Platform architecture

At the core of our platform is a set of microservices, each dealing with one part of the platform’s functionality. Each microservice can be scaled both upwards or vertically (adding more memory and/or processing) and outwards or horizontally (adding more instances of the same type of service, as and when required by customers).

Data store

The primary data store is a MemSQL database cluster. MemSQL is a distributed, in-memory database that uses the MySQL wire protocol. Being in-memory gives it considerable performance gains over disk-based databases, while clustering allows it to scale horizontally as new tenants are added to the platform.

Microservices

The core platform also uses several other technologies, most importantly Docker  and  Percona. These are used to host and manage  WordPress for Finance websites.

The Docker cluster is used to host and scale individual site containers for each tenant (Kurtosys clients). One client can have many sites, each with their own unique load profile, so tenants, too, can be scaled vertically and horizontally.

The Percona cluster hosts the WordPress content databases for each site, and can also be scaled to match demand from tenants.

For large-scale object storage, specifically data elements such as documents and page snapshots, AWS S3 is used. To handle system loads that require ‘burst’ performance we use AWS Lambda.

All other elements of the platform are housed within one of our private data centers, managed by  Rackspace and AWS. We host primary data centers in the UK (London) and in the United States (Virginia), with each serving as the disaster recovery peer for one another. In 2018 we added in-region DR to meet the data domicile needs of our growing customer base.

Security

All access to the platform is controlled via a set of load-balanced NGINX proxies behind our firewall. To ensure platform security we use both internal security scanning software and intruder detection measures.

Our website and portal customers enjoy inbound traffic protection in the form of Cloudflare Distributed Denial of Service, Content Delivery Network, Global Edge Network and Web application Firewall. The CDN component allows customers with a global client base to serve information quickly, regardless of the visitor’s location. WAF scans for malicious traffic patterns and blocks visitors that exhibit these traits, actively defending against hacking attempts. And DDoS protection prevents attempts to take down sites using large volumes of traffic or by flooding the servers with certain types of requests.