Learn how to set up multiple engines with Optimize and which scenarios are supported.
Possible multiple engines scenarios
There are two possible setups where multiple engines can be used:
Please check which scenario corresponds to your setup because the configuration of multiple engines to Optimize is not always suited for the best import performance.
There are two restrictions for the multiple engines feature:
- The engines are assumed to have distinct process definitions, which means that one process definition (same key and version) is not deployed on two or more engines at the same time. Alternatively each engine could be configured with default tenant identifiers as described in the One Tenant Per Engine Scenario
- The engines are assumed to have distinct tenant identifiers, which means one particular tenantId is not deployed on two or more engines at the same time.
Multiple engines with a distributed Database
In this scenario you have multiple engines distributed in a cluster, but this time each engine has its own database. See the following diagram for an illustration:
Now you are able to connect each engine to Optimize. The data will then automatically be imported into Optimize. The following diagram depicts the setup:
In order to set up the connections to the engines, you need to add the information to the configuration file. For the sake of simplicity, let’s assume we have two departments, sales and marketing, each having their own engine with its own database and processes. Both are accessible in the local network. The sales engine has the port
8080 and the marketing engine the port
1234. Now an excerpt of the configuration could look as follows:
engines: sales: name: default rest: http://localhost:8080/engine-rest authentication: enabled: false password: "" user: "" enabled: true marketing: name: default rest: http://localhost:1234/engine-rest authentication: enabled: false password: "" user: "" enabled: true
marketing are custom names that were choosen in order to later on distinguish where the data was originally imported from.
Multiple engines with a shared Database
In this scenario you have multiple engines distributed in a cluster, where each engine instance is connected to a shared database. See the following diagram for an illustration:
Now it could be possible to connect each engine to Optimize. Since every engine accesses the same data through the shared database, Optimize would import the engine data multiple times. There is also no guarantee that importing the same data multiple times will cause any data corruption. For this reason it is highly recommended to not use the setup depicted above.
Instead of a multiple engine scenario with a shared database, it might make sense to balance the work load on each engine during the import. To do that place a load balancer between the engines and Optimize, which ensures that the data is imported only once and the load is distributed among all engines. Thus, Optimize would only communicate to the load balancer. The following diagram depicts the described setup:
In general, tests have shown that the strain Optmize puts on the engine is very low and in almost all cases neglectable.
Authentication/Authorization in the multiple engine setup
When you configured multiple engines in Optimize, each engine can host different users with a different set of authorizations. If a user is logging in, Optimize will try to authenticate and authorize the user on each configured engine. In case you are not familiar of how the the authorization/authentication works for a single engine scenario, please checkout the User Access Management and Authorization Management documentation first.
To determine if a user is allowed to log in and which resources he is allowed to access within the multiple engine scenario, Optimize uses the following algorithm:
Given the user X logs into Optimize, go through the list of configured engines and try to authenticate the user X, for each successful authentication fetch the permissions for X from that engine and allow X to access Optimize if authorized by at least one engine.
To give you a better understanding of how that works, let’s take the following multiple engine scenario:
- Engine `marketing`: - User without Optimize Application Authorization: Scooter, Walter - User with Optimize Application Authorization: Gonzo - Authorized Definitions for Gonzo, Scooter, Walter: Lead Qualification - Engine `sales`: - User with Optimize Application Authorization: Piggy, Scooter - Authorized Definitions for Piggy, Scooter: Invoice Process - Engine `hr`: - User with Optimize Application Authorization: Gonzo - Authorized Definitions for Gonzo: Hiring
Here are some examples that might help you to understand the authentication/authorization procedure:
Piggylogged in to Optimize, she would be granted access to Optimize and create reports for the definition
Rizzologged in to Optimize, he would be rejected because the user
Rizzois not known to any engine
Walterlogged in to Optimize, he would be rejected despite being authorized to access the definition
Lead Qualificationon engine
Walterdoes not have the
Optimize Application Authorizationrequired to access Optimize.
Scooterlogged in to Optimize, he would be granted access to Optimize and create reports for the definition
Invoice Process. He wouldn’t get permissions for the
Lead Qualificationor the
Hiringdefinition, since he doesn’t have Optimize permissions on the
Gonzologged in to Optimize, he would be granted access to Optimize and create reports for the definition
Lead Qualificationas well as the
Hiringdefinition, since definitions authorizations are loaded from all engines the user could be authenticated with (in particular