Documentation

# Epona Site Provisioning — Architecture & Technical Specification

# Overview

Epona Site Provisioning is a SharePoint provisioning and integration platform built on .NET Framework 4.8. It automates the creation and configuration of SharePoint sites, document libraries, permission structures, and metadata, while seamlessly integrating with accounting systems, case management platforms, CRM solutions, and document management systems. The service supports both SharePoint Online and SharePoint 2016 deployments.

Key capabilities:

  • Rapid site provisioning and configuration from template-driven specifications
  • Document migration from legacy systems to SharePoint
  • Real-time integration with external business systems
  • Scheduled background jobs for recurring provisioning and maintenance tasks
  • Plugin-based architecture for custom integrations per customer

# System Architecture

The platform follows a configuration-driven, plugin-based architecture:

Architecture Flow:

  • Configurator (Desktop Tool) → provides configuration files to Epona Provisioning Service
  • File Handlers (Excel-Based) → provide batch operations to Epona Provisioning Service
  • Epona Provisioning Service (Windows Service) → orchestrates two execution paths:
    1. Provisioning Engine & Job Scheduler → includes Configuration Parser, Site Provisioning, Permission Management, Content Type & Metadata, and Job Execution
    2. SharePoint Client Layer → handles direct SharePoint operations
    3. Plugin Engine → manages integration plugins for Accounting, Case Management, CRM, Document Management, and Custom Plugins
  • SharePoint Client Layer → communicates with SharePoint Online / 2016
  • Plugin Engine → integrates with external systems and returns data to provisioning workflow

Core components:

  • Provisioning Service: Windows Service that executes provisioning operations and manages background jobs
  • Configurator: Desktop application for creating and editing configuration files
  • Migration Framework: Tools for document migration from legacy systems (Worldox, OpenText, Box, iManage, SharePoint)
  • SharePoint Client Layer: Interface to SharePoint with encryption, validation, and helper utilities
  • Plugin Engine: Scans for integration plugin files at runtime and automatically loads compatible plugins without requiring manual registration
  • File Handlers: Excel-based batch operation system for bulk provisioning, migrations, and administrative tasks

# Core Capabilities

  • Site Provisioning: Automated creation of site collections, sites, subsites, and team sites with configurable metadata and content structures
  • Permission Management: Fine-grained permission sets, role assignments, and multi-level access control
  • Content Organization: Document libraries, lists, content types, metadata columns, document sets, and folder hierarchies
  • SharePoint Online & 2016 Support: Single codebase with version-specific client DLLs for both environments
  • Multi-Environment Support: Single service instance can serve multiple different SharePoint environments (SharePoint Online, SharePoint 2016, or different regional instances) with separate configurations, monitor folders, and isolated credentials
  • Document Migration: Migrate documents from legacy systems (Worldox, OpenText, iManage, Box, SharePoint)
  • Job Scheduling: Recurring background jobs for provisioning, updates, cleanup, and maintenance
  • Business System Integrations: Real-time integration with accounting (AFAS, DataLEX, Datev, ExactOnline, Visma, TimeSolv, LeanLaw), case management (Clio, CleverCase, Cicero, Codex, Soluno, LegalServer, TeamConnect), CRM (Salesforce, HubSpot, MS Dynamics), and document systems
  • Configuration Management: JSON-based configuration with desktop editor and file handler support
  • Epona Configurator: Windows desktop application for GUI-based creation, editing, validation, and deployment of configurations

# Deployment Architecture

Hosting Model: Windows Service running on-premises or in a cloud VM (IaaS)

Software Requirements:

  • Windows Server 2012 R2 or later
  • .NET Framework 4.8 or later

Configuration:

  • Configuration files (JSON) specify site collections, sites, permissions, integrations, and job schedules
  • A single service instance can load and process multiple customer configurations simultaneously
  • Each configuration is customer-specific and isolated from other configurations within the same deployment
  • Each configuration can target a different SharePoint environment (SharePoint Online, SharePoint 2016, or different regional instances), each with its own monitor folder and isolated credentials
  • Credentials encrypted at rest (see Security section for encryption details)

Scaling Considerations:

  • Each deployment runs as a single service instance. Multiple instances can be deployed independently (e.g., per-tenant); no built-in clustering or load balancing is provided.
  • Job scheduling runs on configured instance
  • Performance scales to thousands of sites per deployment

Security:

  • Authentication to SharePoint: The service uses a dedicated service account with app-only permissions (client ID and secret or certificate) to authenticate to SharePoint. This eliminates dependency on individual user credentials and allows credential rotation without user impact.
  • Required Permissions: The service account requires Site Collection Admin permissions (which include the ability to create sites, manage permissions, create content types, and configure site collections) for provisioning operations, plus appropriate permissions for the specific sites, libraries, and content types being managed. Least-privilege scoping is recommended—grant only the minimum permissions required for the customer's specific configuration.
  • Secret Storage: Credentials and sensitive configuration values are encrypted at rest using Windows DPAPI (Data Protection API) and stored in configuration files. Only the service account with access to the encryption key can decrypt them.
  • Network Requirements: The service requires HTTPS connectivity to SharePoint endpoints (typically port 443). TLS 1.2 or higher is required. Outbound access to third-party integration APIs (accounting, CRM, document management) depends on configured integrations.
  • Audit Trail: All provisioning operations, migrations, integration calls, and job executions are logged with timestamps and details sufficient for compliance audit reviews. Logs are stored locally and can be integrated with enterprise logging solutions (Splunk, ELK, etc.) for centralized audit trail.
  • Tenant Isolation: In multi-configuration deployments, each customer configuration is isolated—configuration files, credentials, and job execution state are separate. No cross-tenant data leakage is possible within a single instance.

