Network Interactions and Private Connections for ULZ
- Andreas Hauri
Scope
This document provides an overview of the Unique FinanceGPT connectivity architecture, including:
Architecture Overview: High-level depiction of system connectivity.
Component Breakdown: Descriptions of key components and their interactions.
Security Measures: Outline of protocols ensuring data integrity and confidentiality.
Integration Points: Details on external service and database integration.
Data Flow: Explanation of data movement through the system.
Audience
This document is intended for the following audiences:
Development Teams: To understand the architecture, components, and integration points for effective implementation and maintenance.
Operations Teams: To manage, monitor, and troubleshoot the system based on its connectivity and security protocols.
Security Analysts: To assess and ensure the integrity and confidentiality of data within the system.
Stakeholders: To gain insight into the system's design, capabilities, and integration with external services.
The goal is to provide a clear, comprehensive understanding of the Unique FinanceGPT connectivity architecture to all relevant parties involved in its lifecycle.
Architecture Diagrams
High-Level Connectivity Diagram
Components:
unique.app: User-facing application accessible via HTTPS.
Application Gateway: Manages incoming HTTP/HTTPS traffic and forwards it to the appropriate services.
AKS (Azure Kubernetes Service): Orchestrates containerized applications.
Persistent Volumes: Storage for stateful applications.
Document Intelligence: Document processing service.
OpenAI: Integration with OpenAI services.
Redis Cache: In-memory data structure store, used as a cache.
Flexible Postgres: Managed PostgreSQL database service.
Data Flow:
Incoming traffic from unique.app and Integrations hits the Application Gateway.
The gateway routes traffic to the AKS cluster.
AKS interacts with storage accounts, external services, and databases via secure protocols (HTTPS, TCP-TLS).
Connectivity matrix:
From | To | Nature | Protocol | Description |
|---|---|---|---|---|
Unique App (Client) | Application Gateway | API Calls | HTTPS | The client application interacts with the system via secure HTTP API calls to the Application Gateway. |
Integrations | Application Gateway | API Calls | HTTPS | External systems or services send and receive data through secure API calls to the Application Gateway. |
Application Gateway | AKS | API Calls/Data Exchanges | HTTPS | The Application Gateway forwards incoming API requests and data to the AKS for processing. |
AKS | Storage Accounts (Ingestion Cache, Knowledge Base, App Logs) | Data Exchanges/API Calls | HTTPS | AKS interacts with storage accounts to read and write data, including caching, accessing the knowledge base, and logging. |
AKS | Redis Cache | Data Exchanges | TCP-TLS | AKS communicates with Redis Cache through a private endpoint to store and retrieve cached data securely. |
AKS | Flexible Postgres | Data Exchanges | TCP-TLS | AKS interacts with Flexible Postgres for database operations, using a private network link to ensure secure communication. |
AKS | Kubernetes Services API | API Calls | HTTPS | Internal API calls within the Kubernetes cluster for management, orchestration, and service discovery. |
AKS | Persistent Volumes | Data Exchanges | NFS | AKS uses NFS protocol to interact with persistent storage volumes for reading and writing persistent data. |
AKS | Document Intelligence | API Calls | HTTPS | AKS makes secure API calls to the Document Intelligence service to process and analyze documents. |
AKS | OpenAI | API Calls | HTTPS | AKS communicates with OpenAI services via secure API calls for leveraging AI capabilities. |
Detailed Component Diagram
Component Descriptions:
Storage Accounts: Different storage accounts for ingestion cache, knowledge base, and application logs.
Private Endpoints: Secure links to internal services ensuring data does not traverse the public internet.
Kubernetes Services Service API: Manages interactions with the Kubernetes cluster.
NFS: Network File System for persistent storage.
Various Integrations: Including monitoring, logging, security, and external API interactions.
Security Considerations
HTTPS and TCP-TLS: All communications are encrypted using HTTPS or TCP-TLS ensuring data integrity and confidentiality.
Private Endpoints and Network Links: Securely connect resources within the Azure network, reducing exposure to potential threats.
Workload Identity: Managed identities are used for secure access to resources, minimizing the need for secrets in the code.
Conclusion
The Unique FinanceGPT solution is architected to provide robust, scalable, and secure interactions between various components. The architecture leverages Azure's managed services to ensure high availability and performance.
Author | @Serghei Goineanu |
|---|
© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service