Environment Overview
Understanding the components, and the communication between the components of the Spotfire environment is key to understanding how to build a more secure environment.
- The
Spotfire Server
is the central component of the
Spotfire
environment, to which all
Spotfire
clients connect. From a
Spotfire Server
start page, entities in the
Spotfire
environment can be configured and monitored.
For more information about the Spotfire Server, see its documentation.
- Multiple nodes are installed
and connected to
Spotfire Server.
The
Spotfire Web Player
service,
Spotfire Automation Services,
the Spotfire Enterprise Runtime for R – Server Edition, Spotfire Service for R,
and Spotfire Service for Python can be installed on nodes to enable the use of
Spotfire
web clients, running
Spotfire Automation Services
jobs, and running data functions and scripts.
For more information about the components installed on nodes, see their help:
- Node manager (installation and configuration in Spotfire® Server and Environment Installation and Administration)
- Spotfire® Web Player (service installation and configuration in Spotfire® Server and Environment Installation and Administration)
- Spotfire® Automation Services (service installation and configuration in Spotfire® Server and Environment Installation and Administration)
- Spotfire® Enterprise Runtime for R - Server Edition (a/k/a the TERR™ service)
- Spotfire® Service for R
- Spotfire® Service for Python
- The server is connected to a Spotfire database that contains a user directory and stores analyses and configuration files. For more information, see its documentation.
- After the node is installed,
the node performs a join request to a specific, unencrypted
Spotfire Server
HTTP port that handles only registration requests. The node remains untrusted
until the administrator approves the request by trusting the node. The
Spotfire Server
start page provides the tools to add nodes to the environment by explicitly
trusting them, thereby issuing the certificates. When the node receives its
certificate, it can send encrypted communication over the HTTPS/TLS ports, and
with this, the node can start to send more than registration requests.
The secured back-end communication is based on certificates. After an administrator has approved the new server or node, the certificates are issued automatically. Without a certificate, a server or a service on a node cannot make requests to, or receive requests from, other entities, except for when requiring a certificate. For more information, see Ports and firewall configuration in Spotfire® Server and Environment Installation and Administration.
This diagram shows all of these components, as well as how data flows and network protocols are used in a typical Spotfire environment.