eMagiz Cloud - Inner Workings

In this fundamental, we'll explore the inner workings of the eMagiz Cloud, focusing on its structure, operations, and benefits for customers. We'll delve into how the cloud is designed to support multiple customer environments, the details of each customer environment, and the key advantages of deploying in the eMagiz Cloud.

Should you have any questions, please get in touch with academy@emagiz.com.

1. Prerequisites

• Some context on cloud functionality will be helpful.

2. Key concepts

• Each eMagiz model is deployed in a client specific VPC (Virtual Private Cloud) in the eMagiz Cloud
• The eMagiz Cloud is automated on AWS technology - all VPC's reside in eu-central-01
• A carwash serves as entry point for all incoming traffio to allow highest level of security and to route this traffice to the right VPC
• Each VPC has DNS functionality to ensure that external systems don't have to call an IP address directly
• Each VPC is automatically monitored by the eMagiz Cloud
• You can add additional features to your specific VPC such as DirectConnect, VPN or fixed IP addresses
• A double lane means that all machines are duplicated to increase uptime of the deployed Model. The JMS Server is setup in a failover (active-passive) manner

3. eMagiz Cloud - Inner Workings

When running your eMagiz solution, there are generally two methods of deployment: the cloud and the on-premise (i.e., in your data center) options. We see strong development in cloud-based functionality across markets. Furthermore, patterns such as API Gateway and Event Streaming are tailored for a cloud-only approach. Given all those characteristics, we have an eMagiz Cloud first strategy when further developing our patterns and features across the platform.

In this fundamental, we will zoom in on how the eMagiz Cloud is structured and how it operates for you as a customer. We will start our journey at a high level and focus on how we support multiple customer environments within the same eMagiz Cloud. From there, we will focus on the details of each customer environment. Building on that, we show the differences between a single-lane and double lane setup. Last but not least, we will focus on the key benefits deploying in the eMagiz Cloud holds for you.

3.1 High-level overview

The first perspective we take on the Cloud is how we run multiple customers within the same eMagiz Cloud solution that we offer. The picture below shows how we structured our Cloud to ensure your data is kept safely within your environment.

The outer line of the picture represents the total eMagiz Cloud. Our support department and cloud admins have access to this level, which allows them to access each customer environment if need be. Going deeper, we see the standard region where all our customers' data is kept. This default region (eu-central-01 located in Frankfurt) allows us to keep data under European Law and reduces latency as most of our customer base is in Europe. Within this region, we have what we call a Carwash. This carwash is placed in front of each of our customer VPCs to add a layer of security. This layer restricts access to customer endpoints. Behind the carwash, we have one separate VPC per customer model. So when you have multiple models running in eMagiz (as part of your Enterprise license), you will effectively have the same amount of VPCs in the Cloud (assuming all of them run in the Cloud). This allows for the best possible separation of concerns between customers and models.

3.2 Customer level overview

Now that we have a conceptual idea of how the various customers within the Cloud are separated from each other, we will zoom in on how a standard single-lane VPC setup looks.

We again see the eMagiz Cloud's outer layers and the region. But in this overview, we zoomed in on one of the customer VPCs shown in the previous paragraph. When zooming in, we see several new things emerge within the picture. At first, we have an Internet Gateway that connects your VPC to the Internet. This way, the carwash can redirect the traffic to the correct VPC, and the VPC can subsequently receive and process the message. Immediately after the gateway, a load balancer determines whether the data is on HTTPS or JMS level. Depending on that, the message will be sent to the core of the connector machine. This allows each VPC to communicate securely with the outside world, meaning that HTTPS traffic cannot be sent to the core machine.

Below the load balancer, we show our DNS functionality. This ensures that when external parties call an endpoint hosted within one of your flows, they do not have to know the IP address of your VPC but can call the DNS name that you configured partly within the portal. We finished by replacing the IP with emagizcloud.com within all the endpoints that eMagiz hosts. This makes life easier when allowing external parties to connect to your endpoints.

