Architecture

Workbench | Advanced

Workbench Native App

Access to Workbench

The Posit Workbench Native App is accessible to users via the Snowflake Snowsight UI. The application also has an ingress URL that can be accessed directly.

Application installation

The Posit Workbench Native Application launches the Posit Workbench software within your own Snowflake ecosystem.

The Posit Native App is published as a Snowflake Marketplace listing. It is installed and configured by a Snowflake Admin to use the appropriate References and Application Database.

Posit manages both the App Listing and Application Package to allow for regular releases and upgrades.

Native App internals and administration

The Native App is made up of the below elements:

1. Administer Workbench: A streamlit app available within Snowsight that provides an interactive user interface for administrators to administer, debug, and backup the Native App.

2. Workbench Service: Posit Workbench containerized as a fully managed application within Snowpark Container Services (SPCS).

3. Application Database: An isolated database for internal Workbench controls, configuration, state management, and metadata.

Components and resources

This diagram shows, at an abstract level, all resources which are referenced and granted from the account. Additionally, we see all resources that are created within the Native App. Snowflake has put significant effort into preventing the Native App from knowing anything about the Account it is running within. The only access that the Native App has about the account are the License secret, OAuth integration, and External Access Integration (egress).

Snowpark Container Services:

• The Workbench Service is run with a Snowflake internally hosted Posit Workbench docker image.
• The Workbench Service performs a license check for an Advanced Workbench tier license.
• The Workbench Service runs on a virtual machine node called a Compute Pool.
• User home directory data is backed up and persisted on a block volume that is mounted on the Workbench container.

Snowflake Native App

References:

• External Access Integration: Network rules for egress

• Workbench license: Stores the workbench license

• OAuth Security Integration: Seamless authentication and authorization

Application Database:

• services: Schema for workbench service and state

• data: Schema for application internal data including snapshots

• app: Schema for streamlit app and stored procedures

• callback: Schema for streamlit callback references

Legend

Architecture diagrams follow the C4 Model. The nomenclature for the levels of abstraction in the C4 model does not necessarily match up with how the terms are commonly used by developers, especially “Container” and “Component”.