Profiles
This page contains the description of Environment and User Profiles. They are explained below and are two parts that influences the dynamic deployment of processes at runtime.
You can see in the picture, that there are others parts that influence the deployment:
- Process Constraints: are constraints/configurations given by a Portable Process or a Process Activity.
- Engine configuration: are individual configurations for one PROCEED Engine, e.g. if you want to debug one Engine, you can set its log level to debug. This keys can individually be changed.
The Decider considers all these Constraints and makes his decision where to deploy the process next.
Environment Profiles have the same config keys as User Profiles but different ones as the Engine configuration. They serve another purpose:
- Environment Profiles: defines behaviours for multiple Engines of an Environment (e.g. a company). Since the Engines/Machines belong to and are executed inside one Environment, most of this configurations concern the security of the process execution. Changing environment profiles is usually complex process, since it requires the coordination and collaboration within one company.
- User Profiles: are individual configuration settings of a process participant for the Engine he/she is working on. The possible keys are the same like in the Environment Profile, but the latter has a higher priority.
There are two different types/categories of Environment Profiles:
- Home Environment Profile: is the profile of the environment (e.g. company) that owns the Machine
- Third-Party Environment Profile: is the profile of the environment that the Machine is current running in, if it is not in the Home Environment
The Home Environment can have further Sub-Profiles that extend the Home Env Profile:
- Class Profiles: are more specific Profiles for indiviual categories of Machines, e.g. Portable, Static, Drone, Car, Transport, etc.
- External Machine Profile: The Profiles that are forwarded to external Machines which do not belong the Environment (devices that are not owned by the company) but are allowed to participate in the execution of processes in the dBPMS. They can also have specific Class Profiles which will be matched with Category of the external Machine.
With its configuration every Machine should be set up with a Home Environment Profile, maybe extended by some more specific Class Profiles. This can be done via the Management System. It can also store the External Machine Profile for transmitting it directly to other external Machines later.
If an Engine enters a network, the first step it does is to determine the Currently Connected Environment (CCE, for details on how the Engine does this, see the technical diagram). It can be either the Home Environment or a Third-Party Environment. If its the first one it uses the Home Environment Profile as the base for the Currently Active Profile (CAP).
If its an unknown network, it is assumed to be a Third-Party Environment. Then it tries to get the Third-Party Profile. From the Viewpoint of an Engine that is currently inside another environment (not in its Home Environment), it gets the External Machine Profile (mixed with the correct Class Profile) and views it as a Third-Party Profile. An Engine can store multiple Third-Party Profiles, but there is always only one currently active in a network.
A Third-Party Profile is the External Machine Profile mixed with a Class Profile in another external environment.
Technically getting the Third-Party Profile can also be done via different methods (see technical picture.) If the Engine got it, the next step is again to determine the Currently Active Profile. This time is a little bit more complex, because the values of the home (owner) and another environment have to be considers. The mixed, final profile is calculated by the following priority:
Home Env > Current Third-Party Env > Current User Profile > Default Profile
User Profile are configurations for the Process Participant. They are sent to the Engine from the authentication server during authentication in the Tasklist.
Technically Profiles are key-value pairs stored and transferred in JSON. There are multiple profile files because there are also external and class profiles.
There is base Home Environment Profile.
The Class Profiles and the External Profile extend it (with the extends key).
Other Class Profiles can extend the External Profile.
