Bravura Cloud Architecture

Bravura Cloud is a scalable, secure, and efficient web application designed to leverage the power of containerization and orchestration provided by Kubernetes. Bravura Cloud integrates a robust stack including an authentication layer, API layer, data storage, data visualization, log aggregation and analysis, health monitoring and so on. This architecture allows high performance with real-time data processing and comprehensive auditing and security.

The interactions between the various components and services are shown in the diagram below.

Kubernetes cluster

Kubernetes provides a reliable platform for enabling maintaining uptime of our solution hosted software by automatically managing the deployment and operation of the application by ensuring they remain available even if individual nodes were to fail. It allows for simplifying the allocation of resources in order to maintain optimal performance. Additionally, Kubernetes improves overall performance by efficiently distributing workloads across the available infrastructure and managing the network traffic between them.

Services

Bravura Cloud consists of a set of services.

Load balancer

A load balancer routes traffic to all exposed services. The load balancer also provides a layer of network security as only the services intended to be exposed are made available. The NGINX ingress controller was selected due to its high performance, stability, rich feature set, and proven track record having widespread use as a web server for reverse proxy scenarios.

Inventory UI

The Inventory UI is a React-based modern web application which presents much of the Bravura Security Fabric application data in a friendly and efficient manner. A set of stateless instances of this application are managed by Kubernetes.

API service

The Application Programming Interface (API) service provides an API layer to interact with the database. Bravura Cloud uses Hasura, which is an open-source engine that connects to databases and securely exposes a GraphQL API.

Authentication service

Bravura Cloud uses Keycloak, which is an open-source Identity and Access Management solution that provides features such as single sign-on, user federation, identity brokering, and fine-grained authorization. Keycloak centralizes the authentication and access management of Bravura Cloud and enables an organization to easily leverage their existing authentication solution.

Analytics service

The analytics service allows users to explore most aspects of their Bravura Security Fabric software and their behavior over time. This is accomplished using application data, logs, and metrics presented in intuitive dashboards.

Bravura Cloud uses the following:

Grafana is a popular open-source platform for monitoring and visualizing metrics from various data sources, allowing teams to easily create, explore, and share dashboards.
Prometheus is an open-source monitoring and alerting toolkit designed for reliability and scalability. It collects and stores time-series data from various sources and provides a powerful query language to analyze that data. Bravura Cloud uses a set of microservices which enable high availability and long term durable storage use which are provided by Thanos. This approach allows a set of Prometheus applications to function as a single higher performance application.
Loki is a horizontally-scalable log aggregation and alerting system inspired by Prometheus. It was designed to be capable of nearly real-time evaluation of data.

Database

Bravura Cloud can use the following:

PostgreSQL is the primary data storage solution for Bravura Cloud. It is a highly capable object-relational database management system with a long history of providing exceptional reliability and performance.
Aurora Serverless v2 is a PostgreSQL-compatible variant of Amazon Aurora offered as a service. It is designed to vertically scale automatically in response to demand. Highly durable storage and the uptime SLAs provided by this service allow our SaaS solution to ensure consistant high performance regardless of load.

Storage

Bravura Cloud is hosted using the following:

Amazon S3 is an object storage service providing industry-leading scalability, data availability, security, and performance. It is leveraged for long-term storage of log and metric data.
PostgreSQL storage is provided and managed by the Aurora Serverless v2 service for our SaaS solution. This storage is automatically replicated across AWS availability zones.
Local ephemeral storage is available to containerized applications only to enable their operation. Containers run with a read-only root filesystem wherever possible for security purposes and application data is not retained on local storage.