How to securely schedule workflows starting third-party systems & services
Mar 13, 2020 from Activeeon
ProActive Workflows & Scheduling is an advanced job scheduling & orchestration software allowing to start and manage various services and applications using workflows from within its interfaces. Users can interact with third-party systems in two ways: using ProActive web portals (Studio, Automation Dashboard, Scheduler, Resource Manager) or using APIs (REST, Java, CLI, etc.).
For users authenticated via the web portals mentioned above, ProActive Workflows & Scheduling further enhances user experince with Single Sign-on (SSO) feature. When a user logs in to one of ProActive portals (Workflow studio, for example), he is automatically signed in to all the other portals (Automation Dashboard, Scheduling portal, Resource Manager), thus providing seamless authentication experience.
All users authenticated have their own roles, which grant them a set of permissions. ProActive Workflows & Scheduling enable fine-grained authorization for the whole set of operations it offers: deploy nodes, execute jobs, etc.
ProActive Workflows & Scheduling evaluates user credentials and privileges against user accounts that are stored and managed by an identity store. More pricisely, ProActive software supports three identity stores:
- LDAP (Lightweight Directory Access Protocol) and Active Directory (AD)
- PAM (Pluggable Authentication Modules)
ProActive Workflows & Scheduling allows users to execute workflows while activating the impersonation feature which allows to execute a task with the job owner as a system user if the targeted system is pre-configured for that purpose. There are two possible ways to do that if the targeted operating system is set to authorize one of those methods: using the job owner’s login and password or with an SSH key provided by the administrator.
Third-party credentials are needed to securely handle conncetion to third-party systems and services invoked by ProActive workflows. These credentials are key-value pairs of strings defined by users, stored on the server side in an encrypted form. They are managed by ProActive Workflows & Scheduling as a part of the user account, and accessible by all workflows executed by the user. Thus, two users can execute the same workflow, but using different credentials, which may result in different behaviors.
The credentials are accessible in workflow tasks via APIs or variable substitution. Users can manage their third-party credentials using the scheduling portal, or the Command Line Interface (CLI).
Methods to add or remove the credentials and to list the stored credential keys are exposed in both Java and REST APIs. You might refer to the Variable Support section to see an example of getting credentials using a Java/groovy task. Further details about the management of third-party credentials are provided in ProActive documentation.
Mar 13, 2020 from Activeeon
Users can interact with third-party systems in two ways: using ProActive web portals (Studio, Automation Dashboard, Scheduler, Resource Manager) or using APIs (REST, Java, CLI, etc.)...
Dec 5, 2019 from Activeeon
A job scheduler executes workloads based on a certain scheduling policy. An advanced job scheduling solution can support several scheduling policies that determine how jobs and tasks will be scheduled. These include First-In-First-Out (FIFO), Earliest deadline first (EDF), and License-based policies....