Core Components Overview
The Five Safes TES Weave comprises of a number of services which would usually be hosted separately.
These are listed below, along with a short description of their function, and with the local web addresses and user accounts.
These user accounts are only intended to be used in the All-In-One Quickstart for demonstration purposes. If you deploy this stack in a production environment then these must be changed.
Submission Layer
Submission UI
This is the front page of the stack, which any researchers interacting with the service will use. Approved researchers can submit tasks to a Project using the API or by interacting with the UI.
Hosted at : localhost:7220
Login credentials
Username: globaladminuser
Password: password123Submission API
Backend logic for the Submission Layer.
Hosted at: localhost:5034
The Swagger UI for this service is hosted at localhost:5034/swagger.
TRE Layer
TRE UI
The TRE UI is a web application that allows users to manage the TRE.
Hosted at : localhost:8989
Login credentials
Username: globaladminuser
Password: password123TRE API
Backend logic for the TRE service or TRE Agent.
Hosted at: localhost:8072
The Swagger UI for this service is hosted at localhost:8072/swagger.
TRE-Camunda
This service holds core logic handlers to help TRE-Agent manage user credentials to access the TRE’s database. In combination with Camunda, Vault and LDAP serivces, it facilitates the creation and revoking of ephemeral user accounts to access the TRE’s database.
Camunda
Camunda comprises of a workflow engine and a task list. It is used to manage the workflow of the credential management process. There are three main components to operate with Camunda:
orchestration: a consolidated service that combines Zeebe + Operate + Tasklist. Read more here.connectors: a service that allows for the integration of Camunda with other services. For example,TRE-Agentwill triggerorchestration’s workflows by sending requests toconnectors.elasticsearch: a service that allows for the storage of Camunda’s workflow data.
Vault
Vault is used to store and track the ephemeral user credentials for the credential management process. In short, Camunda will create the ephemeral user credentials and store them in Vault. Then, the TRE-Agent will retrieve the credentials from Vault to access the TRE’s database.
LDAP (openldap and phpldapadmin)
These services are used to manage Trino’s ephemeral user accounts for the stack.
Egress
The Egress API handles egress requests. Once a task is finished executing the results are then waiting for approval in the Egress layer. Once results are approved/rejected it sends an update to the TRE Agent.
Hosted at : localhost:8100
Login credentials
Username: globaladminuser
Password: password123Backend Services
KeyCloak Server
Keycloak is used for user authentication & user management across all three layers.
Hosted at : localhost:8085
Login credentials
Username: admin
Password: adminSeq Activity Logs
Activity logs for the stack.
Hosted at: localhost:5341
MinIO
These are the object stores for the stack.
Submission Minio
Submission Layer MinIO stores any inputs and after execution, stores the results for a submission.
Hosted at: localhost:9000
Username: minio
Password: minio123TRE Minio
TRE Agent MinIO, stores any inputs copied over from the Submission layer, and the results of the analysis.
Hosted at: localhost:9002
Username: minio
Password: minio123