(See Overview Picture)
Common keys inside a Profile
| Config Key | Type | Default Value | Explanation |
|---|---|---|---|
id |
UUID | Required | Unique ID of the profile |
name |
String | Required | Name of the profile, e.g. "SNET-PROCEED-Profile" |
(version) |
Number | (Future: not yet implemented) |
Common keys inside an Environment Profile
| Config Key | Type | Default Value | Explanation |
|---|---|---|---|
environmentId |
"Env-" + UUIDv4 (String) | Required | The identifier of the environment, e.g. "Env-bbd545ad-31ac-479b-bbc3-d45155e5c212"
|
environmentName |
String | Required | The name of the environment. |
extends |
String | null |
The id of a Profile (Home or External) that this Profile extends from and overrides values. If this key is filled, the Profile is a so-called Class Profile. It only stores the overridden values from the parent profile. |
priority |
Number | 1 |
If multiple Class Profile exists that override the same profile key, this priority number determines the taken value (higher number == higher priority). If the same key is overridden with by Class Profiles with the same priority, the value taken is randomly selected. |
classes |
Array of Strings | [ ] |
Some machine classes a profile belongs to, e.g. "drone". A Profile can belong to multiple categories. Can only be used in Class Profiles. This is used to match the Profile to the correct Machines. |
matcherIP |
Array with Objects:[ { "ip4": "130.149.223.49", "netmaskv4": "255.255.255.0" }, { ... } ]
|
[ ] |
Contains an Array with IP-Matcher objects, used to automatically determine in which Network the Profile is valid. One object can contain a combination of ip4 and netmaskv4 OR ip6 and netmaskv6 -> this is used to determine the network part. In every network with the same network part, this Profile will be activated.Hint: should not be used with private IP addresses, since they are very common |
matcherWifiSSID |
Array with Strings:[ { "SNET-WLAN", "TUB-Guest", "Guest" }, { ... } ]
|
[ ] |
Contains an Array with names of Wifi SSIDs, used to automatically determine in which Network the Profile is valid. In every connected network with the same Wifi name, this Profile will be activated. |
Common keys inside an User Profile
| Config Key | Type | Default Value | Explanation |
|---|---|---|---|
identityProvider |
String; IP-Address | null |
Location (Public IP) of the home environments identity provider |
userId |
(see LDAP) | User | The identifier of the user |
userName |
String | User | The name of the user |
Configuration Keys
| Config Key | Type | Default Value | Explanation |
|---|---|---|---|
js.allowCapabilityExecution |
Boolean | True |
If Capabilities can be executed |
js.allowedCapabilities |
Array of semantic strings | [ "*" ] |
Specific Capabilities that are allowed to be executed, e.g. ["PhotoAction"] only allows PhotoActions
|
js.deniedCapabilities |
Array of semantic strings | [ ] |
Specific Capabilities that are not allowed to be executed, e.g. ["PhotoAction"] does not allow PhotoActions
|
js.allowInternalLibraries |
Boolean | True |
If JS code can use internal PROCEED libraries. |
js.allowedInternalLibraries |
Array of semantic strings | [ "*" ] |
Specific internal PROCEED libraries that are allowed to be included in source code, e.g. ["http"] only allows http to be used |
js.deniedInternalLibraries |
Array of semantic strings | [ ] |
Specific internal PROCEED libraries that are not allowed to be included in source code, e.g. ["http"] not allows http to be used |
js.allowExternalLibraries |
Boolean | True |
TODO If JS code can use external libraries. |
js.allowedExternalLibraries |
Array of semantic strings | [ "*" ] |
TODO Specific libraries that are allowed to be included in source code, e.g. ["lodash"] only allows lodash to be used |
js.deniedExternalLibraries |
Array of semantic strings | [ ] |
TODO Specific libraries that are not allowed to be included in source code, e.g. ["lodash"] not allows lodash to be used |
router.selectionAlgorithm |
String | random |
If the the Decider component finds multiple fitting Engines for further execution, this config key defines the algorithm how to select one of the Engines. random selection is currently the only implemented solution, TODO further algorithms should be implemented in future, e.g. round-robin, prefer-local-execution. |
