first done
This commit is contained in:
@@ -8,3 +8,21 @@ lastmod: "2025-08-25T12:33:49-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
One of the obstacles to deploying open source SaaS is user management. When each application has its own user management, it becomes complicated to build a workable system for the business or team, to build reliable workflows across applications, and to ensure security for the business or team for data. Federated Core Platform provides two layers of authentication to deal with these problems.
|
||||
|
||||
### LDAP
|
||||
|
||||
The foundation of Federated Core Platform authentication is LDAP. Every application connects to LDAP. If it doesn't use LDAP, it doesn't work on the platform. There are some applications for which the *only* account in LDAP is the administrator and the other users are created in the application itself. And example is Vaultwarden (password manager) because of the very sensitive nature of the information in Vaultwarden *outside* of access to Core services. You create the user in Vaultwarden as the administrative user but then, the account is connected to Core LDAP (if desired).
|
||||
|
||||
LDAP services can be exposed to network outside of Core to be used by other systems that use LDAP. And example would be a collection of Windows, MacOS, Linux desktop computers where you want users to log in to this machines using their Core credentials from LDAP. You could also use Core LDAP for other software systems where you want to use a central user repository for access control such as virtual desktop environments.
|
||||
|
||||
Core LDAP support users and groups. For example, you can delegate administrative access controls to certain users in Nextcloud using LDAP.
|
||||
|
||||
LDAP is managed through the Federated Core app "Panel".
|
||||
|
||||
### OIDC
|
||||
|
||||
Single-sign on is provided in Federated Core Platform by Authelia. This allows, for example, a customer to log in to one open source SaaS application in a browser and to automatically log in to other Core applications in the same browser. It also allows the user to log out of all applications, in the same way.
|
||||
|
||||
Federated Core applications default to OIDC authentication when the application supports it. Most do. Some applications only support OIDC with a premium upgrade (also supported), but a few don't (yet) support OIDC or only support authentication using OIDC providers such as Google, etc. Federated plans to provide work arounds for all applications to use OIDC and have done this successfully for some (eg. cal.com).
|
||||
|
||||
@@ -8,3 +8,5 @@ lastmod: "2025-08-25T12:33:56-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
Federated "Computer" is a new application coming in Fall, 2025 delivering a fully customizable front-end experience for Core users. It is a bookmarking application extended to support reminders, folders for watching applications, documents, events, the ability to pick up AI workloads and customizations, and more. Federated "Computer" is intended to be fully open-sourced, will work with other SaaS applications that support URLs, and will work natively on desktops, tablets, and mobile devices.
|
||||
|
||||
@@ -8,3 +8,7 @@ lastmod: "2025-08-25T12:34:05-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
Federated Core supports PXE-booting two different Linux distributions (OpenMandriva and Core Desktop based on Arch) when a customer wants to complete solution for their team or office. These desktops are tied into Federated Core Authentication, have all the desktop applications (email, calendar, contacts, bookmarks, file synchronization, applications that take advantage of Nextcloud and other desktop applications) pre-configured and redy to use for the particular user as they log in to Core Desktop. This is a great solution for offices or use cases where it is important that each desktop be closely managed for the "correct" software and services so that it "just works".
|
||||
|
||||
Core Desktop can also be installed on laptops and other mobile computers so that on-the-go team members can get a computer that "just works" without the requirements for network access.
|
||||
|
||||
@@ -8,3 +8,37 @@ lastmod: "2025-08-25T12:34:18-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
Core Mini is the minimal install of software on a Core before adding additional SaaS and any scaling services (e.g. load balancing). These are the fundamental services used by ever other SaaS application.
|
||||
|
||||
### Traefik
|
||||
|
||||
Firewall and network management.
|
||||
|
||||
### PowerDNS
|
||||
|
||||
Domain name service.
|
||||
|
||||
### Authelia
|
||||
|
||||
OIDC authentication provider.
|
||||
|
||||
### Mail Services
|
||||
|
||||
SMTP and IMAP services.
|
||||
|
||||
### Postgresql
|
||||
|
||||
Database engine for SaaS services requiring Postgresql.
|
||||
|
||||
### MariaDB
|
||||
|
||||
Database engine for SaaS services requiring MariaDB. The will likely be obsolete in the coming months.
