Pulse is a multi-cloud distributed system with services deployed across various resource groups within Microsoft Azure and Amazon AWS.
Architectural Summary
Pulse is a .NET application based on a service-oriented architecture with various microservice extensions. A majority of Pulse services are split into 2 resource groups:
- .Net layer (elastic group): Pulse UI Application, Pulse Web Services & Primary Customer Databases
- Microservices (k8s group): Microservices & Supporting Microservice Databases
The .Net layer
The .Net layer consists of 2 applications, the Pulse UI and Pulse Web Services. The Pulse Web Service application is built upon the .NET Web API framework and is designed for usage within the Pulse UI application. The .net layer uses load balanced virtual machines to host the applications. The number of active machines varies depending on demand. The use of multiple virtual machines ensures high availability as well as allowing for rolling deployments with no down time. Virtual machine management and software deployments are managed through automated Azure DevOps pipelines.
Tenancy
The .Net layer houses multi-tenanted application services meaning a single application instance may handle requests from different customer accounts. However, all customer databases are single tenanted ensuring complete (physical) data isolation.
Customer Databases
Each Pulse database is managed as part of a SQL Elastic Pool. This provides the ability to scale databases independently depending on usage demands. Every customer database is a Microsoft Azure SQL Database (SQL Server 2016 compatible) and has Point-in-Time-Restore (PiTR) capabilities of up to 7 days. Weekly backups are stored for 1 year. Custom retention policies may be configured upon request. All databases are encrypted at rest and hosted within Australian data centers.
On-premises Service Integration
Where possible, Pulse integrates with third party applications via RESTful APIs. Pulse has a number of pre-built integration points used for data extraction, authentication, file storage, importing of content and more.
Where APIs are not readily available, Pulse uses client connectors to extract data from on-premises systems. These client connectors are microservices deployed within the council network which allows Pulse to interrogate systems over secure channels using read-only service accounts.
Microservices
Microservices are used to extend the capabilities of Pulse. These services are designed to be consumed by any authorised 3rd party application including Pulse through public APIs.
Microservices are network based applications and can be developed using a variety of technology stacks. Examples of Microservices used by Pulse are:
- Dynamic form services
- Workflow management / execution
- SSO & authentication
- Cryptography
- Document generation & reporting
Pulse uses an Azure Kubernetes cluster to manage and deploy microservices. The clusters control-plane components make decisions about the running environment based on metrics provided by the nodes.
Service Databases & Persistent Storage
Microservices may make use of a variety of data storage mechanisms from PostgreSQL (AWS RDS), MongoDB (Azure) and S3 (AWS). Each database used stores encrypted data at rest and is backed up based on regular intervals. All PostgresQL databases have point in time restore capabilities of up to 7 days. All MongoDB databases have restorable snapshots taken multiple times per day. All databases are secured with network security groups within each virtual private cloud network.
Cloudflare
Pulse uses Cloudflare for the following services:
- DNS
- IP blacklisting of known bad IPs
- IP whitelisting (optional configuration)
- Edge caching of static content
- Anti-DDoS measurements
- Bot protection
- HTTPS / TLS certificate management
- Firewall management
- Threat detection and prevention
- Traffic metrics / analytics