Admin and Configuration Guide
This document outlines the administrative configuration, operational controls, and governance responsibilities required to deploy, manage, and operate askEdgi across supported deployment variants. The document covers platform prerequisites, infrastructure requirements, edition level configuration, connector setup, role-based access control, API key management, Marketplace governance, background automation, workspace management, troubleshooting procedures, security enforcement, and backup and recovery practices. The content is intended for administrators responsible for system configuration, compliance enforcement, and operational stability of askEdgi within the OvalEdge platform.
Responsibilities and Scope
Platform administrators are responsible for the end-to-end configuration and operational governance of askEdgi. This includes enabling the feature within OvalEdge, configuring system dependencies, managing data access paths, enforcing security and compliance controls, monitoring usage and cost consumption, and responding to operational issues.
Administrative responsibilities span the following areas:
Platform readiness validation
Edition selection and configuration
Connector configuration and validation
Role and permission management
API key governance
Marketplace oversight
Monitoring system health and usage
Troubleshooting and recovery
Security enforcement
Backup and disaster recovery planning
System Requirements Validation
OvalEdge Platform Prerequisites
askEdgi requires a fully configured OvalEdge platform environment before activation.
Requirement
Details
Platform Version
OvalEdge version 7.2.x or later
Metadata Catalog
Catalog configured with active metadata sources
User Management
User roles and permissions defined
Governance Controls
Data masking and access policies enabled
Important: askEdgi relies on OvalEdge metadata, governance, and access policies. Missing or incomplete catalog configuration directly impacts functionality.
Infrastructure Requirements for SaaS Deployments
SaaS deployments operate within an AWS-hosted environment managed by OvalEdge.
Component
Functional Role
AWS VPC
Network isolation and tenant separation
Amazon RDS
Persistent metadata storage
Amazon S3
Temporary storage for uploaded files
Amazon ECS
Execution of compute workloads
Amazon SQS
Orchestration of background jobs
Note: These components collectively ensure scalability, isolation, and controlled execution of askEdgi workloads.
Infrastructure Requirements for On-Prem Deployments
On-prem deployments require equivalent enterprise-grade services hosted entirely within customer infrastructure.
Key requirements include:
Internal storage, compute, and messaging services
Network-level controls and identity management
No dependency on external AI or cloud services
Complete isolation from external data egress
Important: On-prem deployments are limited to metadata analytics only and explicitly exclude external AI enrichments.
API Key Requirements for Enterprise SaaS
Enterprise SaaS deployments require an OpenAI API key to enable AI-powered functionality.
Attribute
Value
Default Allocation
$100 per month
Additional Usage Cost
$0.02 per API request
Key Provider
OvalEdge provided or customer provided
Deployment Edition Configuration
askEdgi operates across four deployment variants. Edition selection determines available features, governance controls, and operational behavior.
Public Edition Configuration
Use Case
Open exploration for individuals and freelancers.
Configuration Characteristics
Configuration Item
Behavior
Catalog Integration
Not required
File Upload
Enabled with 1 GB per file limit
Workspace Type
Temporary and session-based
Marketplace
Recipe publishing enabled
Spend Control
Enforced by subscription tier
Administrative Responsibilities
Review and approve Marketplace submissions
Monitor usage trends for capacity planning
Manage subscription tiers and billing
Important: Marketplace publishing requires OvalEdge administrative approval prior to public availability.
SaaS Data Analytics Configuration
Use Case
Enterprise analytics with full data and metadata integration.
Configuration Characteristics
Configuration Item
Behavior
Catalog Integration
Required
Connector Availability
All supported connectors
AI Enrichments
Enabled
Recipe Management
Creation and organization sharing enabled
Marketplace Access
Optional and policy-controlled
Administrative Responsibilities
Configure and validate data connectors
Set and manage OpenAI API keys
Define role-based access controls
Monitor compute usage and token consumption
Control Marketplace access through policy settings
SaaS Metadata Analytics Configuration
Use Case
Metadata discovery and governance without data-level processing.
Configuration Characteristics
Configuration Item
Behavior
Catalog Integration
Required
Connector
OvalEdge (-1) only
File Upload
Not available
AI Enrichments
Not available
Recipe Type
Metadata recipes only
Administrative Responsibilities
Configure catalog connections
Define access for metadata queries
Monitor metadata query usage patterns
Control Marketplace access for metadata recipes
On-Prem Configuration
Use Case
Full data residency with internal metadata analytics.
