Modern OpenEdge deployment architecture
- Last Updated: February 11, 2026
- 3 minute read
- OpenEdge
- Version 13.0
- Documentation
A modern OpenEdge deployment architecture is composed of several parts:
- OpenEdge Business Application—The core of the architecture is the ABL business application. The ABL business application runs in a PAS for OpenEdge instance and is connected to an OpenEdge database. The business logic contained within the application is exposed as a set of ABL services.
-
ABL services—ABL services are an important feature of a modern OpenEdge environment.
- Each service provides an API that can be consumed by a client application.
- You can create different types of ABL services such as REST or SOAP. Each service is bound to a PAS for OpenEdge transport that transforms HTTP messages into ABL. The WEB transport, which is the recommended way to set up a RESTful ABL service, uses ABL web handlers that are highly customizable and written in ABL. Other transports include SOAP (for SOAP communication), REST (an alternative to the WEB transport for RESTful services), and APSV (for ABL clients).
- Services are packaged in an ABL web application that can then be deployed to an ABL application in a PAS for OpenEdge instance.
- Cloud-hosted DMZ—After your business logic is exposed
through services, you can guard the services using a cloud-based demilitarized zone
(DMZ) that may include the following components.
- An authentication and authorization layer managed by the OpenEdge Authentication Gateway or an external identity provider
like Okta, OneLogin, etc, that use security mechanisms like SAML and OAuth
2.0.
OpenEdge Authentication Gateway is an identity management system that leverages PAS for OpenEdge as the underlying technology. It uses a Secure Token Service (STS) to confirm user legitimacy and assigns a standard, strongly encrypted ABL Client-Principal token to authenticated clients. The Client-Principal token is then used to maintain a chain of trust between the client and an OpenEdge application.
- An API gateway that serves as an entry point for your APIs. You can use an API gateway to create a single API that is used by client applications. When a client application calls this API, the API gateway server invokes your ABL services and aggregates the results into a single response that is returned to the client application.
- Load balancing mechanisms that distribute client requests across multiple PAS for OpenEdge server instances. There are multiple load balancing options that you can choose from, such as Apache Tomcat, Apache HTTP, and Amazon Elastic Load Balancing.
- An authentication and authorization layer managed by the OpenEdge Authentication Gateway or an external identity provider
like Okta, OneLogin, etc, that use security mechanisms like SAML and OAuth
2.0.
- Front-end client applications—Front-end client applications include web, mobile, and desktop clients. The user interface is typically built using HTML, CSS, and JavaScript libraries such as JSDO (JavaScript Data Objects—an OpenEdge client-side framework designed to work with OpenEdge Data Object services), Kendo UI, AngularJS, Vue, and React. When users interact with components in the user interface, calls are made to the API gateways, identity providers, and so on. After the calls pass through those systems, the calls arrive at the boundaries of PAS for OpenEdge, where they are processed by ABL services.