Skip to content
Tenzir

Platform

The platform provides fleet management for nodes. With an API and web interface, the platform offers user and workspace administration, authentication via external identity providers (IdP), and dashboards consisting of pipeline-powered charts.

There exist three primary entities in the platform:

  1. Users: Authenticated by an Identity Provider (IdP)
  2. Organizations: Manage billing/licencse, members, and workspaces
  3. Workspace: A logical grouping of nodes, secretes, and dashboards.

The diagram below illustrates their relationship.

NodeNodePlatformNodeOrganizationWorkspaceWorkspace...OrganizationWorkspaceWorkspace......NodeNodeNodeNodeNodeNodeNodeNodeNodeUserUserUserUserMemberMember- Manages users via Identity Provider- Owns all persistent state- Owns organizationsPlatform- Manages billing and license- Manages members- Owns workspacesOrganization- Manages nodes- Manages secrets- Controls node access (RBAC)- Owns dashboardsWorkspaceMemberMember

A user inside an organization is called a member. The organization configures what members have access to what workspaces.

Data Model

The following diagram visualizes the platform’s data model (yellow) and how the entities relate to each other with respect to their multiplicities.

Real WorldTenzirOrganizationUserWorkspacePerson***1***Node1*Pipeline1*Context1***Organization111**

It’s important to note that every node can only be part of a single workspace. There is no support for “multi-homing” as it would create non-trivial questions about how to reconcile secrets and permissions from multiple workspaces.

Deployment Modes

Based on the edition of Tenzir, you have different deployment modes of the platform. The below diagram illustrates the variants.

NodeNodePlatformNodeOrganization AWorkspaceWorkspace...Organization BWorkspaceWorkspace...NodeNodeNodeNodeNodeNodeNodeNodeNodeUserMSP UserUserMemberMemberMemberMemberPlatformOrganizationWorkspaceWorkspaceNodeNodeNodeNodeNodeNodeUserMemberMemberUserPlatformNodeNodeNodeLarge EnterpriseSmall BusinessManaged Service Provider (MSP)PlatformPersonal WorkspaceNodeUserSingle UserOrganizationWorkspaceCommunity EditionProfessional EditionEnterprise EditionSovereign EditionUserMemberMemberUser...

  • Community Edition: geared towards single-user deployments, the Community Edition only associates a personal workspace with every user.
  • Professional Edition: geared towards small-business deployments, the Professional Edition features organizations for allowing multiple users to collaborate.
  • Enterprise Edition: geared towards large enterprise deployments, the Enterprise Edition supports multiple workspaces for managing what users have access to what nodes.
  • Sovereign Edition: geared towards on-prem deployments, the Sovereign Edition allows for multiple platform instances and multiple organizations within each platform.

The Sovereign Edition is best suited for service providers that need strict data segregation, either by deploying one platform instance per customer or by instantiating one organization per customer. Dedicated platforms per customer provide physical data separation at the cost of higher management overhead, whereas an organization-based multi tenancy approach is a logical separation method with shared underlying resources, yet easier to manage.