Skip to main content

Frontend

Components

NGINX (Reverse Proxy)

The NGINX server acts as a reverse proxy over the tsm-gateway, handling all incoming HTTP/HTTPS traffic. It ensures routing to the correct backend services through load balancing and other optimizations.

  • Version: NGINX latest
  • Purpose: Reverse proxy for routing requests to the tSM Gateway.

Angular Application

The UI of the tSM application is built using Angular 18. The UI artifacts are generated through the build process and served by NGINX. These assets consist of the static front-end content.

  • Build: Angular version 18
  • Deployment: Built UI application served by NGINX or any CDN.
  • Hosting: UI build files are hosted in Kubernetes via NGINX.

Supported Browsers

The tSM UI is designed to work across all standard browsers with full support for modern web technologies.

  • Supported Browsers:
    • Google Chrome (last 3 versions)
    • Mozilla Firefox (last 3 versions)
    • Microsoft Edge (last 3 versions)
    • Safari (last 3 versions)

The platform adheres to a mobile-first design philosophy, ensuring optimal performance and responsiveness on both desktop and mobile devices.

Progressive Web Application (PWA)

The tSM frontend is implemented as a Progressive Web Application (PWA), offering additional features that enhance the user experience beyond a traditional web application.

  • Mobile-First Design: The frontend is optimized for mobile devices, ensuring that it functions smoothly on smartphones and tablets.
  • Responsive: The application automatically adjusts its layout and components to fit different screen sizes and orientations, ensuring a seamless experience across all devices.
  • PWA Features:
    • Offline Capability: Users can access the application even when offline, as static assets and essential data are cached locally.
    • Push Notifications: The platform can send real-time notifications to users on supported browsers, providing instant updates on important events.
    • Home Screen App: Users can install the application on their devices, and it will behave like a native app, including the ability to launch from the home screen.

Minimum System Requirements

The tSM frontend is designed to work on a wide range of devices, both desktop and mobile. Here are the minimum hardware and software requirements:

Desktop (PC)

  • Processor: Dual-core 2.0 GHz or higher
  • RAM: 4 GB or higher
  • Storage: 100 MB of free storage for browser caching
  • Operating System: Windows 10, macOS Catalina, or Linux (recent versions)
  • Browser: Any of the supported browsers listed above, with JavaScript enabled

Mobile

  • Processor: Quad-core 1.5 GHz or higher
  • RAM: 2 GB or higher
  • Operating System: iOS 12.0+, Android 8.0+
  • Storage: 100 MB of free storage for caching and offline support
  • Browser: Latest version of Chrome, Safari, or any PWA-compatible browser

HTTPS / TLS

All communication between the client (browser) and the tSM backend services is secured using HTTPS with TLS encryption. This ensures that data is encrypted in transit, providing a secure browsing experience for users.

  • TLS Version: TLS 1.2 or 1.3 (recommended)
  • Certificates: Standard X.509 certificates are used for HTTPS. The platform supports integration with Let's Encrypt for automatic certificate management, as well as custom certificates for enterprise deployments.
  • Purpose: Protects sensitive data in transit, including user authentication, API communication, and PWA synchronization.

Security Measures for Internet Deployment

When deploying the tSM platform for public access over the internet, it is crucial to implement additional security layers to protect the application from potential threats, such as DDoS attacks.

  • Firewall: A standard firewall should be used to restrict access to the backend services and only expose necessary endpoints.
  • Web Application Firewall (WAF): It is recommended to deploy a WAF in front of the NGINX server to add an additional layer of protection against common web-based threats (e.g., DDoS attacks, cross-site scripting, etc.).
  • DDoS Protection: Consider using cloud-based DDoS protection services (e.g., AWS Shield, Azure DDoS Protection) to mitigate the risk of denial-of-service attacks.
  • Purpose: These measures ensure that the platform remains available, secure, and resilient to malicious attacks, particularly when exposed to public networks.