Skip to content

Agent Flow

Enrollment

sequenceDiagram

box On-Premise
  actor user as User
  participant mercury as Agent
end

box rgb(250,240,230) STREAM Cloud
  participant customer_ui as Customer UI
  participant nexus as Nexus
  participant solaris as Solaris
  participant db as Database
  participant kms as Vault
end

user ->> customer_ui: Create Adapter
customer_ui ->> solaris: POST /api/v2/tenant/adapters
solaris ->> db: Create Adapter
db -->> solaris:
solaris -->> customer_ui: Success
customer_ui -->> user: Success

user ->> customer_ui: Create Enrollment Token
customer_ui ->> solaris: POST /api/v2/tenant/adapters/:id/enroll
solaris ->> db: Create Enrollment
db -->> solaris:
solaris -->> customer_ui: Return enrollment token
customer_ui -->> user: Return enrollment token

user ->> mercury: Run enrollment command
activate mercury
mercury <<->> user: Prompt for enrollment token
mercury ->> mercury: Generate keys
mercury ->> nexus: Call Enrollment RPC
activate nexus
nexus ->> solaris: Forward Enrollment call
activate solaris
solaris ->> kms: Store private cloud keys
kms -->> solaris:
solaris ->> db: Create AdapterIdentity
db -->> solaris:
solaris ->> nexus: Return enrollment result
deactivate solaris
nexus ->> mercury: Return enrollment result
deactivate nexus
mercury ->> mercury: Store identity
mercury -->> user: Enrollment successful
deactivate mercury

Config update

sequenceDiagram

box On-Premise
  participant mercury as Agent
  actor user as User
end

box STREAM Cloud
  participant customer_ui as Customer UI
  participant solaris as Solaris
  participant kms as Vault
  participant db as Database
  participant nats as Message Broker
  participant nexus as Nexus
end

user ->> customer_ui: Update agent configuration
customer_ui ->> solaris: POST /api/v2/tenant/adapters/:id/plugins
activate solaris
solaris ->> kms: Get encryption keys (per org)
activate kms
kms -->> solaris: Return keys
deactivate kms
solaris ->> solaris: Encrypt plugin configs
solaris ->> db: Store configs
activate db
db -->> solaris: Return row
deactivate db
solaris--)nats: Publish update message (tunnel.outbound)
solaris -->> customer_ui: Success
deactivate solaris
customer_ui -->> user: Success
nats --) nexus: Notify about update
activate nexus
nexus ->> nexus: Retrieve Adapter session
nexus ->> nexus: Sign and encrypt payload
nexus ->> mercury: Send message to Adapter Stream
deactivate nexus
activate mercury
mercury ->> mercury: Decrypt and verify
mercury ->> mercury: Store and apply config
deactivate mercury

Normal Operation

Use case: Send data from STREAM SaaS to external system

In this use case, some action (e.g. new order request) in the cloud requires us to push data to an external system that is located on the premises of the customer.

sequenceDiagram

box STREAM Cloud
  participant solaris as Solaris
  participant db as Database
  participant nats as Message Broker
  participant nexus as Nexus
end

box On-Premise
  participant mercury as Agent
  participant external as External System
end

solaris ->> db: Fetch required data
activate solaris
db -->> solaris: Return rows
solaris --) nats: Publish update message
deactivate solaris
nats --) nexus: Notify about update
activate nexus
nexus ->> nexus: Retrieve adapter session
nexus ->> nexus: Sign and encrypt payload
nexus ->> mercury: Send message to Adapter Stream
deactivate nexus
activate mercury
mercury ->> mercury: Decrypt and verify
mercury ->> mercury: Send message to relevant plugin
mercury ->> mercury: Convert data to external system format
mercury ->> external: Send data
deactivate mercury

Use case: External system wants to send data to STREAM SaaS

In this use case, an external system wants to send our cloud some data (e.g. product sync, etc.)

sequenceDiagram

box On-Premise
  participant external as External System
  participant mercury as Agent
end

box STREAM Cloud
  participant nexus as Nexus
  participant nats as Message Broker
  participant solaris as Solaris
  participant db as Database
end

external ->> mercury: Send data
activate mercury
mercury ->> mercury: Convert data from external system format
mercury ->> mercury: Sign and encrypt
mercury ->> mercury: Send message to tunnel
mercury ->> nexus: Send message to Adapter Stream
deactivate mercury
activate nexus
nexus ->> nexus: Retrieve adapter session
nexus ->> nexus: Decrypt and verify
nexus --) nats: Publish message
deactivate nexus
nats --) solaris: Notify about message
activate solaris
solaris ->> db: Store data
db -->> solaris: Return rows
deactivate solaris