At the bottom of the picture, we see the EFS (Elastic File System). This file storage system stores meta-information securely for each customer so that only that customer can access it. A benefit of using this solution instead of regular file storage is that it can automatically scale. As a result, our cloud offering becomes more robust in dealing with high traffic surges. Furthermore, using EFS, your data is kept separate from the machines and can be re-used if the machines within the VPC need to be spun up in a different availability zone. To review: The EFS is also located in multiple availability zones for redundancy and disaster recovery.

To the right of the picture, we see the monitoring capabilities on the eMagiz Cloud level. Here, we depict our most noteworthy monitoring functionality, which will be triggered when your VPC or part of your VPC runs into trouble. Apart from the trigger, we also keep the log information for 30 days for analysis purposes if eMagiz Support needs to perform an RCA. This information is stored within the Systems Manager and CloudWatch.

Some of the monitoring triggers lead to an auto-healing action that restores the state of your environment to normal without anyone having to take action. This means that downtime in case of an outage is significantly reduced in these cases.

Moving over to the last portion of the overview, we see some of the features we offer on the eMagiz Cloud. For example, you can define a fixed IP on outbound traffic for cases where the external party uses IP whitelisting to verify traffic. Another feature is the data sink capability, which stores sunk messages in a bucket to be retrieved from the portal.

Please check out the suggested additional readings section for applied knowledge on how you can control the eMagiz Cloud from the portal and utilize some of these functionalities from the eMagiz portal.

3.3 Single lane vs. Double Lane

In the previous overview, we showed a single-lane setup. In the outline below, we deliver a double lane setup. The most fundamental difference between the two is that you have a mirror image of each piece of functionality you are running with the double lane. Having a mirror image of everything reduces the downtime of the environment during maintenance and unexpected outings of your environment.

In this double lane setup, the backup JMS is dormant until activated. All processing components running in the Cloud will run at the same. As a result, you will see the number of consumers double across all your queues.

3.4 Key benefits

Now that we have explained how our Cloud is configured, we will wrap up this fundamental by looking at the key benefits the Cloud holds for you when building your models with the help of the eMagiz platform. Below, we have summarized these key benefits:

• Each model has its VPC
• Meta information is stored on EFS for auto-scaling purposes
• Meta information is stored on EFS to guarantee a quick recovery in case of an outage
• Monitoring capabilities provide auto-healing options
• The eMagiz Cloud can be fully controlled via the eMagiz platform (check out our microlearnings under suggested additional readings)
• A carwash is placed in front of all VPCs to add a layer of security
• You can add additional features to your specific VPC

4. Key takeaways

• Each eMagiz model result in a separate VPC in the eMagiz Cloud
• eMagiz models are deployed in the AWS eu-central-01 zone by default - other regions are possible upon request
• A carwash is placed in front of all VPCs to add a layer of security
• Each VPC has DNS functionality to ensure that external parties don't have to call an IP address directly
• Each VPC is automatically monitored
• You can add additional features to your specific VPC
• Setting up a double lane is a safeguard against downtime
• The eMagiz Cloud can be controlled via the eMagiz platform (check out our microlearnings under suggested additional readings)

5. Suggested Additional Readings

If you are interested in this topic and want to learn how you can control your Cloud with the help of the eMagiz platform, please check out our microlearnings offering on eMagiz Cloud Management:

• Fundamental (Navigation)
  • eMagiz Security Guide (Explanation)
  • eMagiz Architecture (Explanation)
  • Licensed Features (Explanation)
• Novice Level (Menu)
  • eMagiz Cloud Management (Navigation)
• Intermediate Level (Menu)
  • eMagiz Cloud Management (Navigation)
  • Securing Data Traffic (Navigation)
    • Securing a hosted web service with certificates (Explanation)
• Advanced Level (Menu)
  • eMagiz Cloud Management (Navigation)
• Expert Level (Menu)
  • eMagiz Cloud Management (Navigation)
• eMagiz Cloud (Search Result)