Platform Architecture

The Kurtosys platform is based on a modern, secure and scalable technology stack.

Kurtosys Platform Architecture

The Kurtosys platform is based on a modern, secure and scalable technology stack. At its core is a set of Microservices, each of which deals with an independent slice of platform functionality. Each service can be scaled both vertically (more RAM and CPU) and horizontally (more instance of an individual service).

The primary data store is a MemSQL DB cluster. MemSQL is a distributed, in-memory database that speaks the MySQL wire protocol. Being in-memory affords it considerable performance gains over disk based databases, while clustering allows it to scale horizontally as new tenants are added to the platform.

The core platform also utilizes several other technologies, most important of which are Docker and Percona. These are used to host and manage WordPress for Finance instances. The Docker cluster is used to host and scale the individual site containers for each tenant.

One tenant can have many sites, and each may have a different load profile, so as you would expect each can be scaled vertically and horizontally depending on load. The Percona cluster hosts the WordPress content databases for each site, and can also be scaled to match demand from tenants.

For large scale object storage, for data elements such as documents and page snapshots, AWS S3 is utilized. To handle system loads that require ‘burst’ performance we utilize AWS Lambda.

All other elements of the platform are housed within one of our private data centers, managed by Rackspace. We host primary data centers in the UK (London) and in the United States (Virginia), with each serving as the DR peer for one and other. In 2018 we will be adding in-region Disaster Recovery to meet the data domicile needs of our growing customer base.

All access to the platform is provided via a set of load-balanced NGINX proxies, which in turn sit behind our firewall. From a security perspective we utilize both internal security scanning software and intruder detection measures to ensure the platform remains secure.

For website and portal customers we offer Akamai DDoS, CDN, and WAF protection for inbound traffic. The CDN or ‘Content Delivery Network’ component allows customers with a global customer base to serve information quickly regardless of the visitor’s location.

The WAF or ‘Web Application Firewall’ component scans for malicious traffic patterns and blocks visitors that exhibit these traits, actively defending against hacking attempts. Finally, the DDoS or ‘Distributed Denial Of Service’ component can prevent attempts to take down sites using large volumes of traffic or by flooding the servers with certain types of requests.