StackExplorer

EASE Architecture Overview

This document provides a high-level overview of the EASE platform architecture.

System Architecture

┌─────────────────────────────────────────────────────────────┐
│                     Users / Mobile Apps                      │
└──────────────────────────┬──────────────────────────────────┘
                           │ HTTPS
                           ▼
┌─────────────────────────────────────────────────────────────┐
│                      Kong API Gateway                        │
│  • Routing            • Rate Limiting    • OAuth/JWT         │
│  • Load Balancing     • Caching         • SAP/ERP Proxy     │
└────┬──────────┬──────────┬──────────┬────────────┬──────────┘
     │          │          │          │            │
     ▼          ▼          ▼          ▼            ▼
┌─────────┐ ┌────────┐ ┌──────┐ ┌─────────┐ ┌────────────┐
│ Next.js │ │  .NET  │ │Node.js│ │ FastAPI│ │  External  │
│Frontend │ │  Core  │ │WebSocket│ │  BACH  │ │  Systems   │
│         │ │Services│ │       │ │Chatbot │ │ (SAP, ERP) │
└─────────┘ └────┬───┘ └───┬───┘ └────┬────┘ └────────────┘
                 │         │          │
                 └─────┬───┴──────────┘
                       ▼
            ┌──────────────────────┐
            │    Data Layer        │
            ├──────────────────────┤
            │ • Oracle (Primary)   │
            │ • Redis (Cache)      │
            │ • PostgreSQL (AI)    │
            └──────────────────────┘

Layer Breakdown

1. API Gateway (Kong)

Purpose: Single entry point for all traffic

Responsibilities:

  • Route requests to appropriate services
  • JWT validation and OAuth flows
  • Rate limiting and throttling
  • Request/response transformation
  • Integration proxy for SAP/ERP systems
  • Caching frequently accessed data
  • Circuit breaking for fault tolerance

Why Kong?

  • Battle-tested at Fortune 500 scale
  • Rich plugin ecosystem
  • Vendor-neutral (no cloud lock-in)
  • Perfect for legacy system integration

2. Frontend Layer (Next.js)

Technology: Next.js 15 + React + shadcn/ui

Features:

  • Server-side rendering (SSR) for SEO
  • Static generation where appropriate
  • Built-in authentication flows
  • RBAC-aware UI components
  • AI chatbot integration (Ctrl+/)
  • Ticketing module (Ctrl+Shift+T)

Key Components:

frontend/
├── app/              # Next.js App Router
│   ├── (auth)/      # Authentication pages
│   ├── (dashboard)/ # Main application
│   └── api/         # API routes
├── components/
│   ├── auth/        # Login, SSO components
│   ├── rbac/        # Permission-aware components
│   ├── chatbot/     # AI chatbot UI
│   └── ui/          # Reusable UI components
└── lib/
    ├── api-client.ts   # Backend communication
    ├── auth.ts         # Authentication utilities
    └── permissions.ts  # RBAC helpers

3. Backend Services (.NET Core)

Technology: .NET Core 8 + ASP.NET Web API

Why .NET Core?

  • Leverage existing team expertise
  • Excellent Oracle integration
  • Strong typing and tooling
  • Cross-platform
  • High performance

Service Architecture:

backend/
├── AuthService/           # SSO, JWT, sessions
├── UserService/           # User management
├── TenantService/         # Multi-tenancy
├── [YourService]/         # Your business logic
└── Shared/
    ├── Ease.Core/         # Common models, DTOs
    ├── Ease.Database/     # Oracle utilities
    └── Ease.Security/     # RBAC framework

Key Patterns:

  • Base classes for consistency (BaseController, BaseService, BaseRepository)
  • Dependency injection throughout
  • Repository pattern for data access
  • Automatic tenant filtering
  • Comprehensive logging with context

4. Real-Time Services (Node.js)

Technology: Node.js + Socket.io

Use Cases:

  • WebSocket connections for real-time updates
  • Push notifications
  • Live collaboration features
  • Event broadcasting per tenant

Why Node.js?

  • Excellent for real-time / WebSocket
  • Complements .NET Core for async tasks
  • Large ecosystem for integrations

5. AI/Chatbot (FastAPI + Python)

Technology: FastAPI + Python

Features:

  • BACH ensemble integration
  • RAG (Retrieval Augmented Generation)
  • Context-aware assistance
  • Code search and explanation
  • Natural language documentation queries

Architecture:

chatbot/
├── main.py              # FastAPI app
├── services/
│   ├── bach_client.py   # BACH integration
│   ├── rag_service.py   # Document retrieval
│   └── embedding.py     # Vector embeddings
├── tools/
│   ├── code_search.py   # Search codebase
│   └── doc_search.py    # Search documentation
└── models/              # Cached ML models

6. Data Layer

Oracle Database (Primary)

Features:

  • Pluggable Databases (PDB) for large tenants
  • Virtual Private Database (VPD) for row-level security
  • Transparent Data Encryption (TDE)
  • RAC for high availability
  • Advanced queueing

Schema Design:

  • Tenant isolation via VPD policies
  • Audit logging for compliance
  • Optimized indexes
  • Partitioning for performance

Redis (Caching)

Use Cases:

  • Session storage
  • API response caching
  • Rate limiting counters
  • Real-time data (leaderboards, counters)
  • Pub/Sub for events

PostgreSQL (AI Metadata)

Use Cases:

  • Vector embeddings for RAG
  • Full-text search
  • AI conversation history
  • Analytics data

Data Flow Examples

User Authentication Flow

1. User → Next.js → Kong → AuthService
2. AuthService → Oracle (verify credentials)
3. AuthService → Oracle (load roles/permissions)
4. AuthService ← Generate JWT with claims
5. Kong ← Set secure HTTP-only cookie
6. User ← Redirect to dashboard

API Request with RBAC

1. User → Next.js (with JWT cookie)
2. Next.js → Kong → BookingService
3. Kong validates JWT, extracts claims
4. BookingService:
   - Extract tenant_id from claims
   - Extract user_id from claims
   - Check permission (BOOKING_CREATE)
5. BookingService → Oracle (via VPD)
   - VPD automatically filters by tenant_id
6. BookingService ← Data
7. User ← Response

Chatbot Query Flow

1. User (Ctrl+/) → BACH UI component
2. BACH UI → FastAPI Chatbot
3. Chatbot:
   - Extract context (current page, user role)
   - Search documentation (RAG with embeddings)
   - Build enriched prompt
   - Call BACH ensemble
4. Chatbot ← AI response with sources
5. User ← Formatted answer + source links

Multi-Tenancy Strategies

EASE supports three strategies:

Strategy 1: Pluggable Database (PDB)

  • When: Fortune 500 clients, >10K users
  • Isolation: Complete database separation
  • Benefits: Maximum isolation, independent scaling
  • Cost: Highest

Strategy 2: Schema Per Tenant

  • When: Mid-market, 100-10K users
  • Isolation: Separate schemas, shared DB
  • Benefits: Good isolation, moderate cost
  • Cost: Medium

Strategy 3: Shared Schema + VPD

  • When: Small businesses, <100 users
  • Isolation: VPD row-level filtering
  • Benefits: Most cost-effective
  • Cost: Lowest

Security Layers

Defense in Depth

  1. Network Layer

    • WAF (Web Application Firewall)
    • DDoS protection
    • TLS 1.3 encryption

  2. Gateway Layer (Kong)

    • JWT validation
    • OAuth flows
    • Rate limiting
    • IP whitelisting (if needed)

  3. Application Layer

    • Input validation
    • CSRF protection
    • XSS prevention
    • SQL injection prevention

  4. Business Logic Layer

    • Permission checks
    • Tenant validation
    • Data validation

  5. Database Layer

    • VPD (row-level security)
    • TDE (encryption at rest)
    • Audit logging

Observability

Logging (ELK Stack)

  • Centralized logging with Elasticsearch
  • Logstash for processing
  • Kibana for visualization
  • Every log includes: tenant_id, user_id, correlation_id

Metrics (Prometheus + Grafana)

  • Application metrics
  • System metrics
  • Business metrics
  • Custom dashboards

Tracing (Jaeger)

  • Distributed tracing
  • Request flow visualization
  • Performance bottleneck identification

Secrets (HashiCorp Vault)

  • Centralized secret management
  • Dynamic secrets
  • Encryption as a service

Deployment

Development

  • Docker Compose for local development
  • Hot reload for fast iteration

Production

  • Kubernetes for orchestration
  • Helm charts for deployment
  • Blue-green deployments
  • Auto-scaling based on metrics

Performance Targets

MetricTarget
API Response Time (p95)< 200ms
Page Load Time< 2s
Concurrent Users10,000+
Database ConnectionsPooled, efficient
Uptime99.9%

Scaling Strategy

Horizontal Scaling

  • Frontend: CDN + multiple Next.js instances
  • Backend: Load balanced .NET services
  • Database: Oracle RAC
  • Cache: Redis cluster

Vertical Scaling

  • Database optimization (indexes, partitioning)
  • Caching strategies
  • Async processing where appropriate

Cost Optimization

Monthly Infrastructure Cost (Production):

  • Compute: ~$1,170
  • Oracle RAC (2 nodes): ~$2,400
  • Redis Cluster: ~$180
  • Storage + Backups: ~$415
  • Network: ~$230
  • Monitoring: ~$500
  • Total: ~$4,895/month

vs. Pure Cloud: $8K-12K/month EASE Advantage: 40-60% cost savings

Next Steps

Need help? Press Ctrl+/ to ask BACH anything about EASE architecture!