# Integration Model

Plugin Architecture: Plugins are discovered and loaded automatically at service startup:

  1. Service scans for integration plugins in the deployment directory
  2. Compatible plugins are loaded without requiring manual registration
  3. Plugins execute as part of the provisioning and integration workflow

Supported Integration Categories:

  • Accounting: AFAS, DataLEX, Datev, ExactOnline, Visma, TimeSolv, LeanLaw
  • Case Management: Clio, CleverCase, Cicero, Codex, Soluno, LegalServer, TeamConnect
  • CRM: Salesforce, HubSpot, MS Dynamics
  • Document Management: Advosys, Box, iManage, iManageWeb

# Configuration Architecture

The service is fully configuration-driven: behavior is controlled by configuration files, not code.

Configuration Management:

  • Define site collections, sites, permission sets, content types, integrations, and job schedules in configuration
  • Epona Configurator provides GUI-based creation and editing
  • Configurations exported as JSON for deployment
  • Runtime loads configuration on service startup and applies to all operations

File Handlers: Excel-based batch operations that:

  • Bulk provision sites and content
  • Migrate documents from legacy systems
  • Apply permission changes across sites
  • Trigger integrations and update external systems

# Configuration Tools — Epona Configurator

Epona Configurator is a Windows desktop application that simplifies configuration management:

Capabilities:

  • GUI-based creation and editing of site hierarchies, permissions, content types, and integrations
  • Visual design of site structures without writing JSON
  • Real-time validation of configuration rules and constraints
  • Export configurations to shareable files for deployment

Workflow:

  1. Consultant uses Configurator to design site structure, permissions, and metadata
  2. Configurator validates configuration and exports to JSON file
  3. Configuration file deployed to Provisioning Service
  4. Service applies configuration to SharePoint on startup or on-demand

Integration with Provisioning Service: Configurator generates configuration files consumed by the Provisioning Service. No direct coupling—configurations are portable and deployable to any service instance.

# Data Flow

Provisioning Workflow:

External System (matter creation/update) → Plugin (monitors for changes) → JSON Matter File (created and dropped in folder) → Provisioning Service (monitors folder) → Load & Parse → Validation → Provisioning Engine → CSOM Calls → SharePoint → Status & Logging

Process steps:

  1. Configuration file specifies a folder for the Provisioning Service to monitor
  2. Plugin monitors external system for matter creations or updates
  3. When a change is detected, plugin creates a JSON file containing matter information
  4. JSON file is dropped into the configured folder
  5. Provisioning Service detects and picks up the JSON file
  6. File is parsed and validated for consistency and references
  7. Provisioning Engine processes the matter configuration sequentially
  8. CSOM client executes corresponding SharePoint operations
  9. Results and status logged and reported

Migration Workflow:

Source System (Legacy/File/API) → Migration Plugin → Metadata Extraction & Mapping → Document Processing → SharePoint Upload → Permission & Relationship Sync

Process steps:

  1. Migration plugin reads documents from source system (file format or API)
  2. Metadata extracted and mapped to SharePoint content types
  3. Documents processed and prepared for upload
  4. Documents uploaded to target SharePoint site
  5. Permissions and relationships migrated and synchronized

Job Execution:

  • Service manages recurring job schedules
  • Jobs run in-process within Provisioning Service
  • Job results logged; failures trigger retry logic or notifications

Integration Points: Plugins can hook into provisioning pipeline to:

  • Enrich provisioning data from external systems
  • Sync SharePoint changes back to external systems
  • Trigger business processes in response to provisioning

# Operational Considerations

Monitoring & Logging:

  • Service logs provisioning operations, migrations, job executions, and errors
  • Log files stored locally; integrate with centralized logging as needed
  • Performance metrics: provisioning time, document migration throughput, job execution statistics

Error Handling:

  • Failed operations logged with details for diagnosis
  • Retry logic for transient errors (API throttling, network timeouts)
  • Failed migrations can be reprocessed with corrected configuration

Upgrade Path:

  • Service updates applied in-place; backward-compatible with prior configurations
  • Migration scripts update configuration format when necessary
  • Plugins tested against service version before deployment

# Limitations & Constraints

  • SharePoint Versions: Supports SharePoint 2016 on-premises and SharePoint Online; not compatible with SharePoint 2013 or earlier
  • Scalability: Single service instance typical; extreme scale (10,000+ sites) requires architectural review
  • Real-Time Integrations: Integrations are one-way or batch; not suitable for bidirectional real-time sync at high frequency
  • Multi-Tenancy: A single service instance supports multiple customer configurations simultaneously. Customer configurations and credentials are isolated from each other within the same deployment.
  • Customization: Behavior customizations require plugin development or configuration changes
  • Performance: Large migrations (100,000+ documents) may require split across multiple operations or instances

# Getting Started

To understand the service in detail and prepare for deployment:

  1. Installation & Deployment: See Installation for system requirements, setup, and update procedures
  2. Configuration Reference: See Configuration for complete documentation of all configuration properties, site structures, permissions, and metadata options
  3. Configurator Guide: See Configurator for how to use the desktop tool to create and manage configurations
  4. Plugin Integration: See Plugins for list of available integrations and custom plugin development
  5. Job Scheduling: See Jobs for background job configuration and scheduling
  6. Document Migration: See Migration for legacy system migration procedures and examples
  7. File Handlers: See File Handlers for Excel-based batch operations for bulk provisioning and administrative tasks

For support and technical guidance, contact your Epona implementation partner or customer success team.

Last Updated: 5/27/2026, 9:59:19 AM