diff --git a/docs/Deployment/apigateway.md b/docs/Deployment/apigateway.md new file mode 100644 index 000000000..e04999405 --- /dev/null +++ b/docs/Deployment/apigateway.md @@ -0,0 +1,53 @@ +--8<-- "References/abbreviations.md" + +Open AMT uses Kong as its open-source API gateway. Kong provides an entry point for external clients, anything not a part of the microservice system, and a comprehensive suite of plugins for various scenarios. Various alternatives exist such as [Azure API Gateway](https://learn.microsoft.com/en-us/azure/architecture/microservices/design/gateway) or [Amazon API Gateway](https://aws.amazon.com/api-gateway/). + +Details on which ports must be exposed and what protocols are used are found below. + +## Protocols + +### Open AMT Services Protocols + +| Service | Protocol | Description | +| --------------- | --------- | ------------------------------------------------------------------------------------ | +| Sample Web UI | HTTPS | Front-end Webserver | +| MPS | HTTPS | REST API calls | +| | WSS | Redirection (KVM/SOL) sessions with AMT devices | +| MPS Router | HTTPS | | +| RPS | HTTPS | REST API calls | +| | WSS | Device Activation, Configuration, and Maintenance over Websocket connection with RPC | + +## Ports + +### Open AMT Ports + +#### Microservices + +| Service | Port | Description | Existing Kong Routes | +| --------------- | ----- | -------------------------------------------------------------------------------------- | --------------------------------------- | +| Sample Web UI | 80 | Serve the Sample Web UI to the browser | `/` | +| MPS | 3000 | Redirection and REST API calls | `/mps`, `/mps/login/api/v1/authorize` | +| | 4433 | CIRA connection with AMT devices | N/A | +| MPS Router | 8003 | Routing calls to correct MPS instances. Relay for MPS Websocket connections | `/mps`, `/mps/ws/relay/(.*)` | +| RPS | 8080 | Device Activation, Configuration, and Maintenance over Websocket connection with RPC | `/activate` | +| | 8081 | REST API calls (e.g. CIRA Configs, Domains, Profiles) | `/rps` | + +#### Client + +| Service | Port | Description | +| -------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------- | +| Intel AMT HTTP | 16992 | Used for WS-Man messages to and from Intel AMT. Port is open over the network only when Intel AMT is configured or during configuration. It is always open locally. | +| Intel AMT HTTPS | 16993 | Used for WS-Man messages to and from Intel AMT when TLS is enabled. | +| Intel AMT Redirection/TCP | 16994 | Used for redirection traffic (SOL, Storage Redirection, and KVM using Intel AMT authentication). | +| Intel AMT Redirection/TLS | 16994 | Used for redirection traffic (SOL, Storage Redirection, and KVM using Intel AMT authentication) when TLS is enabled. | + +### Reference Services Ports + +The following are ports used by the default reference solutions used by Open AMT. These may vary or change based on custom implementations of Open AMT. + +| Service | Port | +| --------------- | ----- | +| Postgres | 5432 | +| Vault | 8200 | +| Kong | 8443 | +| Mosquitto | 8883 | diff --git a/docs/Deployment/overview.md b/docs/Deployment/overview.md index fd0134f6b..e225f36f3 100644 --- a/docs/Deployment/overview.md +++ b/docs/Deployment/overview.md @@ -4,7 +4,7 @@ To deploy the Open AMT Cloud Toolkit to a production environment, replace defaul ## Database Selection The Docker-based PostgreSQL* image used in `docker-compose.yml` provides enough functionality for proof-of-concept creation and development. However, to enable the toolkit for production, leverage a managed database instance offered by a public cloud provider or a database hosted by your internal IT. -Regardless of the deployment scenario (i.e., a VM, Kubernetes, Docker Swarm, a native environment), managing state in your cluster comes with a higher risk of data loss than that of a managed database instance. +Regardless of the deployment scenario (e.g. a VM, Kubernetes, Docker Swarm, or a native environment), managing state in your cluster comes with a higher risk of data loss than that of a managed database instance. ### Default Component @@ -58,6 +58,6 @@ The toolkit uses Kong as its open source API gateway. Kong provides an entry poi ### Example Replacements - [Azure API Gateway](https://docs.microsoft.com/en-us/azure/architecture/microservices/design/gateway) -- [Amazon API Gateway](https://docs.microsoft.com/en-us/azure/architecture/microservices/design/gateway) +- [Amazon API Gateway](https://aws.amazon.com/api-gateway/) - [Google Cloud Endpoints](https://cloud.google.com/endpoints) - [Tyk](https://tyk.io/) \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index f953c05ad..56e389a03 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -49,6 +49,7 @@ nav: - Troubleshooting: Reference/troubleshooting.md - Deployment: - Overview: Deployment/overview.md + - API Gateway: Deployment/apigateway.md - Database Replacement: Deployment/database.md - Secrets Management: Deployment/secrets.md - Upgrade Toolkit Version: Deployment/upgradeVersion.md