Configuration Characteristics
Configuration Item
Behavior
Deployment
Customer-managed infrastructure
Connector
OvalEdge (-1) only
AI Enrichments
Not available
Marketplace
Not available
Recipe Type
Metadata recipes only
Administrative Responsibilities
Deploy askEdgi containers internally
Configure identity and access controls
Monitor infrastructure resource usage
Ensure zero external data egress
Connector Configuration and Management
Connectors define how askEdgi accesses enterprise data and metadata. Each connector must be configured, validated, and governed before use.
Executing Connector Setup
Configuration Steps
Navigate to the Connector screen
Add a new connector or verify an existing connector
Provide connection details, including host, port, protocol, authentication credentials, database, and schema
Execute connection test
Save the configuration
Verify connector visibility in askEdgi
Internal Connector Availability
The OvalEdge (-1) connector provides direct access to catalog metadata.
Attribute
Description
Configuration
Not required
Availability
All editions
Function
Metadata access
Connector Permission Enforcement
askEdgi strictly enforces source system permissions.
Permission validation occurs:
When objects are added to the workspace
During query execution
During recipe execution
During metadata search
Only datasets permitted by the connector security model are accessible.
Role Configuration and Access Control
askEdgi integrates with OvalEdge role based access control.
Enabling askEdgi Access
Configuration Steps
Navigate to System Settings
Search for askedgi.metadata.analytics.role
Select the appropriate role
Enable askEdgi access
Save configuration
Recommended Role Assignments
Edition
Intended Users
Metadata Analytics
Governance and discovery teams
Data Analytics
Business analysts and data scientists
Public Edition
Enabled by default via subscription
System Settings Overview
askEdgi includes multiple system level configurations. These settings control behavior related to AI usage, Marketplace access, usage limits, and operational thresholds. Detailed configuration options are documented separately under askEdgi System Settings and Configurations.
API Key Management for Enterprise SaaS
OvalEdge Provided API Key
Attribute
Behavior
Monthly Quota
$100
Alert Threshold
80 %
Hard Stop
100 %
Admin Configuration
Not required
Customer Provided API Key
Configuration Steps
Generate an OpenAI API key
Navigate to AI settings
Select customer provided key
Paste the key for encrypted storage
Save configuration
Administrative Responsibilities
Monitor usage and spend
Rotate keys periodically
Manage budgets
API Key Security Controls
Control
Enforcement
Encryption
Encrypted at rest
Logging
Never logged or displayed
Isolation
Tenant isolated OpenAI projects
Marketplace Management in Public Edition
Recipe Review Workflow
Workflow Sequence
User submits a recipe
Admin notification is generated
Documentation is reviewed
Policy compliance is validated
Execution behavior is verified
Recipe is approved or rejected
Approved recipes are published
Revoking Marketplace Recipes
Recipes may be revoked to:
Remove public visibility
Block new subscriptions
Preserve existing executions
Scheduled Jobs and Automation
Background Jobs
Job Name
Frequency
Trial Reminder
Daily
Spend Limit Check
Hourly
Billing Reset
Monthly
Subscription Validation
Daily
Cleanup Service
Daily
Workspace State Management
State
Description
Connected
Workspace active
Restarting
Workspace reloading
Disconnected
Workspace unavailable
Administrative Recovery Actions
Review workspace logs
Restart workspace
Monitor CPU and memory usage
Upgrade workspace container
Workspace Container Sizes
Container
Capacity
Standard
Default
Medium
2 times compute and memory
Large
4 times compute and memory
Troubleshooting Operational Issues
Issue
Resolution
Cannot add catalog objects
Verify connector and permissions
Recipe execution failure
Validate datasets and edition compatibility
Slow workspace
Restart workspace, reduce dataset size, upgrade container
Budget exceeded
Review usage, increase quota, switch API key
Security Hardening Controls
Administrators must enforce:
SSO and MFA
Audit log retention and export
Data masking policies
Network segmentation
API key rotation
Encrypted connector credentials
Backup and Disaster Recovery
Asset
Strategy
Catalog Metadata
OvalEdge database backups
Workspace Artifacts
Ephemeral by design
Recipes
Stored and backed up with metadata
Audit Logs
Export before retention expiry
Last updated
Was this helpful?