The CloudPiston Platform is designed to receive, solicit, validate, transform, present, protect, encrypt, decrypt, analyze, aggregate, export, and retrieve information
in the form of text and binary files. It is optimized for business processes that last from a few minutes to several months. It can integrated with long-term storage providers such as Amazon,
Rackspace, and Azure for indefinite storage of near infinite capacity.
The CloudPiston Platform is delivered as a managed Platform as a Service in a configuration that is designed for security, scalability, availability, and recoverability.
Applications that run on the CloudPiston Platform are called PALs, an acronym which stands for Platform AppLications or Platform Application Layer. Creating and managing pals requires web development
skills including a working knowledge of XHTML, CSS, and JavaScript as well as the ability to work with an API (Application Programming Interface).
Pals are developed using our Pal Builder IDE (Integrated Development Environment). Access to pals for development purposes is controlled by an enterprise administrator by granting
development permissions to an enterprise profile associated with an authenticated user.
Each user of a CloudPiston cloud is granted a personal profile by the system and zero or more enterprise profiles by the enterprises using the cloud. The data and pals
for each enterprise are logically separated. The enterprise owns the data it produces and can export this data to back-end systems using various means provided by the platform.
Different types of Pals exist for different purposes as outlined below.
Test
Test pals are those that exist in development mode and can be modified using Pal Builder. All Pals typically start out as test.
Deployed
Deployed pals are static copies of test (development) pals. Deployed pal code cannot be changed except through modifications to the corresponding test pal and re-deployment.
Repository
Repository pals are stored in such a way that they are permitted to grow larger in size than a typical pal. These types of pals are used
for storing large artifacts that don't change much such as PDF or image files. They can be accessed by other pals through a repository configuration within the pal
or through a pal chain.
Skin
Skin pals are designed to be the "face" of another pal. When the rendering engine accesses content such as CSS or images, skin pals associated with the runtime pal are checked first.
Shell
Shell pals are created and managed via an API and by a parent "Shell Pal Manager" pal. They are backed by a pal chain. They are typically used in a white-label scenario where one enterprise
can provide multiple copies of a single pal, each with its own customized branding or functionality.
Shadow
Shadow pals are copies of test pals for team development purposes. You can create a shadow of a test pal and work on individual components of the pal then commit those changes
back to the parent pal.
Linked
Linked pals are pals obtained from the store. They are empty pointers to a common code-base maintained by the store owner. Linked store pals permit many different
enterprises to run the same copy of the pal within their own enterprise without having the code. Linked pals can be deployed through the store with automatic or manual updates.
Module
Module pals are designed to hook into an existing pal and provide extended functionality. These pals contain a structure that prevents name clashing on file-based resources.
System
Each cloud has a set of system pals for handling common functionality for all enterprises and users. These pals can be locked to the cloud (preventing update over-rides) and customized as needed. System
pals use an "Internal" API that extends the public API and provides deeper security access to the cloud.
Various workflow engines exist on the Cloudpiston Platform. These engines run workflow on the server and typically return the results of their processing.
Console
This workflow engine is for an authenticated user/profile and is browser based.
Console System
This non-user, daemon-based workflow engine is accessed through JobManager by creating and scheduling jobs.
Console Web Service
This non-user, web-service-based workflow engine is accessed through a web service account and our REST or SOAP based web service API.
Transaction
This workflow engine is for an authenticated user/profile and is browser based. It is primarily used for accessing and interacting with a Transaction Packet.
Transaction System (Deprecated)
Developers should avoid using this workflow engine. Instead, use the Console System workflow engine and pass the transaction ID to that engine for working with the transaction.
Transaction Web Service
This non-user, web-service-based workflow engine is accessed through a web service account and our REST or SOAP based web service API. It is designed for working
with a specific Transaction Packet.
Web
This workflow engine is exposed to the open Internet. It is usually browser based. The user, if any, is non-authenticated.
Tunnel
This workflow engine is used for web-service-based communication between pals, enterprises, or clouds.
User
This workflow engine is a non-browser, web-service based engine. Authentication is associated with a specific profile.
Pals are associated with activation keys. These keys define resource limits, permitted services, and pricing.
Global Keys
In some cases an activation key may be associated
with an entire enterprise in which case all pals within the enterprise are associated with the key. Additionally, one enterprise may pay for the services of another
enterprise through a global activation key on a multi-tenant cloud. On a single-tenant cloud, a cloud level global key may be configured whereby all enterprises on the
cloud have access to the same services and resource limits and fees for these services are paid by a cloud level owner.
Various features exist for working with or running pals.
Pal Manager
Pal Manager is a browser-based tool for creating, configuring, viewing, and deploying pals. User profiles are granted access to Pal Manager through groups.
Pal Builder
Pal Builder is an IDE for creating, testing, developing, and deploying pals. User profiles are granted access to Pal Builder through groups.
Branches
A branch is a copy of a test pal. Branches of a deployed pal are used whenever a developer needs to make
a fix to the deployed pal but the main test pal has too many untested changes to introduce. The developer can make a branch, fix the pal in the branch, deploy it, then copy the fix into the main test pal.
Pal Chains
Pal chains provide the ability to group up to 5 pals (including the runtime pal) into a single entity. When part of a chain, the runtime pal has access to all the
resources of the chain as if it was one large pal. Pal chains are created and associated with a group and can be test or deployed.
