The technology stack behind the Terminology Server consists of the following components:
The Terminology Server application
Elasticsearch as the data layer
Optional: Authentication/Authorization service
Either an OpenID Connect/OAuth2.0 compatible external service with JSON Web Token support
Or an LDAP-compliant directory service
Optional: A reverse proxy handling the requests towards the REST API
Outgoing communication from the Terminology Server goes via:
HTTP(s) towards Elasticsearch and to the external OpenID Connect/OAuth2 authorization server
LDAP(s) towards the A&A service
Incoming communication is handled through the HTTP port 8080.
A selected reverse proxy channels all incoming traffic through to the Terminology Server.
Elasticsearch versions supported by each major version of Snow Owl:
The Elasticsearch cluster can either be:
a co-located, single-node, self-hosted cluster
a managed Elasticsearch cluster hosted by elastic.co
Having a co-located Elasticsearch service next to the Terminology Server directly impacts the hardware requirements. See our list of recommended hardware on the next page.
For authorization and authentication, the application supports external OpenID Connect/OAuth2 compatible authorization services (eg. Auth0) and any traditional LDAP Directory Servers. We recommend starting with OpenLDAP and evolving to other solutions later because it is easy to set up and maintain while keeping Snow Owl's user data isolated from any other A&A services.
A reverse proxy, such as NGINX is recommended to be utilized between the Terminology Server and either the intranet or the internet. This will increase security and help with channeling REST API requests appropriately.
With a preconfigured domain name and DNS record, the default installation package can take care of requesting and maintaining the necessary certificates for secure HTTP. See the details of this in the Configuration section.
For simplifying the initial setup process we are shipping the Terminology Server with a default configuration of a co-located Elasticsearch cluster, a pre-populated OpenLDAP server, and an NGINX reverse proxy with the ability to opt-in for an SSL certificate.
Snow Owl 7.x | Snow Owl 8.x | Snow Owl 9.x | |
---|---|---|---|
Elasticsearch 7.x
Elasticsearch 8.x
(deprecated)