- 23 Dec 2024
- 1 Minute to read
- Print
- DarkLight
High Level Architecture
- Updated on 23 Dec 2024
- 1 Minute to read
- Print
- DarkLight
High-Level Cloud Architecture
This diagram depicts the end-to-end architecture of how the Volumez Connector operates within a tenant’s cloud and on-premise environments, securely interacting with the Volumez AWS Cloud backend.
Internet access is restricted by ensuring that:
All communication is outbound only and encrypted (HTTPS over Port 443).
Authentication and token-based security validate all requests.
DNS routing and traffic are secured via AWS Route 53 and WAF.
Backend services and static content delivery use isolated, secure, and controlled infrastructures.
Connector Deployment:
The Connector runs on tenant Virtual Machines (VMs) in AWS, Azure and OCI instances. It communicates over Port 443 (HTTPS) to ensure secure outbound connections.
Integration with Volumez AWS Cloud:
Connectors interact with the Volumez backend via the API Gateway (REST API or Kafka Proxy) secured with Cognito authentication. For more information on tokens, authentication etc. check out this article.
DNS routing occurs through Route 53, with additional security provided by a WAF (Web Application Firewall).
Volumez Backend Services:
Requests are processed by the Volumez Orchestrator Service, REST Service, and Kafka REST Service.
Authentication and token validation occur through the Volumez Token Service, leveraging AWS Cognito.
Backend data and communication are handled by a secure and scalable infrastructure, ensuring reliable performance and monitoring.
Static Content and User Access:
User-facing static content is served via AWS CloudFront with backing storage in S3.