router.softConstraintPolicy |
String | "FlowNode" |
Defines rules how Soft Constraints (SC) should be handled. (Even if no SCs are given)"FlowNode": Considers SC from flow nodes first > SC from process, If no SCs are given, it checks all Hard Constraints from every Engine and selects one with router.selectionAlgorithm "AsFastAsPossible": Ignores process given constraints, profile for minimizing the execution time"OnFirstFittingMachine": Ignores SC, send it to first machine that fulfills the Hard Constraints"PreferLocalMachine": If the local Machine can execute the process, prefer it (if it is not able, then send it to external Machines) "LocalMachineOnly": SC disabled, all further execution is only allowed on the same Machine |
router.scPolicyAsFastAsPossible |
Array with Constraints | [ "machine.cpu.currentLoad", "machine.mem.load" ] |
Sets the constraints that should be used to determine the fastest execution. |
router .waitTimeExternalEvaluations
|
Number in ms | 5000 |
The time the Router waits until it starts selecting a Machine. |
router.reEvaluateTimer |
Number in ms | 15000 |
The time management.js waits until it starts to evaluate a stored process instance again. |
router.maxStorageTime |
Number in Seconds |
2592000 (30d) |
The time management.js stores a process token for later re-evaluation until it is deleted. The timer is started when the token gets to the reevaluation storage the first time. It is then compared to the timeout value before and after every reevaluation. The timer is reset for every flow node execution.-1 means no timeout, 0 means no token storage. |
router.maxStorageRounds |
Number | -1 |
The times (rounds) management.js stores a process token for later re-evaluation until it is deleted. A number is set to 1 when the token gets to the reevaluation storage the first time. It is then compared to the value after every reevaluation. The number is reset for every flow node execution.-1 means no rounds count, 0 means no token storage |
process.maxTimeProcessGlobal |
Number in seconds | -1 |
Global timeout after a process is stopped, it then aborts all running tokens of the Instance on all Machines -1 means no timeout, Attention: it can be very hard to calculate when a process needs to stopped |
process.maxTimeProcessLocal |
Number in seconds | -1 |
Local timeout after a process is stopped, it then aborts all running tokens of the Instance on the local Machine -1 means no timeout |
process.maxTimeFlowNode |
Number in seconds | -1 |
Timeout after a flow node (activity, gateway, event) is stopped, it then aborts the Token on the local Machine-1 means no timeout |
| Currently it is not possible to define a global process abort, if one FlowNode or the maxTimeProcessLocal exceeds the time | |||
machine.maxCPULoad |
Number in Percent | 100 |
maximum CPU load that a Machine is allowed to have, if exceeded no new process is accepted |
machine.maxMemLoad |
Number in Percent | 100 |
maximum Memory load that a Machine is allowed to have, if exceeded no new process is accepted |
machine.port |
Number | 8080 |
TCP Port for the HTTP REST interface |
process.runUntrustedCode |
Boolean | AutoSetByEngine | If the Code/Script execution is done by a secure method (vm2, web workers), it is set to true, else false. If true it can run every code, because this code is not able to manipulate the Engine. |
process.deniedBPMNElements |
Arrays of Flow Node names/Strings | [ ] |
BPMN Flow Node Elements that are not allowed to be executed, e.g. "ScriptTask", "UserTask", "XORGateway", "ANDGateway" ... |
machine.env.offline |
Boolean | AutoSetByEngine | Indicates, if a connection to the WWW and Internet is possible. true if no connection is possible or if it is not wanted - local connections to the current IP subnet are still possible. |
machine.env.allowedConnections |
Array with IP-Addresses or DNS names/Strings | [ ] |
If offline==true: List of addresses that an Engine is allowed to connect to. |
machine.env.deniedConnections |
Array with IP-Addresses or DNS names/Strings | [ ] |
If offline==false: List of addresses that an Engine is not allowed to connect to. |
machine.env .reachableMachines
|
Array of IP-Addresses/Strings or DNS names | [ ] |
List of IP-Addresses (also resolvable via DNS) of other Machines (Contact Server, IoT devices, etc.). The current Machine always needs to be able to reach at least one of them. If not, it stops executing processes. |
