Skip to main content

How to design your first Solution Architecture Diagram?

Problem Statement 

An e-commerce Startup in India, ContosoBuy is building an Order Management system and wants to deploy its Order processing APIs in the cloud. ContosoBuy is looking for a Cloud-based API hosting solution that is highly available, scalable, reliable, and cost-effective. 
 
APIs should be able to handle the demand during festival sales and seasonal offers, traffic can spike as more and more people start placing orders.

APIs should be secured against common web-hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting. The API deployment infrastructure needs to be secured too

It is important for the database supporting the API to be highly available and capable of handling failures in a graceful manner.

ContosoBuy also needs to store clickstream data for personalized marketing so that it can keep the customer engaged and informed thus increasing customer retention.

Approach a Solution

Designing a solution architecture can be a complex task, but there are some steps you can follow to approach it effectively:

Understand the problem: Before you can design a solution architecture, you need to understand the problem you're trying to solve. Gather requirements from stakeholders and identify the main goals of the project.

Define the Scope: Identify the scope of the project and define the boundaries of what the solution should and should not include.

Research Reference Solutions: Refer to existing solutions that are similar to what you're trying to build. Analyze their strengths and weaknesses and identify what features you can borrow or improve upon.

I have found below two Azure reference architectures which are quite close to our problem statement:

Design the Architecture

Create a detailed architecture diagram that includes all the components, data flows, and interactions between them. This diagram should serve as a blueprint for the development team to follow.

I have used the online drawing tool: https://excalidraw.com to draw the architectural diagram, it has a rich collection of icon libraries that was sufficient for me. I did find a couple of useful VSCode plug-ins which you can also try out.


Here is an initial draft version of the Architectural diagram:

Explanation

High availability
  • Workloads are deployed across the Availability Zone for high availability. Availability zones are physically separate data centres within a Region. Each zone is connected through high-speed, private fibre-optic networks with other zones. If one zone goes down, the other continues working
  • A zone-redundant instance of Azure Application Gateway routes traffic to VMs Scalesets within the web tier. Application Gateway is an application layer load balancer, it operates at OSI layer 7 and can do URL-based routing. In case of a zone failure Application Gateway routes the traffic to other available zones
  • A zone-redundant load balancer routes traffic from the VMs in the web tier to the active SQL Server instance. Azure Load Balancer is a high-performance, ultra-low-latency Layer 4 load-balancing service. In the case of SQL Server failure, the load balancer detects the failover and routes the traffic to the active instance
Scalability
  • Scalability means the ability to scale or de-scale the services and resources to meet the demand.
  • There are two types of Scaling: Vertical and Horizontal
  • Vertical Scaling: Upgrading or Downgrading the RAM and CPU, this also refers to Scaling up and Scaling down
  • Horizontal Scaling: Deploying more or Removing the excess resources, this also refers to Scaling out and Scaling in 
Security
  • Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities
  • Azure Network Security Group filters network traffic between Azure resources in an Azure virtual network. It contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
  • DDoS protection provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network
  • AAD B2C for business-to-customer identity management
  • Azure Bastion provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to the VMs within a virtual network
Data
  • Azure Key Vault is used to store the encryption keys and database connection string
  • SQL Server has an in-built feature to encrypt the data at rest using the encryption keys stored securely in Key Vault
  • SQL Server Always On feature provides high availability at the data tier by enabling replication and failover
Analytics
  • Azure Functions takes in user clickstream data from websites
  • Event Hubs ingests raw click-stream data from Azure Functions and passes it on to Stream Analytics
  • Azure Stream Analytics aggregates click in near real-time by product, offer, and user. Writes to Azure Cosmos DB
  • Azure Cosmos DB stores aggregated data of clicks by user, and product, and offers user-profile information
  • Power BI enables visualization of user activity data and offers presented by reading in data from Azure Cosmos DB

Validate and Iterate

Validate the design: Review the design with stakeholders and get their feedback. Ensure that the design meets the project's requirements and aligns with the organization's overall strategy.

Iterate: Solution architecture is an iterative process, so be prepared to refine and improve the design as you move forward.
Remember that good solution architecture is not only about designing a technical solution that works but also about designing a solution that meets the needs of the business and the users.

Comments