- 0 minutes to read

Managing the Nodinite Web Client

The Nodinite Web Client to enables self-service for your business. The Nodinite Web Client uses Role based security.

graph TD subgraph "Manage Nodinite" ro[fa:fa-user-secret Access mgmt.] ro2[fa:fa-sitemap Repository] ro3[fa:fa-hard-drive Logging] ro4[fa:fa-display Monitoring] ro5[fa:fa-paint-brush Content] ro6[fa:fa-wrench Settings ] end

Manageable assets

Learn more about the Web Client User Interface in the end-user guide for the Nodinite Web Client part of Core Services.

You must be a member of the Administrators role to manage Nodinite

Why does Nodinite not delete my records?

Nodinite almost never forgets anything, a delete operation in Nodinite is rarely a hard delete! Whenever a user deletes a record, for example an Endpoint, the endpoint is merely flagged as being deleted. A deleted item can be restored by the Administrator. This design and behaviour is because sometimes people make mistakes. Also, the data is required for the auditing and the full access to the history of everything in the records. In addition, Nodinite use this information to provide long term statistics. The configuration data does not hog that much space in the databases anyway and the benefits clearly outperforms the downsides. You may wanna know what happened... and Nodinite gets it for you... Always Aware!

With Nodinite, if you delete something by accident, you can get often get it back.

Manage deleted records in the Web Client


1. Access Management

Do you care who reads and potentially further distributes content (like medical records, business transactions, ...) without leaving a single trace? Do you grant local admin rights to developers, your support and maintenance organization, consultants? With the role based access using Nodinite you can remotely fix problems from the Web Client and restrict/allow access to specific information and resources/services, all being audited. All this without anyone having direct access to servers and services, i.e. Do not let anyone and everyone be an administrator, you do not know what they do, or have access to (or maybe not even when).

graph LR roWS[fab:fa-windows Windows Integrated Security]--- roRB[fal:fa-users-class Role based Access mgmt.] roAudit[fal:fa-user-tag Log Audited operations] roRB --- roAudit

All that you do is being Log Audited

All operations that you or any other user/service performs that changes information/data, and also some potentially sensitive operations like download or view messages are being logged into a tamper resistant Log Audits storage.

The Audit Log feature is only available for users part of the predefined Nodinite Administrators role, using either the Web Client User Interface or for reporting purposes using the Web Api.

The Audit Log helps you avoid blame game discussions in many ways:

  • By using the powerful remote actions available with Nodinite users do not need elevated rights directly on servers and cloud services
    • If your users do not have access they can't disrupt services
    • If someone changes anything using Nodinite you can later know who did what and when

Find out who did what when using the Web Client

Policy based access management

Nodinite currently uses Windows Integrated Security and for your end-users to get access to the Web Client User Interface a Nodinite Administrator needs to register the end-users identity either as a User or part of a Windows Group and then add to appropriate Nodinite application Roles.

The policy is governed by a predefined Administrators Role

Restricted
A registered user with access to the Web Client User Interface menu.

Users part of the Administrators role also has access to the Administration and full edit rights to manage the Repository Model.
Admin rights
A user part of the predefined Administrators role has access to additional menu items in the Web Client User Interface

What is a Role?

Nodinite uses Role based security to grant Users access to Log Views and Monitor Views. Nodinite has a special predefined Administrators role that cannot be changed other than the associated list of Users and Groups.

Quick facts for a Role:

  • A Role has a unique name
  • There can be any number of Roles defined
  • There can be any number of users associated with a Role
    • Users can be a member in many Roles
  • There can be any number of Windows AD Groups associated with a Role
    • Windows AD Groups can be a member of many Roles

Add or manage Role - Roles are used in Nodinite to enforce a policy on:

What is a User?

A User is an entity within Nodinite with the name of the Windows identity in the form Domain\UserName. Only members of the Administrators Role can manage Users. A User that is not registered either by name or as part of a Windows AD Group is denied access to the Nodinite Web Client User Interface and you are prompted by the browser to provide valid Windows credentials.

Note

By default everything is disallowed and an Administrator must explicitly Allow or Deny what authenticated users can see and do.

Net rights - Log Views
Here's an example of access rights for nodinitedemo01\demouser for Log Views

Net rights- Monitor Views
Here's an example of access rights for nodinitedemo01\demouser for Monitor Views

A registered User that is not Administrator with no associations to either Log Views or Monitor Views is still granted logon rights (very limited Nodinite features available). Very much the same logical idea as the grant public in SQL databases.

Quick facts for a User:

  • A User has a unique name
  • There can be any number of Users defined
  • A User can have an email address set that is further used by the E-mail plugin as specified in the Monitor Views
  • A Deny always wins

Add or Manage Windows Users

What is a Windows AD Group?

A Windows AD Group is an entity within Nodinite with the name of the Windows group in the form 'Domain\GroupName'. In essence

Quick facts for a Windows AD Group:

  • A Windows AD Group has a unique name

    Important

    There is no matching and if you later change the name of the group in Windows AD, Nodinite will have no idea about that effectively blocking the usage for members of the AD group until the name has been changed to match.

