JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

1 of 2

Airflow

scheduler

Rabbitmq

server

standard postgres

hive

data

store

Ingest API

Airflow

Celery

globus

Ingest

UI

other services

entities

Hubmap Auth Pattern

Hubmap

plugin

Airflow

UI

postgres

db

Globus file

transfer infrastructure

read & write

directory creation

read &

write

token

all hive

all AWS

all AWS

token

identity

request

(Gateway)

Nginx reverse proxy

Ref Zhou at Pitt

Access by bearer token fm Globus

user access

via http

= always dockerized

rabbitmq

Http

logs

2 of 2

Notes:

The dockerized services do not need to be run as root. Membership in the ‘docker’ group is sufficient.
The gateway is a service like everything else. It just simplifies the diagram to show it as a boundary; in fact it could proxy more of the services (including those on HIVE) if we wanted.
The gateway can also provide load balancing for the proxied services if we need it.