Docs
Advanced Topics

Core Concepts

Master the fundamental concepts and architecture patterns of dxflow for effective distributed computing

Understanding these core concepts and architecture patterns will help you leverage dxflow's full potential for distributed computing and workflow orchestration.

Architecture Overview

dxflow is designed as a powerful and flexible workflow engine built with a modular architecture that enables seamless orchestration of data and compute workflows across heterogeneous computing environments.

Architecture Philosophy: dxflow follows a "compute-first" design where the engine runs close to your workloads, eliminating data movement bottlenecks and reducing operational complexity. The modular design enables clean separation between CLI tools, business logic, and platform-specific implementations.

Layered Architecture

dxflow follows a layered, modular architecture designed for flexibility and scalability:

Infrastructure Layer

Physical or virtual machines, cloud instances, edge devices

Engine Layer

The dxflow daemon providing core services and APIs

Runtime Layer

Docker, Kubernetes, Slurm, or other orchestration platforms

Application Layer

Your actual workloads, models, and data processing pipelines

This layered approach allows dxflow to integrate seamlessly with existing infrastructure while providing a consistent interface across diverse environments.

Key Capabilities

Core Features

Workflow Management

Create and manage complex Docker Compose workflows with real-time monitoring

Shell Operations

Interactive shell management with platform-specific implementations

Object Storage

File system operations including upload, download, zip/unzip capabilities

Network Bridge

Bridge system for container connectivity with WebSocket tunneling

Advanced Features

FeatureDescriptionUse Case
Proxy ManagementEnhanced TCP proxy with subdomain allocation and TLS supportMulti-tenant platforms
JWT AuthenticationToken-based authentication with RSA key managementSecure API access
Self-UpdateBuilt-in update capability from GitHub releasesZero-downtime updates
Embedded AssetsWeb UI and docs embedded using afero filesystemSingle binary deployment
Flexible LicensingBuild-time configuration support for different license typesEnterprise deployments

Deployment Patterns

dxflow supports two primary deployment patterns, each optimized for different use cases and organizational needs:

Node-Embedded

Direct Integration

Every compute node runs its own dxflow engine with no additional control layer between infrastructure and schedulers.

Best For:

  • High-performance computing clusters
  • Edge computing deployments
  • Minimal operational overhead scenarios
  • Maximum performance requirements

Federated Master

Centralized Orchestration

A master dxflow instance coordinates a fleet of engine agents across multiple nodes and environments.

Best For:

  • Multi-cloud deployments
  • Complex workflow orchestration
  • Centralized monitoring and control
  • Enterprise governance requirements
Performance: The most common and recommended deployment pattern is Node-Embedded, offering the lowest latency and highest throughput by eliminating network hops between the engine and compute resources.

Node-Embedded Deployment

The Node-Embedded pattern places a dxflow engine directly on every compute target—whether it's an EC2 spot instance, an on-premises Slurm node, or a Docker container on a lab workstation.

Key Characteristics

Ultra-Fast Bootstrap

  • ≤ 2 Second Startup: Engine boots and registers instantly
  • Automatic Registration: RSA key-pair authentication setup
  • Zero Configuration: Works out-of-the-box with sensible defaults

Uniform Endpoints

  • Consistent APIs: Same interface across all node types
  • Standard Ports: Predictable networking and discovery
  • Auto-Discovery: Engines announce themselves to the fleet

Integration with Schedulers

Because the runtime is embedded at the node level, dxflow cohabits peacefully with any resource scheduler already present:

  • Slurm / PBS / LSF: The prolog script starts dxflow when a job allocation begins
  • Kubernetes / Nomad: Deploy the agent as a DaemonSet or side-car
  • Docker Compose / Podman: Include the dxflow container in the same docker-compose.yml
  • Spark / Ray / AWS Batch: Each executor or EC2 instance bundles the agent via user-data

This design mirrors the side-car model popularised by Dapr: place a lightweight process next to every workload to provide cross-cutting capabilities.

Federated Master Deployment

In the federated master deployment, a single dxflow instance acts as a control plane for the entire fleet of compute nodes. This master instance orchestrates the dxflow agents running on each node or container, providing a centralized interface for managing and monitoring computational tasks.

Core Components

Engine

The dxflow engine is the heart of each compute node, providing:

  • Lifecycle Control: dxflow boot up/down for engine management
  • Health Monitoring: Built-in healthcheck and status reporting
  • Configuration: Flexible config profiles for different environments
  • Daemon Mode: Background operation with system integration

Unified Interface Components

Regardless of deployment pattern, every dxflow engine provides a consistent set of interfaces:

  • Programmatic Access: Full automation and integration capabilities
  • Language Agnostic: Compatible with any programming language
  • Real-time Communication: WebSocket support for live updates
  • OpenAPI Specification: Complete documentation and client generation

Access Points

Each engine immediately exposes multiple access methods:

API

http://localhost:<port>/api  REST

CLI

dxflow <cmd> local CLI passthrough

Console

http://localhost:<port>/console  web console

Workflows

Workflows are containerized applications managed through industry-standard Docker Compose:

Key Features

  • Docker Compose Integration: Use your existing compose files
  • Lifecycle Management: Full control over container states
  • Resource Constraints: CPU, memory, and GPU limits
  • Network Management: Custom networks and port mappings
  • Volume Handling: Persistent data and bind mounts
  • Multi-container Coordination: Complex application stacks

Shell Sessions

Secure, interactive terminal access for debugging and administration:

Shell sessions provide full terminal capabilities with proper TTY support, making them ideal for interactive debugging and system administration.

