Avi Pulse Services
Other Services Offered
Avi Pulse provides following other services. The service are exposed as first class APIs.
Authentication Service
All Avi Pulse services are protected by authentication service. This service is protected by OAuth 2.0 Authorization Code Flow.
For instance,
-
Assume that you want to access /portal/cases service.
-
Since you are not authenticated you are redirected to authentication service for /portal/login.
-
/portal/login initiates the OAuth 2.0 Authorization Code Flow.
-
You are redirected to the Avi Pulse login page.
-
The identity provider(IdP) sends a callback to Avi Pulse with an authorization code.
-
Avi Pulse authorization code is posted to token endpoint, requesting an access token.
-
If authorization code is valid (not expired or replayed), an access token is issued with associated permissions in the form of scopes.
-
Now the service is accessed with issued access token (adding access token into request header).
-
Each service endpoint validates the access token with OAuth server.
-
If access token is valid or not expired, the service can be accessed.
Note: The credentials are not stored on the Avi Pulse portal.
User Management Service
The user management service manages the life cycle of the user.
-
Only the customer admin can create your account with a valid email ID.
-
The customer admin can assign you any of the following roles (customer admin/customer user):
-
Admin users (customer_admin) — Ability to create and approve new users, view licenses, manage SaaS etc.
-
Application users (customer_users) — Ability to perform CRUD on cases, software downloads, CRS etc.
-
-
You can be part of multiple organization (base organization/alternate organization)
-
A mail is sent to the registered mail, which will prompt you to reset your password.
-
Until password is reset, the account will not be active.
-
On activation, your account can be approved or rejected.
-
The customer admin can disable your account any time.
Software Download Service
Avi Vantage is released with controlled release management process. The artifacts are pushed to AWS S3 Buckets.
-
Once the software is release, it is available to all the customers on Avi Pulse portal.
-
Each release has set of package for release version, for instance, CTRL OVA/ SE OVA and images for public cloud (AWS/ Azure/ GCP/ and so on) and tools.
-
The API is provided with the link to download the packages. The link is pre-signed URL with validity of 1 hour.
Asset Registration Service
The Avi Controller can be registered with Avi Pulse portal as an asset. This automates many support task for the Controller, for instance, Proactive Tech support/ Auto update of CRS/ IP reputation DB sync and so on.
-
The Avi Controller initiates the registration with Avi Pulse portal.
-
/portal/ctrlogin
initiates the OAuth 2.0 web server flow, SF OAuth server sends an authorization code request to the SF authorization endpoint. -
You are redirected to the Avi Pulse login page. The IdP sends a callback to Avi Pulse with an authorization code.
-
Avi Pulse authorization code is posted to token endpoint, requesting an access token.
-
The access token generates the JWT signed token for that Controller by requesting JWT token request to the IdP token endpoint.
-
The JWT token/ access token is securely sent to the Controller.
-
The Controller status is updated to Connected or Not Registered.
-
The Controller initiates the registration workflow. Each Controller is registered with its unique UUID.
-
An asset corresponding to the Controller is created on Pulse SF.
-
The Controller keeps the registered asset ID for subsequent service from Avi Pulse.
Pulse Health Check Service
-
The registered Avi Controller tests the health of Avi Pulse service. The status can be polled or prompted.
-
The Controller triggers an event regularly to poll for Controller’s connectivity and registration status to the customer portal.
-
The Controller can trigger On-demand status for immediate status update.
-
/portal/stat
with query param (specific service status) provides the status of service Availability with Extended Service Metadata.