Registry analytical reporting subsystem

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Overview

The Registry analytical reporting subsystem visualizes registry data through the dashboards modeled using the Registry regulations modeling subsystem.

Dashboards can contain tables and charts with filters and other data control elements.

To learn more about the processing of analytical requests to registry data, see Processing analytical requests.

2. Subsystem functions

Viewing and configuring dashboards with registry data.
Viewing and analyzing dashboards with registry audit events log data.

The subsystem is built on Redash, an open-source data visualization and exploration tool that enables users to connect to various data sources, query and visualize data, and create interactive dashboards and reports. Redash uses microservice architecture and consists of the following components:

Redash server: The Redash server processes user requests, manages user authentication and authorization, and provides the Redash web interface and administrative API. Users interact with Redash through the web interface, while the regulations and registry deployment subsystems use the API. The Redash server interacts with other services asynchronously using RQ (Redis Queue) to handle requests and receive data.
Queue processors: Redash uses worker processes to handle tasks from the queue asynchronously. Queue processors perform tasks such as querying the data sources, generating query results, and sending query execution updates to the user interface.
- Redash worker: This queue processor handles tasks lined up from the Redash server as a result of user interactions—for example, querying a data source when a user opens a dashboard.
- Redash scheduler: This queue processor handles requests according to a schedule—for example, performing data update tasks for saved requests with a defined schedule.
Redash DB: Redash uses a PostgreSQL relational database as its primary metadata store. The database stores metadata related to users, requests, dashboards, and visualizations. It also stores request results and cached data. Redash services interact with the database to obtain and store the necessary information.
Redis queue: The Redis queue database is an in-memory data store that Redash uses to manage shared query execution locks and distribute tasks between worker processes.

The interaction between these components of the subsystem can be summarized as follows:

When users interact with the Redash web interface, their requests are processed by the Redash server. The server authenticates the user via the Users and roles management subsystem, verifies the request, and interacts with the appropriate services based on the user’s actions.
When a user executes a request, the server receives the request and sends it to the workflow through the Redis queue. A Redash worker accepts the task and executes the request asynchronously while periodically updating the state of the request and sending updates to the UI.
Once the request is processed, the workflow saves the final result, and the server receives it to display to the user.

4. Subsystem components

Component name Registry representation Source Repository Function

Component name	Registry representation	Source	Repository	Function
Redash server	`redash-viewer`	3rd-party	github:/epam/edp-ddm-redash-chart github:/epam/edp-ddm-redash	Providing the Redash web interface and administrative API.
Redash worker	`redash-viewer-adhocworker`	3rd-party	Processing queued tasks.
Redash scheduler	`redash-viewer-scheduler`	3rd-party	Processing scheduled tasks.
Prometheus exporter	`redash-exporter`	3rd-party	Collecting metrics for monitoring and publishing them in the Prometheus format.
Task queue storage	`redash-viewer-redis-master`	3rd-party	Storing the task queue.
Metadata storage	`redash-viewer-postgresql`	3rd-party	Redash metadata storage (requests, dashboards, settings, and so on).

Redash server

redash-viewer

3rd-party

Providing the Redash web interface and administrative API.

Redash worker

redash-viewer-adhocworker

3rd-party

Processing queued tasks.

Redash scheduler

redash-viewer-scheduler

3rd-party

Processing scheduled tasks.

Prometheus exporter

redash-exporter

3rd-party

Collecting metrics for monitoring and publishing them in the Prometheus format.

Task queue storage

redash-viewer-redis-master

3rd-party

Storing the task queue.

Metadata storage

redash-viewer-postgresql

3rd-party

Redash metadata storage (requests, dashboards, settings, and so on).

5. Data sources

Component name

Registry representation

Registry analytical database

analytical:registry

Audit events operational database

operational:audit

6. Technological stack

The following technologies were used when designing and developing the subsystem:

7. Subsystem quality attributes

7.1. Observability

The Registry analytical reporting subsystem supports logging and collecting performance metrics for analysis through the web interfaces of respective Platform subsystems.

For details on the subsystem design, see:

7.2. Security

The Registry analytical reporting subsystem is divided into a user interface and an administrative interface with additional network protection, promoting secure management of the subsystem and reducing the attack surface.

Authentication and authorization are centrally managed by the Users and roles management subsystem.

By default, users are granted the minimal privileges necessary to perform the assigned tasks. The subsystem also restricts access to dashboards and data sources based on the role model. This way, the user can see only those dashboards and data from only those sources that their role allows.

A multi-level network protection system is used between subsystem components, and the components themselves are constantly scanned for known vulnerabilities.