The following diagram shows the different entities stored. Click on the entity for the physical model used.
Logical datamodel Data is stored in Cosmos DB as JSON documents. In addition we use object database to store the raw objects of business data that org has defined for the application.
Cosmos collections Entities Entity Storage Created by Instance Cosmos DB user/app owner InstanceEvent Cosmos DB user/app owner InstanceData Cosmos DB user/app owner Data Blob storage user/app owner Events PostgreSQL App Applications Cosmos DB app owner See below for details »
Altinn 3 uses serveral features of Azure Monitor.
Monitoring Application Insights is used to monitor different aspects of the platform.
Operations overview The above screenshot shows statistics for different requests.
Application Map This screenshots shows how Application Insights presents how traffic flows between the different applications in the solutions.
Request overview This screenshots show how a request flows through the different applications
End to end transaction This screenshots show how a request flows through the different applications »
Overordnet konsept Altinn tilbyr en platform for utvikling og drift av digitale tjenester.
Hvis tjenestene er av en slik art at sluttbruker (innbygger/næringsliv) skal rapportere inn data så vil disse data i utgangspunktet bli lagret i Altinn.
Tjenesteeier må hente disse mottatte dataene fra Altinns datalager. Dette gjøres ved hjelp av API integrasjon.
Denne guiden beskriver hvordan en slik integrasjon kan settes opp.
Om prosessflyt i applikasjoner En applikasjon utviklet i Altinn studio kan ha forskjellige prosser avhengig av behovet til tjenesteeier. »
Altinn 3 is based on different network components in Azure.
Virtual Network As part of the Altinn 3 platform there is serveral Virtual Networks. Each Kubernetes Cluster have their own Virtual Network.
This increases security and isolates the different org cluster from eacother.
Read more about Azure Virtual Networks.
Azure Loadbalancer In front of every AKS cluster there is a Azure Loadbalancer that load traffic between the different nodes in the AKS cluster. »
Architectural Concerns Architecture Concerns are categories of Non-Functional Requirements (NFRs) of a system that has been important defining this architecture. These are sometimes referred to as cross-cutting concerns or “the -ilities” because most of the words end with “-ility.”
Performance Scalability The platform need to be highly scalable. The traffic in this types of solutions involves a large part of the countries citizens and the traffic is often concentrated around a few dates. »
Each App in Altinn Apps can configure to use one of the pre-configured and approved OIDC providers.
When redirecting the user to Altinn Authentication, by default ID-porten will be presented through Altinn 2 configuration.
If authentication component has configured a specific OIDC provider and the app is configured to use this, the user will be redirected to login. Currently, the only approved OIDC providers in Altinn are FEIDE and UIDP have been approved OIDC providers in Altinn. »
Application Performance Monitoring Some monitoring is done from Azure Portal with help of Azure Monitor Appliation Insight and other tools avaiable.
PasS and & IaaS configuration There are serveral ways PasS and & IaaS resources are configured & managed
Azure Portal Azure CLI Azure mobile app Backup and recoveryAll data created in the different solutions are backed up so it is possible to restore it in case of data loss. »
Operating systems Container Operation Systems All containers are running on Alpine Linux, which includes apps created in Altinn Studio and the Altinn Platform components.
Cloud Platform Orchestrating & Sceduling We use Kubernetes to manage the application containers for the different solutions.
We use Azure Kubernetes Services that is a managed Kubernetes administration in Azure.
Read more about our Kubernetes Clusters.
Service Mesh & Proxy We use Traefik as proxy in Kubernetes and Linkerd as service mesh. »
See below for details of how we have constructed the PEPs and how to configure them.
Standard PEPs Developers should configure security when possible, which is one important principle we follow. Therefore, we have developed some standard policy enforcement points that API developers can use on different API endpoints.
The best way to solve Attribute-based authorization is by using Policy-Based Authorization in ASP.NET Core.
We have created the standard PEPs in the ASP. »
The platform components can be structured in to different areas. The diagram below show the different areas and the platform components involved in Altinn Studio, Altinn Apps and Altinn Platform solutions.
Platform components Download as Visio
Data & Reporting ComponentsData and Reporting Components hold the functionalities to manage data and create business reports.
Integration ComponentsIntegration components are in charge of enabling communications between systems.
Logic Executions ComponentsLogic execution components are in charge of modeling the application behavior, in terms of data processing and flow control, according to the application specifications. »
