Alpana Platform is composed of :
- Alpana Designer : the development tool for creating Data Sources, Widgets, Dashboards
- Alpana Server : the website deployed for sharing content
- Alpana Mobile : the mobile app used for viewing on mobile devices
- Alpana Update File Dependency : the external tool for the live update of file-based connections.
An external tool may also be used for demonstration purposes, but is provided on-demand and with no warranty :
- Alpana Real Time Data : an external tool to demonstrate realtime features of the API
Roles of the Components and Users
Alpana Designer for Creating content
Alpana Designer is a desktop application that allows to connect to data and create the visualizations.
“Developer” users create content using Alpana Designer : Widgets, Dashboards, Data Sources.
Alpana Server for Sharing content
Alpana Server is a website application that allows to make use of the content : display and interact with visualizations, export, notify, socialize.
“Business” users connect to content on Alpana Server using either :
- a desktop web browser
- the Alpana Mobile app for mobile devices
Each time the content is displayed, it is updated with live queries to your data.
Developer users share/publish content on Alpana Server for Business users to consume.
“Administrator” users manage the content and access on Alpana Server.
Alpana Update File Dependency for updating file content
Developer users deploy Alpana Update File Dependency if they need to display file-based data inside their content, and if they need this data to be updated.
Where to install ?
To choose where to install Alpana Server, remember that it’s a website that must :
- be accessible by the Business users from desktop or mobile
- be able to access your data to make fast queries
- be able to access its own local resources appropriately (local database, CPU/disk/RAM, …)
See also the software and hardware pre-requisites.
Alpana Designer doesn’t have to be installed on the same machine as Alpana Server.
Depending on your license, you can make several installations of Alpana Designer.
Keep in mind that for developing :
- you must have access to your data from the machine where Alpana Designer is installed
- if you have access to Alpana Server from this machine, you can publish directly. If not, you can still publish manually.
See also the pre-requisites.
Alpana Update File Dependency
- doesn’t need to be installed if you don’t need to publish file-based live data
- must have the required file system access to read the files you need to update
- must have the required network access to reach Alpana Server
- can be installed on several machines, for example if you need to read several files from different machines
Alpana security model
Alpana Server is offered as an on-premise installation that is administered by the customer (code192 does not offer it as a service).
Alpana Server is a website hosted on Microsoft IIS where users can login with different methods.
The application is developed using the latest web technologies, always maintained up-to-date for security reasons.
The application model, including user login information, is stored inside a Microsoft SQL database, and the customer is responsible for configuring the security of this database.
Information for the Alpana process to login to the SQL database is stored in the file system in the installation folder, and the customer is responsible for securing this folder.
Process data is not hosted by Alpana. Alpana only configures queries to the source data stores.
Configured Alpana objects (Dashboards, Widgets, Data Sources) are stored in the SQL database and secured at the database level.
Transport layer security
Access to the website can be configured through HTTPS in order to ensure security at the transport layer.
The security of user access to visualizations is managed through the login system and the internal permission system.
Login methods to Alpana Server include : – user accounts fully hosted by Alpana – Active Directory accounts imported through LDAP – Active Directory accounts authenticated through ADFS (SSO) – other SSO methods
Users can access visualizations through multiple entry points, all secured in the same way :
- desktop web browser
- native mobile app
- Alpana Designer
- web API
- native app for OMI
- embedded inside another tool
Administrators have several tools to help with security :
- They can enforce password complexity rules.
- They can force users to activate their account through e-mail.
- They can impersonate users for administration purposes.
Access to process data is configured by the developer user inside Alpana Designer.
Credentials to access process data are configured inside the corresponding Connection.
Queries to those connections are stored in Data Sources.
All this information is stored in encrypted form inside the Alpana objects : Data Source objetcs, Widget objects, Dashboard objects.
When published, they are stored in the Alpana SQL database.
When downloaded, they are stored as an encrypted file.
Some process data may be copied temporarily for processing (see an explanation of the Buffer).
Alpana Server can define a dedicated table to host user input (see an explanation of the Runtime Connections)
Access from external applications
In the current OMI app, the below login model has been implemented.
A developer user configures an OMI layout to contain the Alpana app, they provide login information to Alpana Server, select a visualization that they wish to display, and configure it.
When an OMI user will browse to that layout, they will see the visualization thanks to login information configured by the developer.
Making queries to Alpana Server from another website is blocked by default (Cross-origin resource sharing / CORS).
Alpana Server allows to configure exceptions to that rule.