Hello,


I recently read this article and was wondering if anyone can provide a more elaborate explanation regarding the Limitations.


1. "System Components are deployed to the default deployment zone. Use the internal network configuration to limit the access to Service Center and LifeTime (available in Service Center in Administration > Security > Network Security)."

Does this mean that it would be difficult for servers outside of default deployment zone to access System Components or does this simply imply that it is imperative for developers to enable access of System Components to the external deployment zone and at the same time limit the access to LifeTime and ServiceCenter?


2. "Timers and Emails of a module are only available in the servers of the deployment zone where the module was deployed to."

Will this create a difficulty in sync-ing Timers and Emails to servers outside of said deployment zone? If not, how does this limit development process in general?


I would appreciate explanations to the other two as well for further clarifications!



Best Regards,


Yosua

Hi Yosua,


1. "System Components are deployed to the default deployment zone. Use the internal network configuration to limit the access to Service Center and LifeTime (available in Service Center in Administration > Security > Network Security)."

The default deployment zone is normally the Global zone. This zone includes all servers. So let’s say you have two front end servers who can be accessed via Internet and two back end servers who are supposed to be accessed only from your internal network. This way Service Center will be also accessible from the Internet if its deployed to the Global zone (since it includes all the servers). 

Service Center has by default the Internal Access Only property enabled. But we need to let the Platform know how our Internal Network setup looks like in order for it to apply this property. Therefore we need to define the Internal Network settings in Service Center in which we set a range of Internal IP addresses from which Service Center maybe be accessed.

2. "Timers and Emails of a module are only available in the servers of the deployment zone where the module was deployed to."

Let’s say we have an Internal zone with two back end servers and a Public zone with two front end servers. If we would deploy a module to the Public zone and this module consumes a timer or email from another module that is deployed to the Internal zone, the two front end servers (from the Public zone) do not have access to the email or timer (since they are not available in the same zone).
The front ends would only have access to the email and timer if they would be available in the same module that was deployed to the Public zone.


I hope this helps you understand the limitation.


Regards,

Nordin


Hi Yosua,

This is my understanding of Deployment Zones as they are implemented in OutSystems, but I will try and reach out to the team at OutSystems to have them provide their insight here as well.

When you set up a deployment zone, you're basically telling the OutSystems platform which modules should be deployed to the IIS on the servers of that deployment zone (so their screens can be accessed via a browser or their web services exposed).

Any module that is referenced by your modules will still be compiled and installed on the servers, but not deployed to IIS (so its functionality can be used internally by the modules on that zone, but no screens or web services will be exposed).

1) Regarding System Components being deployed to the Default Deployment Zone, that would mean that for instance the Users application UI would only be available on servers on the Default Deployment Zone, but the Login logic would still be usable by modules not on the Default Deployment Zone.

Service Center needs to be installed on all servers of the environment (and likely LifeTime as well), so in order to restrict access to the UI, you can configure the Internal Network configuration (both applications have their UI Flows configured with Internal Access Only)

2) Timers and Emails are internally implemented via Web Services, which means that if a module isn't deployed they will not expose the web services needed.

Thanks for the more technical explanation Jorge :).

I would love for the OutSystems team to join this discussion and give us their take on deployment zones!

Regards,

Nordin

Hello to you all,


Thank you for the answers, they had helped clarify some things that I felt was still ambiguous after reading the article. If you don't mind, I will be keeping the thread alive if anyone wants to chime in further.



Cheers,


Yosua