  • There can be any number of Windows AD Groups defined

    Important

    There is no matching and you are NOT allowed to use the built-in local administrators group

  • Nodinite has no information about email addresses for the members and you must explicitly add that information for the email plugin or email plugin with options when used in Monitor Views

  • A Windows AD Group can be a member of one or many Nodinite Roles

Add or Manage Windows Groups


2. Manage the Repository Model

Find out how you can create Integration Landscapes like the image below by reading more about the Repository Model.
IntegrationLandscapeImage
Design your integration flows using Nodinite Repository Model


3. Logging

With Nodinite you have end to end logging of your workflows and you can be the hero providing custom built self-service Log Views with the data your business needs/wants in a layout tailor made for the specific need at hand.

graph LR roLogEvents[fal:fa-bolt Log Events
MuleSoft Anypoint, BizTalk
IBM Integration Bus, ...
Custom Logging Solutions]--- roLV[fal:fa-hard-drive Log Views
fal:fa-filter Filter and restrictions] roAudit[fal:fa-user-tag Log Audited operations] roLV --- roAudit

With the restrictions Nodinite provides you can even filter the returned data down to any detail level. You may not want to (or legally can) share everything, just because it's been logged, here are some examples:

  • Anything on selected Endpoint
  • All Orders
    • All failed orders last month
    • All orders to customer X
  • Users are only allowed to search for approved invoices to supplier X with an amount > 100$ no older than 3 days
  • Find all orders missing its corresponding order response (yes, you get complex Ack/Nack management with Nodinite, we even top this with the ability to send you alerts when the order response has exceeded its configurable time threshold)

Nodinite supports the creation of Log Views where you can determine exactly what data to list, what columns and in what order, grouping options, various settings that affects what the user can do (view payload, download, resend, repair...) and of course for who.

4. Monitoring

With Nodinite you get end to end Monitoring capabilities and a self-service portal for your business and your support and maintenance team to solve problems from wherever they are. With Nodinite comes a plethora of Monitoring Agents custom built by us for the purpose of detecting problems and by providing remote actions you can swiftly resolve most matters instantly in a secure, audited way. Nodinite comes packed with functionality and a knowledgebase for better self-service. The Repository Model is put to work and provides a faster self-service experience.

graph LR subgraph "Host on-premise with Monitoring Agents" roMonitorAgent(fal:fa-upload Monitoring Agent) ro(fal:fa-monitor-waveform Resources to Monitor) roMonitorAgent --> ro end subgraph "Your Instance" roMonitoringService(fal:code-commit Nodinite) roMonitoringService --> roMonitorAgent end subgraph "Customer Location with Monitoring Agents" roMonitorAgent2(fal:fa-upload Monitoring Agent) ro2(fal:fa-monitor-waveform Resources to Monitor) roMonitorAgent2 --> ro2 end roCloud((fal:fa-cloud Cloud)) roMonitoringService -->roCloud roCloud --> roMonitorAgent2

Nodinite provides Monitor Views that you use to group related Resources, for example all dependencies for the Invoicing Integration flow.

Invoicing Integration

Even a simple system integration solution has many Resources and dependencies that needs monitoring and the information is key for different stakeholders at different times.

graph LR subgraph "INT001: Invoicing Integration" ro1(fal:fa-book ERP) -->roq[fal:fa-list ActiveMQ Queue] ro2(fal:fa-exchange Integration Broker/ESB) roq --> ro2 ro3(fal:fa-database Database) ro2 --- ro3 roFile[fal:fa-folder FTP] ro2 --> roFile roCustomer(fal:fa-user-tie Customer) roFile --> roCustomer end subgraph "Nodinite Monitoring" roResourceServer[Server Alive?] --> ro1 roResourceQueue[Too many, Too old?] --> roq roResourceServer2[Server Alive?] --> ro2 roResourceDatabase[Database online?] --> ro3 roResourceFTP[Too many, Too old?] --> roFile roResourceFTP2[fal:fa-alarm-clock Non-Events
Expected volume?] --> roFile end

An Administrator of Nodinite can provide role based Monitor Views. This means that the solutions may be partitioned and managed in a very fine-grained way. Any single user is only allowed to see explicitly allowed Resources, where also custom remote Remote Actions may be allowed (stop/start/...). Using Monitor Views in many cases removes the need for Remote Desktop Sessions and administrative privileges on servers.

Note

Remember all actions you perform within Nodinite are being log audited.

Log Audits - Stay secure

graph LR subgraph "Monitor Views" roMV(fal:fa-display Monitor View) end subgraph "Monitoring Agent Configurations" roMV -.-> |0..*| roSources(fal:fa-cloud-download Monitoring Agent Configuration) end subgraph "Monitoring Agent Configuration" roApplications(fa:fa-box-open Applications) roCategories(fal:fa-folder Categories) roResources(fal:fa-lightbulb Resources) roSources --- roResources roMV-.-> |0..*| roResources roMV-.-> |0..*| roCategories roSources --- roCategories roMV-.-> |0..*| roApplications roSources --- roApplications end

The Monitoring capabilities of Nodinite is provided by the Monitoring Agents. These agents are setup as Monitoring Agents and are governed by the Monitoring Service The Monitoring Agents provide Resources with different set of states. User specific alerts are provided by configuring Monitor Views. Monitor is where you access and configure the Monitor Views.

There can be any number of Monitor Views defined.

5. Customization of content that affect users

Review the System Parameters user guides for additional information.

6. Settings for Administrators

Beginning with Nodinite 5.1 and later even a Nodinite Administrator may be blocked from using Monitoring and Logging features. Deny for Administrator
Example where members of the built-in Administrators role is denied from accessing a specific Log View