IBM AD High-Level Architecture Overview

Following is a brief description of the relationships among the different components of IBM AD.

IBM AD Configuration Server - ensures the consistency of the installation parameters throughout an installation and allows the system administrator to manage user access to workspaces.

IBM AD Build - uses data from mainframe systems to build projects. It uses project sources that are brought from z/OS®®, performs a compilation/build process and stores the analysis data to the repository.

IBM AD Validation Service - works with ChangeMan SCM only. Provides coding rule enforcement via synchronization with ChangeMan and upon member staging.

IBM AD Batch Server - imports data from the relational database repository into the GraphDB (OrientDB) repository, automates processes such as report generation and indexing, and manages the creation of the annotations database.

IBM AD Analyze Client - runs over Eclipse or IDz and provides project analysis via graphs reports and usage views. When the analyzed application sources are coming from Endevor, it allows viewing source code per user based on Endevor permissions that are checked via z/OS Explorer/CARMA interface.

IBM AD Mainframe Projects - authorizes the access to the AD projects, by using SSO authentication within AD. This service is mandatory to be configured to use AD, whether the authentication feature is in place or not.

IBM AD File Service - in the context of the authorization/authentication, the access rights of users or users' groups are mapped to a certain folder that contains the source files. Once authenticated and authorized, the user can start the analysis on the source files as long as the user has read access rights.

IBM AD Search Service - is responsible with the access to the indexed data. Whether the authentication feature is in place or not, the folder path in which the indexes are generated needs to be accessible for both IBM AD Batch Server and IBM AD Search Service.

IBM AD Manual Resolutions Service - manages the manually added resolutions and allows clients that use SSO authentication within AD to ask for user authentication to access these resolutions. This service is mandatory to be configured if you want to use callgraph-based analyzes (graphs or reports), whether authentication feature is in place or not.

Authentication Server (DEX) - is an identity service that uses OpenID Connect and supports OAuth2 protocol in order to allow clients to use SSO authentication within AD. With the credentials provided by the user, it interrogates a Secure Storage, through the LDAP protocol. The Secure Storage can be an Active Directory or any other entity that stores users and groups and can communicate through LDAP. This service is mandatory to be installed and configured only when authentication feature is in place.

IBM AD Cross Applications Service - is mandatory to be configured if you want to generate a Cross Applications Callgraph, whether the authentication feature is in place or not.

Batch Web Service - serves the data that is provided by a component of the Batch Server and prepares it for delivery.

IBM AD Web Services - contains the following features: AD Admin, AD Audit, AD Catalog, AD Annotations, AD Callchain and AD Wazi Analyze REST API.