Startup payment fintech in India, ContosoPay wants to deploy the payment APIs in the cloud. ContosoPay needs a Solutions Architect to guide them about complete architecture for the below priorities.
High availability: ContosoPay wants to make sure that its domain name and APIs are highly available.
Scalability: Traffic can spike during evenings and weekends as the payment gateway is used heavily by food delivery apps.
Cost Optimization: Because of the recession, start-ups would also need cost-optimized architecture to sustain during these uncertain macroeconomic situations.
Security: Being a fintech, security is Day 0 priority for ContosoPay. The underlying infrastructure for the API deployment should be secured. The principle of least privileged should be followed while granting access and permissions management to engineering, and DevOps teams.
Data: Data localization, and data residency are important as this is a fintech.
ACID Compliant: ContosoPay’s payment transactions need to be handled with an OLTP data store and have to be ACID-compliant as ContosoPay is in the payment industry. The customer would like SA’s recommendation about the appropriate database.
The database should be highly available as the reliability of the database is most important for any fintech and is a key differentiator for their business.
Performance is critical for database operations as SLA for P90+ latency need to be met. Not meeting SLAs could mean a business loss to ContosoPay.
The scalability of the database is also important because the storage on the database may grow over time. The latest repeat queries for merchants need to be fetched within microseconds.
NoSQL: ContosoPay needs to store clickstream data to analyse features which are used heavily by merchants. The simple requirement here is ContosoPay should be able to get all data for a merchant at single-digit millisecond latency. It could sometimes be sorted with the merchant’s GST if the same merchant has multiple GSTs.
Needless to say, Database should be highly available and highly scalable with the load.
Approach a Solution
Designing a solution architecture can be a complex task, but there are some steps you can follow to approach it effectively:
Understand the problem: Before you can design a solution architecture, you need to understand the problem you’re trying to solve. Gather requirements from stakeholders and identify the main goals of the project.
Define the Scope: Identify the scope of the project and define the boundaries of what the solution should and should not include.
Research Reference Solutions: Refer to existing solutions that are similar to what you’re trying to build. Analyze their strengths and weaknesses and identify what features you can borrow or improve upon.
I have found below two Azure reference architectures which are quite close to our problem statement:
Design the Architecture
Create a detailed architecture diagram that includes all the components, data flows, and interactions between them. This diagram should serve as a blueprint for the development team to follow.
I have used the online drawing tool: https://excalidraw.com to draw the architectural diagram, it has a rich collection of icon libraries that was sufficient for me. I did find a couple of useful VSCode plug-ins which you can also try out.
Here is an initial draft version of the Architectural diagram:
- Workloads are deployed across the Availability Zone for high availability. Availability zones are physically separate data centres within a Region. Each zone is connected through high-speed, private fibre-optic networks with other zones. If one zone goes down, the other continues working
- A zone-redundant instance of Azure Application Gateway routes traffic to VMs Scalesets within the web tier. Application Gateway is an application layer load balancer, it operates at OSI layer 7 and can do URL-based routing. In case of a zone failure Application Gateway routes the traffic to other available zones
- A zone-redundant load balancer routes traffic from the VMs in the web tier to the active SQL Server instance. Azure Load Balancer is a high-performance, ultra-low-latency Layer 4 load-balancing service. In the case of SQL Server failure, the load balancer detects the failover and routes the traffic to the active instance
- Scalability means the ability to scale or de-scale the services and resources to meet the demand.
- There are two types of Scaling: Vertical and Horizontal
- Vertical Scaling: Upgrading or Downgrading the RAM and CPU, this also refers to Scaling up and Scaling down
- Horizontal Scaling: Deploying more or Removing the excess resources, this also refers to Scaling out and Scaling in
- Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities
- Azure Network Security Group filters network traffic between Azure resources in an Azure virtual network. It contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
- DDoS protection provides enhanced DDoS mitigation features to defend against DDoS attacks. It’s automatically tuned to help protect your specific Azure resources in a virtual network
- AAD B2C for business-to-customer identity management
- Azure Bastion provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to the VMs within a virtual network
- Azure Key Vault is used to store the encryption keys and database connection string
- SQL Server has an in-built feature to encrypt the data at rest using the encryption keys stored securely in Key Vault
- SQL Server Always On feature provides high availability at the data tier by enabling replication and failover
- Azure Functions takes in user clickstream data from websites
- Event Hubs ingests raw click-stream data from Azure Functions and passes it on to Stream Analytics
- Azure Stream Analytics aggregates click in near real-time by product, offer, and user. Writes to Azure Cosmos DB
- Azure Cosmos DB stores aggregated data of clicks by user, and product, and offers user-profile information
- Power BI enables visualization of user activity data and offers presented by reading in data from Azure Cosmos DB
Validate and Iterate
Validate the design: Review the design with stakeholders and get their feedback. Ensure that the design meets the project’s requirements and aligns with the organization’s overall strategy.
Iterate: Solution architecture is an iterative process, so be prepared to refine and improve the design as you move forward.
Remember that good solution architecture is not only about designing a technical solution that works but also about designing a solution that meets the needs of the business and the users.