Metworx GUI Architecture

The purpose of this document is to provide a general overview of the Metworx environment as it interacts with client systems. Please consult the diagram below for a visual reference.

Metworx as a whole is composed of two distinct sections each responsible for serving a different part of the application/system.

Metrum Research Group hosts the following:

  • The GUI Application
  • Custom built Amazon Machine Images that contain all the required software
  • CloudFormation Templates responsible for provisioning the Metworx Cluster
  • Custom cookbooks run on initialization of the cluster

The client hosts the following:

  • All Metworx Workflow EC2 Instance Clusters
  • All disks attached to a workflow/created during the initialization
  • VPC/Subnets
  • All AWS security policy configurations as it pertains to the deployment of the cluster

When a user initially logs in to the Metworx GUI, they are redirected to the dashboard area where they can create and access workflows. When a creation request is initially made, the app will send a request to the clients CloudFormation API in their AWS account. This request is authenticated by the encrypted AWS Credentials the Organization Admin initially provides Metworx during onboarding.

CloudFormation takes this create request coming from the GUI in the form of a CloudFormation Template and starts provisioning resources on the clients AWS account. As part of the provision process, the clients AWS account will pull the following resources:

  • Any necessary cookbooks
  • The custom Amazon Machine Image

from Metrum Research Group’s AWS account.

Once the cluster has finished creating, depending on the clients security policy (private vs public subnet), the workflow can be seen on the dashboard in the Metworx GUI and is available over a private network (as per the private subnet configuration) or accessible publicly on the internet (as per the public subnet configuration). All incoming traffic to the workflow is over an encrypted HTTPS/SSL connection.

Requests sent for updating and deleting workflows go through similar processes.