# Admin and Configuration Guide

This article outlines the administrative configuration, operational controls, and governance responsibilities required to deploy, manage, and operate askEdgi across supported deployment variants. The document covers platform prerequisites, infrastructure requirements, edition level configuration, connector setup, role-based access control, API key management, Marketplace governance, background automation, workspace management, troubleshooting procedures, security enforcement, and backup and recovery practices. The content is intended for administrators responsible for system configuration, compliance enforcement, and operational stability of askEdgi within the OvalEdge platform.

## Responsibilities and Scope

Platform administrators are responsible for the end-to-end configuration and operational governance of askEdgi. This includes enabling the feature within OvalEdge, configuring system dependencies, managing data access paths, enforcing security and compliance controls, monitoring usage and cost consumption, and responding to operational issues.

Administrative responsibilities span the following areas:

* Platform readiness validation
* Edition selection and configuration
* Connector configuration and validation
* Role and permission management
* API key governance
* Marketplace oversight
* Monitoring system health and usage
* Troubleshooting and recovery
* Security enforcement
* Backup and disaster recovery planning

## System Requirements Validation

### OvalEdge Platform Prerequisites

askEdgi requires a fully configured OvalEdge platform environment before activation.

| Requirement         | Details                                         |
| ------------------- | ----------------------------------------------- |
| Platform Version    | OvalEdge version 7.2.x or later                 |
| Metadata Catalog    | Catalog configured with active metadata sources |
| User Management     | User roles and permissions defined              |
| Governance Controls | Data masking and access policies enabled        |

{% hint style="warning" %}
askEdgi relies on OvalEdge metadata, governance, and access policies. Missing or incomplete catalog configuration directly impacts functionality.
{% endhint %}

### Infrastructure Requirements for SaaS Deployments

SaaS deployments operate within an AWS-hosted environment managed by OvalEdge.

| Component  | Functional Role                         |
| ---------- | --------------------------------------- |
| AWS VPC    | Network isolation and tenant separation |
| Amazon RDS | Persistent metadata storage             |
| Amazon S3  | Temporary storage for uploaded files    |
| Amazon ECS | Execution of compute workloads          |
| Amazon SQS | Orchestration of background jobs        |

{% hint style="info" %}
These components collectively ensure scalability, isolation, and controlled execution of askEdgi workloads.
{% endhint %}

### Infrastructure Requirements for On-Prem Deployments

On-prem deployments require equivalent enterprise-grade services hosted entirely within customer infrastructure.

**Key requirements include:**

* Internal storage, compute, and messaging services
* Network-level controls and identity management
* No dependency on external AI or cloud services
* Complete isolation from external data egress

{% hint style="warning" %}
On-prem deployments are limited to metadata analytics only and explicitly exclude external AI enrichments.
{% endhint %}

### API Key Requirements for Enterprise SaaS

Enterprise SaaS deployments require an OpenAI API key to enable AI-powered functionality.

| Attribute             | Value                                  |
| --------------------- | -------------------------------------- |
| Default Allocation    | $100 per month                         |
| Additional Usage Cost | $0.02 per API request                  |
| Key Provider          | OvalEdge provided or customer provided |

## Deployment Edition Configuration

askEdgi operates across four deployment variants. Edition selection determines available features, governance controls, and operational behavior.

### Public Edition Configuration

#### Use Case

* Open exploration for individuals and freelancers.

**Configuration Characteristics**

| Configuration Item  | Behavior                         |
| ------------------- | -------------------------------- |
| Catalog Integration | Not required                     |
| File Upload         | Enabled with 1 GB per file limit |
| Workspace Type      | Temporary and session-based      |
| Marketplace         | Recipe publishing enabled        |
| Spend Control       | Enforced by subscription tier    |

**Administrative Responsibilities**

* Review and approve Marketplace submissions
* Monitor usage trends for capacity planning
* Manage subscription tiers and billing

{% hint style="info" %}
Marketplace publishing requires OvalEdge administrative approval prior to public availability.
{% endhint %}

### SaaS Data Analytics Configuration

#### Use Case

* Enterprise analytics with full data and metadata integration.

**Configuration Characteristics**

| Configuration Item     | Behavior                                  |
| ---------------------- | ----------------------------------------- |
| Catalog Integration    | Required                                  |
| Connector Availability | All supported connectors                  |
| AI Enrichments         | Enabled                                   |
| Recipe Management      | Creation and organization sharing enabled |
| Marketplace Access     | Optional and policy-controlled            |

**Administrative Responsibilities**

* Configure and validate data connectors
* Set and manage OpenAI API keys
* Define role-based access controls
* Monitor compute usage and token consumption
* Control Marketplace access through policy settings

### SaaS Metadata Analytics Configuration

#### Use Case

* Metadata discovery and governance without data-level processing.

**Configuration Characteristics**

| Configuration Item  | Behavior              |
| ------------------- | --------------------- |
| Catalog Integration | Required              |
| Connector           | OvalEdge (-1) only    |
| File Upload         | Not available         |
| AI Enrichments      | Not available         |
| Recipe Type         | Metadata recipes only |

**Administrative Responsibilities**

* Configure catalog connections
* Define access for metadata queries
* Monitor metadata query usage patterns
* Control Marketplace access for metadata recipes

### On-Prem Configuration

#### Use Case

* Full data residency with internal metadata analytics.

