How to design your first Solution Architecture Diagram?

Adil Ansari
5 min readMay 2, 2023

--

Problem Statement

Startup payment fintech in India, ContosoPay wants to deploy the payment APIs in the cloud. ContosoPay needs a Solutions Architect to guide them about complete architecture for the below priorities.

High availability: ContosoPay wants to make sure that its domain name and APIs are highly available.

Scalability: Traffic can spike during evenings and weekends as the payment gateway is used heavily by food delivery apps.

Cost Optimization: Because of the recession, start-ups would also need cost-optimized architecture to sustain during these uncertain macroeconomic situations.

Security: Being a fintech, security is Day 0 priority for ContosoPay. The underlying infrastructure for the API deployment should be secured. The principle of least privileged should be followed while granting access and permissions management to engineering, and DevOps teams.

Data: Data localization, and data residency are important as this is a fintech.

ACID Compliant: ContosoPay’s payment transactions need to be handled with an OLTP data store and have to be ACID-compliant as ContosoPay is in the payment industry. The customer would like SA’s recommendation about the appropriate database.

The database should be highly available as the reliability of the database is most important for any fintech and is a key differentiator for their business.

Performance is critical for database operations as SLA for P90+ latency need to be met. Not meeting SLAs could mean a business loss to ContosoPay.

The scalability of the database is also important because the storage on the database may grow over time. The latest repeat queries for merchants need to be fetched within microseconds.

NoSQL: ContosoPay needs to store clickstream data to analyse features which are used heavily by merchants. The simple requirement here is ContosoPay should be able to get all data for a merchant at single-digit millisecond latency. It could sometimes be sorted with the merchant’s GST if the same merchant has multiple GSTs.

Needless to say, Database should be highly available and highly scalable with the load.

Approach a Solution

Designing a solution architecture can be a complex task, but there are some steps you can follow to approach it effectively:

Understand the problem: Before you can design a solution architecture, you need to understand the problem you’re trying to solve. Gather requirements from stakeholders and identify the main goals of the project.

Define the Scope: Identify the scope of the project and define the boundaries of what the solution should and should not include.

Research Reference Solutions: Refer to existing solutions that are similar to what you’re trying to build. Analyze their strengths and weaknesses and identify what features you can borrow or improve upon.

I have found below two Azure reference architectures which are quite close to our problem statement:

Design the Architecture

Create a detailed architecture diagram that includes all the components, data flows, and interactions between them. This diagram should serve as a blueprint for the development team to follow.

I have used the online drawing tool: https://excalidraw.com to draw the architectural diagram, it has a rich collection of icon libraries that was sufficient for me. I did find a couple of useful VSCode plug-ins which you can also try out.

https://marketplace.visualstudio.com/items?itemName=bencoleman.armview

https://marketplace.visualstudio.com/items?itemName=hediet.vscode-drawio

Here is an initial draft version of the Architectural diagram:

Azure Architectural diagram

Explanation

High availability

  • Workloads are deployed across the Availability Zone for high availability. Availability zones are physically separate data centres within a Region. Each zone is connected through high-speed, private fibre-optic networks with other zones. If one zone goes down, the other continues working
  • A zone-redundant instance of Azure Application Gateway routes traffic to VMs Scalesets within the web tier. Application Gateway is an application layer load balancer, it operates at OSI layer 7 and can do URL-based routing. In case of a zone failure Application Gateway routes the traffic to other available zones
  • A zone-redundant load balancer routes traffic from the VMs in the web tier to the active SQL Server instance. Azure Load Balancer is a high-performance, ultra-low-latency Layer 4 load-balancing service. In the case of SQL Server failure, the load balancer detects the failover and routes the traffic to the active instance

Scalability

  • Scalability means the ability to scale or de-scale the services and resources to meet the demand.
  • There are two types of Scaling: Vertical and Horizontal
  • Vertical Scaling: Upgrading or Downgrading the RAM and CPU, this also refers to Scaling up and Scaling down
  • Horizontal Scaling: Deploying more or Removing the excess resources, this also refers to Scaling out and Scaling in

Security

  • Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities
  • Azure Network Security Group filters network traffic between Azure resources in an Azure virtual network. It contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
  • DDoS protection provides enhanced DDoS mitigation features to defend against DDoS attacks. It’s automatically tuned to help protect your specific Azure resources in a virtual network
  • AAD B2C for business-to-customer identity management
  • Azure Bastion provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to the VMs within a virtual network

Data

  • Azure Key Vault is used to store the encryption keys and database connection string
  • SQL Server has an in-built feature to encrypt the data at rest using the encryption keys stored securely in Key Vault
  • SQL Server Always On feature provides high availability at the data tier by enabling replication and failover

Analytics

  • Azure Functions takes in user clickstream data from websites
  • Event Hubs ingests raw click-stream data from Azure Functions and passes it on to Stream Analytics
  • Azure Stream Analytics aggregates click in near real-time by product, offer, and user. Writes to Azure Cosmos DB
  • Azure Cosmos DB stores aggregated data of clicks by user, and product, and offers user-profile information
  • Power BI enables visualization of user activity data and offers presented by reading in data from Azure Cosmos DB

Validate and Iterate

Validate the design: Review the design with stakeholders and get their feedback. Ensure that the design meets the project’s requirements and aligns with the organization’s overall strategy.

Iterate: Solution architecture is an iterative process, so be prepared to refine and improve the design as you move forward.

Remember that good solution architecture is not only about designing a technical solution that works but also about designing a solution that meets the needs of the business and the users.

--

--

Adil Ansari

Experienced C#, .Net, Office 365, and Azure Developer with around 15 years of experience in designing and implementing the maintainable software