Service layer

The service layer comprises all services and components of the UNICORE Service-Oriented Architecture (SOA). It is based on industry standard components and third-party libraries such as Jetty and Apache CXF, and follows best practices in software engineering and RESTful API design.


The Gateway is a HTTPS reverse proxy, that primarily serves as a firewall transversal point to avoid having to configure many open firewall ports. The Gateway acts as the entry point to a UNICORE site and forwards information about the connecting client (such as the client’s IP address and or SSL certificate) to the servers behind it.


The UNICORE/X server is the central component of a UNICORE installation. It accepts the client requests that are transmitted via the Gateway, authenticates the request, checks authorization and invokes the appropriate service. It provides a set of service interfaces that are hosted in a container called UNICORE Services Environment (USE). These services include job submission and management, storage access, file transfer and others. The UNICORE/X server accepts jobs, submits them to the local systems via the TSI, allows to upload and download data via several protocols, and thus provides most of the functionality of UNICORE. In addition to the POSIX filesystems of an HPC cluster, UNICORE/X can acesss other resources like CDMI storage, S3 as storage backend.

Workflow Engine

The Workflow engine allows to run arbitrarily complex cross-site workflows. It offers a wide range of control constructs and other workflow features such as variables, hold points and more. Execution tasks will be submitted to UNICORE/X servers. The Workflow engine includes a per-workflow file catalogue, allowing powerful and flexible data management during workflow execution. The Workflow engine shares its security features with UNICORE/X, and allows flexible user authentication. Using delegation based on JWT tokens, the user only needs to authenticate once to run cross-site workflows.


The Registry is essentially a UNICORE/X server which only runs a single service (the “shared registry” service), which allows clients to discover available services hosted by multiple UNICORE/X servers. A single service registry is necessary to build-up and operate a distributed UNICORE infrastructure. This service registry is contacted by the clients in order to “connect to the Grid”. Like UNICORE/X, the service registry runs in UNICORE’s WSRF hosting environment.

© Forschungszentrum Jülich 2021