added preliminary architecture

# Sandbox Architecture

> **This section is Work-In-Progress and contains the preliminary MEC Sandbox Architecture**

This section defines the MEC Sandbox _architecture concepts_ and high-level representation of the _static & dynamic models_

## Architecture Concepts

#### Assumptions & Prerequisites

MEC Sandbox...

- is based on AdvantEDGE open-source project and re-uses several components

- uses Dockers container technology & Kubernetes for orchestration

- can run on a single node or a multi-node cluster

- can be deployed in a VM

- is implemented using micro-services

- OS is Ubuntu

#### Conceptual Architecture

![concept.png](concept.png)

MEC Sandbox Backend is composed of two main components:

- _Core Platform_ (single instance - always present)

  - this is the main portal of MEC Sandbox & provides the user sandboxes control plane

- _User Sandbox Instances_ (0+ instances)

  - these are the user's private area for experimenting with MEC Services

MEC Sandbox Frontend:

- MEC Sandbox Web-Application

  - this is the main user interface to the MEC Sandbox

  - it allows a user to control/configure its own sandbox

  - it allows a user to observe/experiment with MEC APIs present in the user sandbox

  - See [Sandbox-User-Interface](../sandbox-user-interface/README.md) for details on the Web-Application

- User's Edge Application

  - this is for developers that want to integrate their edge application with a MEC API to experiment & learn

#### Core Platform

A common web-application used by a set of users to instantiate User-Sandbox(es)

- Portal Backend are micro-services (Dockers containers)

- Portal Frontend is a Single Page Application (SPA)

- Cardinality

  - Typically a single global portal

  - Multiple independent instances possible (ex. development vs production portal)

- Security & privacy

  - MEC Sandbox runs behind a firewall with port 443 (HTTPS) opened

  - HTTPS requests are directed to an Ingress Controller

  - Only valid request are routed to the appropriate micro-service

  - HTTPS terminated at the ingress controller

- Backend

  - Backend is divided into a Control plane and a User plane

    - Controls plane for controlling user sandboxes lifecycle

    - User plane for routing user specific traffic to its sandbox

  - Each user-sandbox is associated to a dynamically generated UUID for:

    - naming user-namespace

    - creating user specific ingress paths (ex: `.../<uuid>/location/...` )

#### User Sandbox

A scenario area reserved for a specific user to experiment with MEC Services

- Cardinality

  - Typically a single user-sandbox per user

  - Multiple user-sandboxes may be allowed for super-users/developers/etc.

Backend

Composed of MEC services and some scenario control micro-services

## Dynamic View

#### Sandbox usage flow

![dynamic.png](dynamic.png)

**1- User opens MEC Sandbox Portal in a browser**<br>

_Note: MEC Sandbox is a Single Page Application (SPA)_

- Un-authenticated user

  - can view generic details about MEC Sandbox

  - can authenticate

- Authenticated user

  - can view generic details about MEC Sandbox

  - can view & interact with his User Sandbox

  - can logout

**2- Sandbox instantiation**<br>

- on user successful sign in, portal backend creates user sandbox

  - generates a UUID token

  - creates namespace

  - deploys sandbox backend micro-services & resources

  - opens ingress controller path for user sandbox

**3- Sandbox API gets enabled in SPA**

- sandbox info is relayed back to SPA

  - enables the user-sandbox tab in SPA

  - configures user-sandbox info in SPA

**4- User configures user-sandbox**<br>

- using the browser, user can

  - configure network & UEs

  - observe scenario on a map

  - use Swagger type API to manually exercise APIs

  - observe API requests/responses

  - observe API notifications

- user has API information to configure own edge app.

**5- User uses user-sandbox**

- using the browser - see 4

- using user's own edge application, user can

  - query MEC APIs

  - observe responses/notifications from MEC application<br>

  _Note: query/responses/notifications also avail. in browser_

**6- User terminates user sandbox by signing out**

## Static View

![static.png](static.png)

#### Core Platform micro-services

- **Cluster Wide Subsystem**

  - Nginx Ingress-controller

    - Routes incomming HTTPS request to the correct micro-service (L7 HTTP router)

  - Docker registry

    - image registry for the cluster

- **Platform Control Subsystem**

  - Platform controller

    - Platform control plane for user-sandbox lifecycle management

  - Redis

    - In-memory data store

    - Micro-service communications

  - CouchDB

    - Document store

- **Virtualization Subsystem**

  - Creation/destruction of Sandbox elements

- **Monitoring Subsystem**

  - Platform & Sandbox state monitoring

  - Stale user-sandboxes scraping

- **Metrics Subsystem**

  - InfluxDB metrics collection

  - Grafana visualization

- **GIS Subsystem**

  - Map data

  - Geo-spatial calculations & DB

#### User Sandbox micro-services

- **Sandbox controller**

  - Sandbox control plane

- **GIS Engine**

  - Controls run-time GIS aspects of sandbox

- **MEC Services**

  - User location/mobility events/RSSI/etc.

  - MEC Services - Location / RNIS / BWM / etc.