github.com/treeverse/lakefs@v1.24.1-0.20240520134607-95648127bfb0/docs/understand/enterprise/architecture.md

github.com/treeverse/lakefs@v1.24.1-0.20240520134607-95648127bfb0/docs/understand/enterprise/architecture.md (about)

     1  ---
     2  title: Enterprise Architecture
     3  description: Understand  lakeFS Enterprise Architecture
     4  parent: lakeFS Enterprise
     5  grand_parent: Understanding lakeFS
     6  ---
     7  
     8  # Architecture
     9  
    10  ![img.png](../../assets/img/enterprise/enterprise-arch.png)
    11  
    12  [1] Any user request to lakeFS via Browser or Programmatic access (SDK, HTTP
    13  API, lakectl).
    14  
    15  [2] Reverse Proxy (e.g. NGINX, Traefik, K8S Ingress): will handle user requests
    16  and proxy between lakeFS server and fluffy server based on the path prefix
    17  while maintaining the same host.
    18  
    19  [3] lakeFS server - the main lakeFS service.
    20  
    21  [4] fluffy server - service that is responsible for the Enterprise features.,
    22  it is separated by ports for security reasons.
    23  
    24  1. SSO auth (i.e Browser login via Azure AD, Okta, Auth0), default port 8000.
    25  1. RBAC authorization, default port 9000.
    26  
    27  [5] The [KV Store]({% link understand/architecture.md %}) - Where metadata is stored used both by lakeFS and fluffy.
    28  
    29  [6] SSO IdP - Identity provider (e.g. Azure AD, Okta, JumpCloud). fluffy
    30  implements SAML and Oauth2 protocols.
    31  
    32  
    33  For more details and pricing, please [contact sales](https://lakefs.io/contact-sales/).
    34  
    35  
    36  **Note:** Setting up lakeFS enterprise with an SSO IdP (OIDC, SAML or LDAP) requires
    37  configuring access from the IdP too.
    38  {: .note }