Inline Pals
Inline pals are pals that run within another pal via the c:ipal tag. The tag creates an inline frame and runs the target pal within the frame.
Source Control
Source control repositories can be created and associated with a pal. These repositories can be local or remote (for example an AWS S3 bucket). Developers
can save copies of their pals as they develop and refer and revert to these prior copies as needed.
Pal Store
Each cloud has a pal store. Pals can be designed in such a way that they are compatible for deployment through the store and distributed to other enterprises.
Resource Pals
Pals can be designed for cloud level sharing of resources. These pals can then be deployed and used globally through the c:resource tag with a pal attribute.
Template Pals
Pals can be designed as templates and distributed through the store. On a given cloud, when creating a new pal from Pal Builder, the templates database is queried and the developer can
choose one of these templates as a starting pal.
Deployment Groups
Deploying multiple individual pals one at a time can be a tedious process. Deployment groups allow you to associate multiple pals together in a specified order and deploy all of them in one step.
The CloudPiston Platform provides various locations for storing information. All of these (except the temporary caches) are backed by redundant physical storage.
Transaction Packet
The transaction packet is a container for storing documents, attachments, and various data structures including wizard data. Transaction packets can be serialized and exported
as a single XML file with a wrapping digital signature, alternately encrypted. These exported packets can then be transferred to another cloud or to long term storage or consumed by third parties or back-end systems.
Console Packet
The console packet is a container for storing key/value and list structures. It's main usage is for storing configuration settings for a Console Pal.
Profile Packet
The profile packet is a container for storing key/value and list structures. It's main usage is for storing profile settings for a Console Pal. It is accessible only by the profile that created it.
Pal Cache
The pal cache is accessed via the CacheManager API. The cache can be used for the temporary or long term storage of information including files. These items are accessible only to the pal.
Enterprise Cache
The Enterprise cache is accessed via the CacheManager API using enterprise scope. Like the Pal cache, this cache can be used for the temporary or long term storage of information including files.
Anything put in this cache is available to all Pals within the enterprise.
Cloud Cache
The Cloud cache is accessed via the CacheManager API using cloud scope. Like the pal and enterprise cache, this cache can be used for the temporary or long term storage of information including files.
Anything put in this cache is available to all enterprises and pals on the cloud. Any Pal can read/write/over-write items in this cache.
Datasets
Datasets are storage structures defined in the pal. They are similar to database tables but are accessed through APIs rather than SQL statements.
Cubes
Cubes provide an API driven object store with a dataset-like query interface. Storage limits for cubes are controlled at the cloud, enterprise, and pal levels.
Storage Providers
Storage providers are third-party object storage companies that provide long-term storage via web service connections. Currently these include AWS S3, Azure, and Rackspace.
CDNs (Content Delivery Network)
CDNs are technically not a storage location as much as they are a cache. Storage Providers can be configured to use CDNs making it possible to serve images and other content to the browser from these locations.
The CloudPiston platform is designed and tested for security. The responsibility is a shared responsibility, giving developers control over part of the security burden.
Users
User accounts are password protected and audited. Personal security settings let the user control IP and user-agent switching. Enterprises can dictate password security policies
for any user with an enterprise profile. These policies dictate the strength of the password and the frequency for changing it.
Enterprises
Clouds are divided into independent organizations called enterprises. These entities are logically separated.
Profiles
Each user on a CloudPiston cloud has one or more profiles. Each user has a personal profile and enterprises can grant access to an enterprise profile.
Permissions
Profiles can be granted permissions within an enterprise. Doing so grants the owner (user) of the profile rights to perform duties granted by the permission such as
adding other profiles, creating groups, administering zones, etc.
Groups
Groups define permissions on pals and pal artifacts. Pals and profiles are added to groups and the permissions defined dictate behavior of profiles within the group.
Roles
Roles exist only for transactions. They are created by the API and are used by the platform for accessing transactions and signing documents.
Web Service Accounts
Web service accounts are designed for remote back-end systems to authenticate and integrate with our web service based workflow engines and endpoints. See Web Services.
User Web Service
User web service accounts provide access to the user workflow engine for a given profile. These accounts are designed for mobile and desktop applications.
Third Party Single Sign On
Through the use of secure web pals (web pals running over https), developers can implement almost any authentication scheme (such as SAML) and give these authenticated
users restricted access to a profile and its enterprise.
Connectors
Connectors are secured credentials for outbound communication to third parties. Connectors support multiple protocols including HTTP/S, FTP, SFTP, FTPS, etc. Pals access
the connectors by name without having to store the credentials within the pal.
Tunnels
Tunnels are communication channels between CloudPiston instances. A tunnel can exist within the same cloud or enterprise for enterprise to enterprise or pal to pal communication. A tunnel
can exist between pre-configured clouds for cloud to cloud communication. Management tunnels can also be configured for transporting copies of a pal from one location to another for development and deployment purposes.
Zones
Pals can access resources and functionality independent of the access controls of the logged in user by using zones. A zone grants certain controls to pals rather than to profiles. A pal must be associated with
a zone in order to use its permissions.
API
Several API level security features exist including the ability to create encryption keys and work with encrypted data at different levels. See for example EncryptionUtil.