Session Features:

  • Multi-session Support: Create and manage multiple concurrent shells
  • Cross-platform Compatibility: Consistent experience on Linux, macOS, and Windows
  • Session Persistence: Long-running sessions survive network disconnections
  • Secure Access: Authentication-protected with audit logging

Common Use Cases:

# System debugging
dxflow shell create debug-session
dxflow shell connect debug-session

# Interactive development
dxflow shell create dev-environment
# Install dependencies, test code, debug issues

Object Storage (File System)

Integrated file management with enterprise-grade features:

File Operations

  • Upload/download with resume support
  • Directory creation and management
  • Batch operations for efficiency
  • Metadata and permissions

Archive Management

  • Zip/unzip operations
  • Compression algorithms
  • Selective extraction
  • Archive integrity checks

Sharing & Collaboration

  • Secure sharing links
  • Time-limited access
  • Permission-based sharing
  • Access audit logs

Proxy Services

Advanced network proxy capabilities for secure service exposure:

Proxy Types

  • HTTP/HTTPS Proxy: Web application and API exposure
  • TCP Proxy: Database and service connections
  • WebSocket Proxy: Real-time application support
  • Load Balancing: Distribute traffic across multiple backends

Security Features

  • Access Control: IP allowlists and authentication
  • TLS Termination: SSL certificate management
  • Rate Limiting: Protect against abuse
  • Audit Logging: Track all proxy access

Bridges

Connect and orchestrate multiple dxflow instances for distributed computing:

Bridge Capabilities:

  • Multi-node Orchestration: Coordinate workloads across engines
  • Resource Federation: Share compute and storage resources
  • Hybrid Cloud Support: Bridge on-premise and cloud environments
  • Load Distribution: Optimize resource utilization

Security Model

Authentication & Authorization

dxflow implements a comprehensive security model:

RSA Key-Pair Authentication

  • Public Key Infrastructure: Secure, scalable authentication
  • Key Management: Generate, register, and rotate keys easily
  • Multi-key Support: Different keys for different access levels

Composable Permission System

dxflow implements a flexible permission model where permissions can be combined to create custom access levels:

Base Permissions

Functional Permissions (can be combined):

  • SHELL: Terminal session management
  • OBJECT: File system operations
  • WORKFLOW: Container orchestration
  • PROXY: Network proxy services
  • BRIDGE: Multi-engine connections
  • PLATFORM: Docker platform operations

Modifier Permissions

READ_ONLY: Restricts write operations

  • Can be combined with any functional permission
  • Blocks create/modify/delete operations
  • Allows viewing and monitoring only

MASTER: Administrative override

  • Grants full system access
  • Includes all permissions
  • Required for key and user management

Permission Examples

Permissions: SHELL + OBJECT + WORKFLOW

Can:
- Create and connect to shell sessions
- Upload/download files and manage directories
- Create, start, stop workflows
- Execute commands in containers

Cannot:
- Manage proxy services or bridges
- Access Docker platform operations
- Perform administrative tasks
Default Configuration: New users receive PROXY + BRIDGE + SHELL + OBJECT + PLATFORM + WORKFLOW permissions, providing comprehensive functionality without administrative privileges or read-only restrictions.

Network Security

  • TLS Encryption: All communications secured with industry-standard encryption
  • Certificate Management: Automatic certificate generation and renewal
  • Network Isolation: Unix domain sockets for local communication
  • Firewall Integration: Works with existing network security policies

Best Practices

Engine Deployment

  • Resource Planning: Size engines based on expected workloads
  • High Availability: Deploy multiple engines for redundancy
  • Monitoring: Set up health checks and alerting
  • Backup: Regular configuration and data backups

Workflow Design

  • Resource Limits: Always specify CPU and memory constraints
  • Health Checks: Implement container health checks
  • Graceful Shutdown: Handle SIGTERM signals properly
  • Logging: Use structured logging for better debugging

Security Hardening

  • Least Privilege: Grant minimum necessary permissions
  • Key Rotation: Regularly rotate authentication keys
  • Audit Logging: Monitor all access and operations
  • Network Segmentation: Use firewalls and VPNs appropriately

Advanced Topics

Integration Patterns

  • CI/CD Integration: Automate deployments with dxflow APIs
  • Monitoring Integration: Connect with Prometheus, Grafana, etc.
  • Service Mesh: Deploy alongside Istio or Linkerd
  • GitOps: Manage configurations with Git workflows

Scaling Strategies

  • Horizontal Scaling: Add more engine nodes as needed
  • Vertical Scaling: Increase resources on existing nodes
  • Auto-scaling: Dynamic scaling based on workload demand
  • Edge Deployment: Distribute engines to edge locations

This comprehensive understanding of dxflow concepts and architecture will enable you to design and implement robust, scalable distributed computing solutions.

Advanced Topics

Advanced concepts, configuration, and administrative features for dxflow engine deployment and management

Licensing

Learn about dxflow's licensing system, how to create and manage licenses, and understand the available permissions