|
| 1 | +Application architecture |
| 2 | +========================= |
| 3 | + |
| 4 | +Mattermost is an open-source collaboration platform that offers secure messaging, file sharing, and integrations for team communication. It is self-hosted, providing IT admins full control over data, security, integrations, and customization. The platform is built with modular components to ensure scalability, flexibility, and extensibility. |
| 5 | + |
| 6 | +.. image:: ../images/network-diagram.svg |
| 7 | + :alt: Mattermost network diagram shows how the components can be deployed. Includes optional configurations for scaling for larger enterprise organizations. |
| 8 | + :class: bg-white |
| 9 | + |
| 10 | +Workflow overview |
| 11 | +----------------- |
| 12 | + |
| 13 | +Users connect through various access points (web, mobile, desktop, email). Their requests are processed by the application layer (Mattermost Server), which manages API communications, authentication, notifications, and data workflows. |
| 14 | + |
| 15 | +The backend infrastructure supports these operations by storing all data and files in well-architected storage systems. |
| 16 | + |
| 17 | +Extendability and security layers ensure that the platform integrates seamlessly with enterprise systems while protecting sensitive data. |
| 18 | + |
| 19 | +Core components |
| 20 | +---------------- |
| 21 | + |
| 22 | +The technical architecture revolves around three main layers: `Access layer <#access-layer>`__, `Application layer <#application-layer>`__, and `Backend infrastructure <#backend-infrastructure>`__. |
| 23 | + |
| 24 | +Access layer |
| 25 | +~~~~~~~~~~~~ |
| 26 | + |
| 27 | +The Access layer includes all the ways users interact with Mattermost, including: |
| 28 | + |
| 29 | +- **Web Interface**: Users can access Mattermost through a web browser (Chrome, Firefox, Safari, Edge). The web client communicates with the Mattermost server over HTTPS protocols. |
| 30 | +- Desktop and Mobile Apps: Native apps for iOS, Android, macOS, Windows, and Linux provide seamless functionality across devices. These apps rely on secure APIs to interact with the server for real-time messaging and updates. |
| 31 | +- **Email Interaction**: Support for email clients like Outlook, Gmail, or Thunderbird enables integration of email notifications (e.g., new message alerts, invitations) into users' typical workflows. The Access Layer ensures that users are always connected via platforms of their choice while maintaining secure, synchronized communication paths. |
| 32 | + |
| 33 | +Application layer |
| 34 | +~~~~~~~~~~~~~~~~~ |
| 35 | + |
| 36 | +The Mattermost Server is the heart of the platform and responsible for processing all user and system operations. It is composed of multiple modular elements: |
| 37 | + |
| 38 | +**RESTful JSON Web Service** |
| 39 | +Handles all incoming API requests (from web clients, apps, and integrations) and ensures that responses are formatted in JSON. Acts as the communication bridge between the clients (Access Layer) and backend systems. |
| 40 | + |
| 41 | +**Authentication client** |
| 42 | +Manages user authentication, ensuring secure login sessions. Integrates with traditional username/password-based authentication or enterprise-grade solutions like SSO (Single Sign-On) through Active Directory/LDAP. |
| 43 | + |
| 44 | +**Authentication Provider** |
| 45 | +Provides pluggable authentication frameworks to support OAuth, SSO, and third-party identity services. Particularly important for enterprise environments with centralized identity management. |
| 46 | + |
| 47 | +**Notification Service** |
| 48 | + |
| 49 | +Sends notifications through supported mediums: |
| 50 | + |
| 51 | +- Push Notifications: Real-time notifications to iOS and Android devices (via a Push Notification Service). |
| 52 | +- Email Notifications: Delivered to users when they are offline or need event alerts. |
| 53 | + |
| 54 | +**Data Management Service** |
| 55 | +Responsible for managing message data, metadata, user profiles, and logs. Ensures the integrity of data passed between the database and the server. This layer serves as the operational core of the platform, orchestrating user activities with data handling and integration capabilities. |
| 56 | + |
| 57 | +Backend Infrastructure |
| 58 | +~~~~~~~~~~~~~~~~~~~~~~ |
| 59 | + |
| 60 | +The backend infrastructure provides the storage and data handling capabilities required for Mattermost operations. It consists of the following components: |
| 61 | + |
| 62 | +**Database Systems** |
| 63 | + |
| 64 | +Mattermost uses PostgreSQL as its primary database (supports Amazon RDS for cloud-hosted PostgreSQL) to store all persistent data, such as: |
| 65 | + |
| 66 | +- Messages |
| 67 | +- User accounts and credentials |
| 68 | +- Configuration settings |
| 69 | +- Team/channel metadata |
| 70 | + |
| 71 | +**File Storage** |
| 72 | + |
| 73 | +Manages all multimedia assets (e.g., file uploads, images, videos) shared across channels. Storage solutions include: |
| 74 | + |
| 75 | +- **Local Storage**: Files stored directly on the server’s filesystem. |
| 76 | +- **Network Attached Storage (NAS)**: Common for enterprises centralizing file storage within their network. |
| 77 | +- **S3**: Offers cloud-based scalable storage for larger environments or organizations with distributed deployments. The database and file storage handle scalability, ensuring efficient support for millions of messages and files while guaranteeing data consistency. |
| 78 | + |
| 79 | +**System Extensions** |
| 80 | + |
| 81 | +Mattermost is not only a collaboration tool but also a platform designed for extensibility. Key extensibility features include: |
| 82 | + |
| 83 | +**Self-Hosted Integrations** |
| 84 | + |
| 85 | +Connect Mattermost to other local or cloud-based systems like Jira, GitLab, or any custom integrations your team needs. Leverage built-in APIs and webhooks to automate workflows and trigger system-to-system communications. |
| 86 | + |
| 87 | +**Third-Party Authentication** |
| 88 | +Bind integrations to third-party platforms (e.g., Slack-importing APIs, OAuth services). Third-party identity services ensure consistent and secure user access flows. |
| 89 | + |
| 90 | +**Security and Scalability Features** |
| 91 | +Security and scalability are baked into the architecture, making Mattermost ideal for enterprise use cases: |
| 92 | + |
| 93 | +**Security** |
| 94 | + |
| 95 | +- A reverse proxy like NGINX or a hardware proxy is deployed to manage external traffic. It protects servers, enforces HTTPS, and handles load balancing. |
| 96 | +- Configurable SSL/TLS encryption ensures data security during transmission. |
| 97 | +- Granular user permissions and roles secure sensitive information within teams. |
| 98 | + |
| 99 | +**Scalability** |
| 100 | + |
| 101 | +The Enterprise Edition supports deploying multiple Mattermost servers in a clustered environment to balance user requests across multiple servers for reliability and performance in large organizations. |
| 102 | + |
| 103 | +**Notifications and communication services** |
| 104 | +Mattermost supports asynchronous and real-time communication, enhanced by notification systems tailored for different workflows: |
| 105 | + |
| 106 | +- **Push Notifications**: Delivered to mobile devices for message alerts or mentions. |
| 107 | +- **Email Integration**: Provides regular notifications when users are offline or inactive. |
| 108 | + |
| 109 | +These services ensure continuous engagement and communication. |
0 commit comments