**Configuration Characteristics**

| Configuration Item | Behavior                        |
| ------------------ | ------------------------------- |
| Deployment         | Customer-managed infrastructure |
| Connector          | OvalEdge (-1) only              |
| AI Enrichments     | Not available                   |
| Marketplace        | Not available                   |
| Recipe Type        | Metadata recipes only           |

**Administrative Responsibilities**

* Deploy askEdgi containers internally
* Configure identity and access controls
* Monitor infrastructure resource usage
* Ensure zero external data egress

## Connector Configuration and Management

Connectors define how askEdgi accesses enterprise data and metadata. Each connector must be configured, validated, and governed before use.

### Executing Connector Setup

Configuration Steps

1. Navigate to the **Connector** screen.
2. Add a new connector or verify an existing connector.
3. Provide connection details, including host, port, protocol, authentication credentials, database, and schema.
4. Execute connection test.
5. Save the configuration.
6. Verify connector visibility in askEdgi.

### Internal Connector Availability

The OvalEdge (-1) connector provides direct access to catalog metadata.

| Attribute     | Description     |
| ------------- | --------------- |
| Configuration | Not required    |
| Availability  | All editions    |
| Function      | Metadata access |

### Connector Permission Enforcement

askEdgi strictly enforces source system permissions.

Permission validation occurs:

* When objects are added to the workspace
* During query execution
* During recipe execution
* During metadata search

Only datasets permitted by the connector security model are accessible.

## Role Configuration and Access Control

askEdgi integrates with OvalEdge role based access control.

### Enabling askEdgi Access

Configuration Steps

1. Navigate to **System Settings.**
2. Search for **askedgi.metadata.analytics.role**
3. Select the appropriate role.
4. Enable askEdgi access.
5. Save configuration.

### Recommended Role Assignments

| Edition            | Intended Users                        |
| ------------------ | ------------------------------------- |
| Metadata Analytics | Governance and discovery teams        |
| Data Analytics     | Business analysts and data scientists |
| Public Edition     | Enabled by default via subscription   |

## System Settings Overview

askEdgi includes multiple system-level configurations. These settings control behavior related to AI usage, Marketplace access, usage limits, and operational thresholds. Detailed configuration options are documented separately under askEdgi System Settings and Configurations.

## API Key Management for Enterprise SaaS

### OvalEdge Provided API Key

| Attribute           | Behavior     |
| ------------------- | ------------ |
| Monthly Quota       | $100         |
| Alert Threshold     | 80 %         |
| Hard Stop           | 100 %        |
| Admin Configuration | Not required |

### Customer Provided API Key

**Configuration Steps**

1. Generate an **OpenAI API key**
2. Navigate to **AI settings**
3. Select **customer provided key**
4. Paste the **key** for encrypted storage
5. Save configuration

**Administrative Responsibilities**

* Monitor usage and spend
* Rotate keys periodically
* Manage budgets

### API Key Security Controls

| Control    | Enforcement                     |
| ---------- | ------------------------------- |
| Encryption | Encrypted at rest               |
| Logging    | Never logged or displayed       |
| Isolation  | Tenant isolated OpenAI projects |

## Marketplace Management in Public Edition

### Recipe Review Workflow

**Workflow Sequence**

1. User submits a recipe
2. Admin notification is generated
3. Documentation is reviewed
4. Policy compliance is validated
5. Execution behavior is verified
6. Recipe is approved or rejected
7. Approved recipes are published

### Revoking Marketplace Recipes

**Recipes may be revoked to:**

* Remove public visibility
* Block new subscriptions
* Preserve existing executions

## Scheduled Jobs and Automation

### Background Jobs

| Job Name                | Frequency |
| ----------------------- | --------- |
| Trial Reminder          | Daily     |
| Spend Limit Check       | Hourly    |
| Billing Reset           | Monthly   |
| Subscription Validation | Daily     |
| Cleanup Service         | Daily     |

## Workspace State Management

| State        | Description           |
| ------------ | --------------------- |
| Connected    | Workspace active      |
| Restarting   | Workspace reloading   |
| Disconnected | Workspace unavailable |

### Administrative Recovery Actions

* Review workspace logs
* Restart workspace
* Monitor CPU and memory usage
* Upgrade workspace container

### Workspace Container Sizes

| Container | Capacity                   |
| --------- | -------------------------- |
| Standard  | Default                    |
| Medium    | 2 times compute and memory |
| Large     | 4 times compute and memory |

## Troubleshooting Operational Issues

| Issue                      | Resolution                                                |
| -------------------------- | --------------------------------------------------------- |
| Cannot add catalog objects | Verify connector and permissions                          |
| Recipe execution failure   | Validate datasets and edition compatibility               |
| Slow workspace             | Restart workspace, reduce dataset size, upgrade container |
| Budget exceeded            | Review usage, increase quota, switch API key              |

## Security Hardening Controls

**Administrators must enforce:**

* SSO and MFA
* Audit log retention and export
* Data masking policies
* Network segmentation
* API key rotation
* Encrypted connector credentials

## Backup and Disaster Recovery

| Asset               | Strategy                           |
| ------------------- | ---------------------------------- |
| Catalog Metadata    | OvalEdge database backups          |
| Workspace Artifacts | Ephemeral by design                |
| Recipes             | Stored and backed up with metadata |
| Audit Logs          | Export before retention expiry     |

***

Copyright © 2026, OvalEdge LLC, Peachtree Corners, GA USA


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ovaledge.com/release8.1/askedgi/administration-and-governance/admin-and-configuration-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.