|
||||
|
||||
### Autodiscovery
|
||||
|
||||
Service for providing autodiscovery for SaaS service that use autodiscovery services. Example: email and calendar client configuration.
|
||||
|
||||
### Federated Monitors
|
||||
|
||||
Softare for communicating with Federated management systems.
|
||||
|
||||
@@ -8,3 +8,7 @@ lastmod: "2025-08-25T12:34:34-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
Federated maintains its own Linux distribution for the specific purpose of control of the types and versions of software used in virtual machine. This descrease the surface area for attacks, increased maintainability for the Cores built on top, and assures our systems work on X64 and Arm (example: Ampere) systems as well as fully supporting IPv4 and IPv6 for cloud deployment.
|
||||
|
||||
Core Server is based on [OpenMandriva](https://www.openmandriva.org) a Linux distribution lead by Federated Computer's chief systems engineer. OpenMandriva is base on Fedora, in part.
|
||||
|
||||
@@ -8,3 +8,7 @@ lastmod: "2025-08-26T14:43:09-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
Federated Dashboard is a simple launcher for users. It shows the applications available, a link to helpful documentation, and a note about user management. There are significant improvements planned for Dashboard in the coming months as it transitions to Federated [Computer](computer.md).
|
||||
|
||||
|
||||
|
||||
@@ -8,3 +8,19 @@ lastmod: "2025-08-25T12:35:51-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
The "Provisioner" is responsible for setting up, updating/upgrading, and tearing down Cores. It does this in an entirely stateless way communicating with either the aacount management and billing system or the management system. Naturally, there are command-line utilities and an API available to accomplish all functions.
|
||||
|
||||
### Order
|
||||
|
||||
When and order comes through the account management and billing system, a manifest is created asking for a Core to be create with the required SaaS titles. This *manifest* is sent to the Provisioner which then requests a virtual machine (or machines, if the manifest includes load balancing or other extended Core services), then begins to build the Core software from the manifest. You can read more about the minimal build at [Core Mini](core-mini.md).
|
||||
|
||||
One of the key systems enabled for each Core is regular backup to a system of your choice. The credentials for the system are help by Provisioner but can be a local storage service, Backblaze (what we use at https://federated.computer), or some other backup service.
|
||||
|
||||
### Update
|
||||
|
||||
Provisioner can also modify Cores to add/subtract SaaS software from a Core depending on follow-on orders/cancellations from customers. It can also take instructions from the [update/upgrade system](../management/update-and-upgrade.md) to push out updates to existing software on a Core whether that is system software or SaaS software or other components.
|
||||
|
||||
### Tear Down
|
||||
|
||||
When it comes time to tear down a Core, Provisioner firsts backs up the Core to the system-defined backup service and then deletes the Core. After a set number of days a follow up command can be sent to Provisioner to clear away the backup.
|
||||
|
||||
@@ -8,3 +8,17 @@ lastmod: "2025-08-25T12:36:03-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
Federated Core includes three systems for messaging.
|
||||
|
||||
### Email
|
||||
|
||||
There is a full-featured IMAP/SMTP service available for any needed notifications to users.
|
||||
|
||||
### Container-to-Container
|
||||
|
||||
There is a service for container-to-container communication allowing for complete workflow creation between SaaS applications when the native APIs are not enough.
|
||||
|
||||
### Optional: Matrix
|
||||
|
||||
If the Matrix service is loaded, you can use it like a message-bus for application notification to users.
|
||||
|
||||
@@ -8,3 +8,7 @@ lastmod: "2025-08-25T12:36:10-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
|
||||
Every SaaS software deployed to a Federated Core using a single expandable storage service. This is a BTRFS file system on the Core but can be deployed as block storage (if the cloud provides such a service). It can be expanded and contracted based on customer demand/usage
|
||||
|
||||
Every SaaS software deployed to a Federated Core using a single expandable storage service. This is a BTRFS file system on the Core but can be deployed as block storage (if the cloud provides such a service). It can be expanded and contracted based on customer demand/usage.
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
---
|
||||
weight: 185
|
||||
title: "Why Open Source Projects Work With Federated"
|
||||
description: ""
|
||||
icon: "article"
|
||||
date: "2025-08-25T12:36:40-06:00"
|
||||
lastmod: "2025-08-25T12:36:40-06:00"
|
||||
draft: false
|
||||
toc: true
|
||||
---
|
||||
Reference in New Issue
Block a user