machine.env .reachableMachinesTimeout
|
Number in seconds | 300 | The time a Machine stops working, if it does not reach the reachableMachines |
machine.env .allowSCValuesForHomeEnv
|
Boolean | True | If an Engine is allowed to sent the internal values to another Machine from the same HomeEnvironment for Soft Constraint evaluation. |
machine.env .allowSCValuesForExtEnv
|
Boolean | True | If an Engine is allowed to sent the internal values to another Machine from the same HomeEnvironment for Soft Constraint evaluation. |
machine.env .allowedToWorkInsideExtEnvs
|
Boolean | True |
If the Portable Machine is allowed to work/participate in other environments. |
machine.env .acceptedEnvsToWorkIn
|
Array of Env-IDs or Env-Names / Strings | [ "*" ] |
An exclusive list of Environments a Portable Machine is allowed to work in. |
machine.env .deniedEnvsToWorkIn
|
Array of Env-IDs or Env-Names / Strings | [ ] |
A list of Environments a Portable Machine is not allowed to work in. |
process.acceptedProcesses |
Array of Process-IDs or Process-Names / String | [ "*" ] |
The exclusive list of allowed processes an Engine can run. |
process.deniedProcesses |
Array of Process-IDs or Process-Names / String | [ ] |
A list of processes an Engine is not allowed to run. |
process .allowProcessesCreatedInExtEnvs
|
Boolean | True |
If processes created in other environments (than the home env) are allowed |
process .acceptedProcessesCreatedInEnvs
|
Array of Env-IDs or Env-Names / Strings | [ "*" ] |
The exclusive list of allowed environments which the Engine can run processes from. |
process .deniedProcessesCreatedInEnvs
|
Array of Env-IDs or Env-Names / Strings | [ ] |
A list of denied environments which the Engine is not allowed to run processes from. |
process .allowProcessesFromExtMachines
|
Boolean | True |
If processes sent from Machines of other environments (than the home env) are allowed |
process .acceptedProcessesFromMachineEnvs
|
Array of Env-IDs or Env-Names / Strings | [ "*" ] |
The exclusive list of allowed home environments of other Machines that the current Engine accepts to receive processes from. |
process .deniedProcessesFromMachineEnvs
|
Array of Env-IDs or Env-Names / Strings | [ ] |
The exclusive list of denied home environments of other Machines that the current Engine don't accepts to receive processes from. |
process .acceptedProcessesFromMachines
|
Array of Machine-IDs or Machine-Names / Strings | [ "*" ] |
The exclusive list of allowed other Machines that the current Engine accepts to receive processes from. |
process .deniedProcessesFromMachines
|
Array of Machine-IDs or Machine-Names / Strings | [ ] |
The exclusive list of denied other Machines that the current Engine don't accepts to receive processes from. |
process .allowProcessesToExtMachines
|
Boolean | True |
If the Engine can sent processes to Machines of other environments (than the home env) |
process .acceptedProcessesToMachinesEnvs
|
Array of Env-IDs or Env-Names / Strings | [ "*" ] |
The exclusive list of allowed home environments of other Machines that the current Engine is allowed to sent processes to. |
process .deniedProcessesToMachinesEnvs
|
Array of Env-IDs or Env-Names / Strings | [ ] |
The exclusive list of denied home environments of other Machines that the current Engine is not allowed to sent processes to. |
process .acceptedProcessesToMachines
|
Array of Machine-IDs or Machine-Names / Strings | [ "*" ] |
The exclusive list of allowed other Machines that the current Engine is allowed to sent processes to. |
process .deniedProcessesToMachines
|
Array of Machine-IDs or Machine-Names / Strings | [ ] |
The exclusive list of denied other Machines that the current Engine is not allowed to sent processes to. |
Backup: old values
| process.acceptedEnvironments | Array of Env-IDs or Env-Names / Strings | [ "*" ] | List of Environment where 1. all processes are accepted from and 2. to/from which Machines are processes accepted from. Can be overwritten by the more specific keys |
| process.deniedEnvironments | Array of Env-IDs or Env-Names / Strings | [ ] | List of Environment where 1. all processes are denied from and 2. to/from which Machines are processes denied from. Can be overwritten by the more specific keys. |