Logical Architecture

Portal
Enterprise Server
Server
Inter Component Communication and Authentication
Administration Roles

 

WebsitePanel is a distributed web-based application and it consists of three components working together:

  • WebsitePanel Portal
  • WebsitePanel Enterprise Server
  • Control Panel Server

All three components are web applications that must be hosted in IIS 6 or higher, the application pool must run version .NET 4.0.

Portal

WebsitePanel Portal is a “user interface” (or presentation layer) part of Control Panel. It is ASP.NET application that does not contain any business logic at all, but it talks to WebsitePanel Enterprise Server via SOAP to perform various operations. Every visual form, any button click invokes appropriate web service at Enterprise Server side.

WebsitePanel Portal web application is accessible to external consumers and works in IIS application pool with “weak” identity.

WebsitePanel Portal allows to deploy any number of WebsitePanel Portals connected to the same WebsitePanel Enterprise Server.

Enterprise Server

WebsitePanel Enterprise Server is the most important WebsitePanel component that comprises all the business logic of the application. Enterprise Server uses SQL Server database to store its internal data like user accounts, hosting plans, info about hosted resources, service settings, etc.

Absolutely every operation in WebsitePanel is available as an XML web service, so those web services could be used for integration with 3rd-party applications. It’s possible to access WebsitePanel Enterprise Server practically from any programming environment like .NET, PHP, Java or Perl.

To manage hosting environment (Create an organization, create a user, create a mailbox, etc.) Enterprise Server communicates to WebsitePanel Server using XML web services.

Enterprise Server is a non-visual web application (no web forms exposed, only web services) and usually it’s available only to computers in your hosting environment (web site listens internal IP addresses only or “loop-back” 127.0.0.1). Enterprise Server application pool works under “weak” identity.

A typical implementation will have a single active enterprise server. The ability is there to have redundant enterprise servers available but request are not load balanced over multiple active servers.

Server

WebsitePanel Server is non-visual web application performing low-level management operations (create user objects, create a mailbox object. working with files/folders and their permissions, working with mail and databases, working with IIS, etc.) on the target server(s).

WebsitePanel Server could be considered as remote “Server Agent” and it must be installed on every server in the hosting environment that needed to be managed in control panel. WebsitePanel Server runs in the application pool with administrative privileges, i.e. its application pool’s identity must be a member of local “Administrators” group or “Domain Admins” group and member of those groups with the highest privileges if the specific application applies RBAC such as Exchange 2010 ,OCS 2007 R2 or Lync Server 2010

Depending on the service characteristics redundant “Servers” can be assigned to service and process request in case a primary server is not available.

Inter component communication and authentication

The following table provides the different inter component communications that take place, the authentication mechanism applied and encryption abilities

Communication Authentication SSL
End user -> Portal Forms based authentication where authentication takes place against the WebsitePanel SQL Server based data repository. Yes, through a public certificate
Portal -> Enterprise Server Windows based authentication based on pool identity of portal. Ability to restrict access through enterprise server web.config Yes, through either internal or external certificate
Enterprise Server -> SQL Server SQL Authentication, credentials stored in enterprise server web.config Yes, as per SQL server encryption capabilities
Enterprise Server -> Server Windows based authentication based on pool identity of enterprise server. Ability to restrict access through server web.config Yes, through either internal or external certificate

 

Administration roles

The Control Panel solution does distinguish between the following administrative roles:

Role Description
Platform Admin Ability to manage reseller and their organization. Ability to make platform influencing changes to the platform
Reseller Admin Ability to manage their organizations. Ability to manage only those platform aspects that will not affect other resellers
Customer Service Representative Ability to view reseller organization and their customers. Ability to provision and de-provision customers, and reset passwords of customers
Organization/Customer Admin Ability to manage his own hosting space only for those components that will not affect other customers or the platform

 

The administrative roles are only active within the portal application, the caller context or request maker context as such is not propagated into the enterprise server component. This aspect limits the possibility to host and isolate multiple resellers, the intention is to propagate the caller context or request maker in next iterations of the solution.