed Kubernetes Architecture
This section explains the Kubernetes resources created as part of the deployment.
- Deployment: Deployment means each module, means each container with no of replicas( like minimum and maximum no of containers).
- Service: To access each module/replica set container, we need to create a service and link it with each replica set i.e ClusterIP for internal communication, NodePort for outside/internal communication and LoadBalancer is for outside/internal communication.
- PersistentVolume: PersistentVolume can be anything(e.g. Google Cloud Storage, AWS EBS, EFS or NFS Volume).
- PersistentVolumeClaim: To access PersistentVolume, first we need to create PersistentVolumeClaim and link that Claim with each ReplicaSet.
- ConfigMap: Configmap is the mapping of configuration files, it is used for keeping the configuration variables like version number or some other config variables.
- Secrets: Secrets are used for keeping the secrets like username or password or some other sensitive information.
- ServiceAccount: ServiceAccount is like some user-specified for some task or common user used to perform some operations. We will discuss more in detail during implementation.
- Role: Role is for restricting the user to do some tasks which are not specified for it.
- NameSpace: Namespace is a space where we deploy all the components, It is like a project which contains all the components/modules.