Content:
Architecture Overview
Cayosoft Administrator is a management platform that is designed to enforce IT business Roles and Rules needed to control and automate the management of systems On-premises, Hybrid or In-cloud.
Extensions - Each managed platform has a corresponding Extension (think module) that contains the necessary logic to complete specific management scenarios for that platform.
Modern 3-Tier Model - Cayosoft uses a new and modern 3-tier architecture built with the latest Microsoft & Web technologies such as Web Services, PowerShell, and .Net. In this 3-tier system, all user actions are turned into requests that are submitted to the Cayosoft Administration Service for completion. Before the service completes each request, it performs an access check to verify the user has permission (Roles) to make the request and then it performs policy enforcement to ensure the user has completed the task correctly (did the user follow the Rules). If the Access Check and Policy Enforcement are satisfied the service then completes the task on behalf of the user and logs the results.
Built for all Phases of the IT Cloud Journey
Cayosoft Administrator was built from the ground up to support IT management of critical platforms and systems through each phase of IT's Cloud Journey: On-premises, Hybrid, and Public/Private Cloud. The following architectural components make Cayosoft Administrator different and more flexible than any other product like it available today.
Roles
Cayosoft Administrator has a granular set of roles that grant day-to-day administrators, help desk staff, or self-service users the ability to perform tasks that their jobs require. The Web Administrator’s Roles controls what Queries and Actions are visible to a user when they sign-in to the Cayosoft Administrator Web Portal. Other roles control what users can see and do in the Automation and Configuration console.
Rules
Rules define how specific automated tasks should be completed. For example, a rule may search Active Directory (AD) and identify all unused accounts then suspend those accounts. Another rule may be that a user created in a specific department or specific AD Organizational Unit should be assigned a specific Office 365 with only certain options set. A rule would define both which departments would be affected and which licenses they should receive.
Attribute Policies
Cayosoft Administrator delegates granular control over how attribute data is presented or modified through the use of Attribute Policies. Attribute Policies can be set globally for all or a specific set of users over the desired scope (Administrative Units). These policies make attribute data visibility and enforcement easy to configure.
Runbooks
Cayosoft Administrator can run a sequence of rules to automate complex tasks in a specific order. It allows admins to complete more complex tasks like Automatic provisioning or deprovisioning of users or automatic cleanup of users and groups.
Administration Service
At the heart of Cayosoft Administrator is the Windows service named Cayosoft Administrator Service when viewed in the Windows Services snap-in.
Cayosoft Advanced Process Management (aka Session Management)
Cayosoft Administrator utilizes the concept of processes to provide pathways for administrative requests and data to be sent and received to/from target platforms. In most cases, processes are established to a web services end-point provided by the platform vendor in one of several ways including PowerShell and Microsoft Graph. For example, when connecting to Legacy Active Directory and Legacy Exchange, Cayosoft connects to ADWS (Active Directory Web Services) and EWS (Exchange Web Services) by establishing a PowerShell connection. Limitations of PowerShell sessions have been overcome by Cayosoft making it a suitable API for enterprise management. For Entra ID (ex. Azure AD), Microsoft 365, and Exchange Online a combination of PowerShell and Microsoft Graph is used within the solution’s processes. If the Microsoft Graph API exposes the necessary features and is performant, the Graph API is preferentially used.
Configuration Database
Configuration settings of Cayosoft Administrator are stored in the Cayosoft Administrator configuration database. The data stored in the configuration database has been optimized so that the size of the database remains small. This small amount of data allows Cayosoft Administrator to use an embedded SQL database that is performant and reliable without requiring separate database licenses or complex database tools. For more information see: Configuration DB Backup
Automation & Configuration Console
The Automation & Configuration console serves as the back-end console where Cayosoft Admins can automate management tasks or delegate the assignment of manual tasks to day-to-day admins who will use the Web Portal to complete those tasks. The Automation & Configuration console also serves as the place where system-wide settings are configured.
Web Portal
Web Portal is for day-to-day administrators, help desk staff, and end-users to easily and quickly perform needed management tasks. The web portal makes it easy for anyone to access the critical AD, Hybrid, and Office 365 resources they manage. For more information see: Required ports
Deployment Architecture
Cayosoft Administrator can be deployed on a single VM or Server (Known as a Stand-alone Server), or it can be configured to participate in a Hub and Spoke replication model where one server is a publisher of the configuration and the other servers are subscribers. For more information see Determining a Server's Role.
Typical Deployment
The typical customer deployment involves one or two VMs depending upon the solution being delivered by the product. By design, the product has been designed to make backup and recovery simple.
High Availability and Load Balanced Enterprise Deployments
Administration and self-service can often be mission-critical tasks. It is for this reason Cayosoft was designed to replicate delegation and control between Cayosoft Servers. The design also includes a lightweight architecture that doesn't require a separate recovery of "extra" LDAP, SQL, or other heavy databases. For more information on this topic see High availability & replication.
Hybrid Microsoft Exchange Resource Deployments (Advanced)
Cayosoft Administrator can also be configured for Exchange Resource Forest Deployments where the customer requires Hybrid Exchange Resource Forest Management. This deployment model has the added benefit of safely delegating Authentication Forest Admins to provision and deprovison their own "triple-joined" accounts. For more information see Linked Mailbox.
VM/Server Placement
While most customers deploy Cayosoft Administrator on a VM or Server on-premises, cloud deployments on Entra ID (ex. Azure) or on Amazon are possible. Most customers who have deployed using Entra ID (ex. Azure) or Amazon VMs have a Software Defined Network that provides those Servers VMs fast and reliable connections to on-premises Legacy AD Domain Controllers and Legacy Exchange Servers.
Comments
0 comments
Please sign in to leave a comment.