Appearance
Glossary
All abbreviations, acronyms, and domain-specific terms used across this documentation site, listed alphabetically.
A
ACR — Azure Container Registry : A private Docker image registry hosted on Azure. Microtec uses one ACR per environment (e.g., micerpbedevacr, micerpbepreprodacr). Images are pushed by CI/CD pipelines and pulled by Container Apps using a user-assigned managed identity — no registry credentials are stored in app config.
ADO — Azure DevOps : Microsoft's hosted DevOps platform. Microtec uses ADO for source control (Git repos), CI/CD pipelines (YAML), work item tracking (boards), and the private NuGet package feed.
ADR — Architecture Decision Record : A short document capturing a significant architectural choice, its context, the decision made, and the consequences. Microtec's ADRs live in 18-adr/. See Architecture Decisions.
AFD — Azure Front Door : Microsoft's global CDN and Layer-7 load balancer. AFD is the public entry point for all Microtec environments, providing TLS termination, WAF, routing rules, and health probes before traffic reaches Azure Container Apps.
ASB — Azure Service Bus : A fully managed enterprise message broker. Microtec migrated from RabbitMQ to ASB for cross-service async messaging. MassTransit is the abstraction layer on top of ASB.
B
BE — Backend : Refers to the .NET 8 server-side layer of the platform, hosted as Azure Container Apps microservices.
Bicep : Azure's domain-specific language (DSL) for infrastructure-as-code. All Microtec infrastructure is defined in .bicep files under Devops/azure/infrastructure/.
C
CAE — Container Apps Environment : An Azure resource that provides a shared boundary for a group of Container Apps. Microtec uses two CAEs per environment: a public CAE (internet-facing, hosts Gateway and Keycloak) and a private CAE (VNet-integrated, hosts all other services).
CIDR — Classless Inter-Domain Routing : IP address notation for network ranges (e.g., 10.0.0.0/16). Microtec VNet CIDRs: dev=10.0.0.0/16, stage=10.1.0.0/16, preprod=10.6.0.0/16, uat=10.5.0.0/16, prod=10.2.0.0/16.
CQRS — Command Query Responsibility Segregation : An architectural pattern that separates write operations (Commands) from read operations (Queries). Every backend feature in Microtec uses CQRS via MediatR. Commands mutate state; queries return data without side effects.
D
DAST — Dynamic Application Security Testing : Security testing performed against a running application. Microtec uses OWASP ZAP for DAST as part of the DevSecOps pipeline.
DB-per-Tenant : Microtec's multi-tenancy strategy where each tenant receives its own SQL Server database. The tenant's subdomain is resolved at runtime to select the correct connection string. This provides strong data isolation at the cost of higher database count.
E
EF Core — Entity Framework Core : Microsoft's ORM for .NET. Microtec uses EF Core with SQL Server for all relational data access. Query filters automatically inject TenantId predicates on all multi-tenant entities.
ERP — Enterprise Resource Planning : The category of software that integrates core business processes. Microtec ERP covers accounting, HR, inventory, sales, purchase, distribution, fixed assets, and finance.
ETA — Egyptian Tax Authority : The Egyptian government body responsible for electronic invoicing mandates. Microtec integrates with ETA APIs for Egyptian tenants' e-invoice submission and validation.
F
FE — Frontend : The Angular 17/20 micro-frontend application hosted as Azure Static Web Apps.
Fooj : A separate SaaS product under its own Azure subscription (f2340b90-2a00-4551-aabc-6e1776e82077). Fooj shares DevSecOps pipeline templates with ERP but has its own simpler backend stack and infrastructure.
H
Hangfire : A .NET background job library used in Microtec for scheduled and recurring tasks such as report generation, ZATCA submission retries, and data synchronization. Hangfire uses SQL Server as its job store.
I
IMultiTenantEntity : A C# marker interface that signals EF Core query filters to automatically append WHERE TenantId = @currentTenant to every query against that entity's table.
IScopedService / ITransientService / ISingletonService : C# marker interfaces used for automatic dependency injection registration. Any class implementing one of these interfaces is auto-registered with the corresponding DI lifetime by the platform's service registration infrastructure — no manual services.AddScoped<>() calls required.
ITenantContextManager : A .NET interface that allows services to explicitly set or override the current tenant context, typically used during tenant provisioning or background jobs that must process data for a specific tenant.
ITenantProvider : A .NET interface that returns the current tenant's identifier and connection string. Resolved from the incoming HTTP request (subdomain extraction) or from an ambient context for background jobs.
J
JWT — JSON Web Token : A compact, URL-safe token format used for authentication and authorization. Keycloak issues JWTs to all Microtec users. Backend services validate JWTs using Keycloak's public key endpoint.
K
KEDA — Kubernetes-based Event Driven Autoscaling : Azure Container Apps uses KEDA under the hood to scale individual Container Apps based on external event sources (e.g., ASB queue depth, HTTP traffic). Microtec configures min/max replicas per service in services-config.json.
Key Vault : Azure Key Vault stores all secrets (connection strings, API keys, passwords) for each environment. Container Apps pull secrets via keyvaultref: references. KV names are environment-specific (e.g., mic-erp-be-dev-skv for dev).
M
MassTransit : An open-source .NET message bus abstraction. Microtec uses MassTransit over Azure Service Bus for publishing and consuming integration events. It provides retry policies, dead-letter handling, and consumer registration.
MediatR : A .NET mediator implementation. Microtec uses MediatR to dispatch CQRS commands and queries through a pipeline of behaviours (validation, logging, workflow triggering) before reaching the handler.
MFE — Micro-Frontend : An architectural pattern where a frontend application is composed of independently deployable frontend modules. Microtec's frontend uses Webpack Module Federation to load remote Angular modules at runtime into a host shell app.
mTLS — Mutual TLS : Transport Layer Security where both client and server present certificates. Azure Container Apps' private CAE enables mTLS transparently between services on the same internal network.
N
NSG — Network Security Group : An Azure resource containing inbound/outbound network access rules applied to subnets or network interfaces. Microtec uses NSGs to restrict traffic between public and private CAE subnets.
NuGet : .NET's package manager. Microtec publishes 16 shared packages to a private Azure DevOps NuGet feed. Backend services consume these packages — the feed requires a PAT for authentication.
O
OWASP ZAP : Open Web Application Security Project Zed Attack Proxy. An open-source DAST tool that crawls and attacks a running web application to discover vulnerabilities. Used in Microtec's DevSecOps pipeline against stage and UAT.
P
PAT — Personal Access Token : Short-lived authentication tokens used for Azure DevOps API and NuGet feed access. Pipeline builds use $(System.AccessToken) (built-in) rather than personal PATs.
PE — Private Endpoint : An Azure networking feature that gives an Azure service (SQL Server, Key Vault, Redis, Storage) a private IP address inside a VNet, removing public internet exposure.
PRD — Product Requirements Document : A document that describes the purpose, features, and constraints of a product or feature before development begins.
R
RBAC — Role-Based Access Control : Authorization model where permissions are assigned to roles, and users are granted roles. Microtec implements RBAC through Keycloak realm roles and client roles, mapped to .NET policies via a custom ERP Policy Mapper SPI.
S
SAST — Static Application Security Testing : Security analysis performed on source code without executing it. Microtec uses SonarCloud for SAST across all backend, frontend, and mobile repositories.
SBOM — Software Bill of Materials : A machine-readable inventory of all software components and dependencies. Microtec uses Syft to generate SBOMs for Docker images and attaches them to each pipeline run.
SPI — Service Provider Interface : A Keycloak extension point allowing custom Java implementations of authentication flows, user storage, event listeners, and token mappers. Microtec ships multiple custom SPIs in the KeycloakProviders/ repository.
SWA — Static Web App : Azure's hosting service for static frontend assets (HTML/CSS/JS). Microtec's Angular micro-frontend apps are deployed to Azure Static Web Apps per environment.
T
Tenant : A logical customer unit in the multi-tenant ERP platform. Each tenant has a unique subdomain (e.g., company-a.onlinemicrotec.com.sa), its own Keycloak realm client, and its own SQL Server database.
V
VNet — Virtual Network : An isolated Azure network. Each Microtec environment has a dedicated VNet. The private CAE and all PaaS services (SQL, Redis, ASB, Key Vault) are connected via Private Endpoints within this VNet.
W
WAF — Web Application Firewall : A security layer that filters and monitors HTTP traffic. Azure Front Door includes a managed WAF with OWASP rule sets, applied in front of all Microtec environments.
X
XApiKey : A static API key used for direct internal service-to-service calls that bypass the user authentication flow. Used only for trusted internal integrations (e.g., Workflow Service calling Notification Service). The key is stored in Key Vault and injected via environment variable.
Y
YARP — Yet Another Reverse Proxy : A .NET reverse proxy library used in the Microtec API Gateway alongside Ocelot. YARP handles dynamic route transformation, load balancing, and HTTP forwarding for certain gateway scenarios.
Z
ZATCA — Zakat, Tax and Customs Authority : The Saudi Arabian government agency responsible for e-invoicing (Fatoorah) compliance. Microtec integrates with ZATCA's Phase 1 and Phase 2 APIs for Saudi tenants. The integration service and related NuGet packages are prefixed Microtec.Zatca.