About This Architecture

IVS Technical Architecture integrates browser and mobile clients through segregated internal and external traffic paths, each with dedicated SSO and API Gateway layers. Internal traffic routes through Active Directory and Internal Traffic SSO, while external traffic passes through WAF, External Traffic API Gateway, and External Traffic SSO before reaching Docker Host containers running microservices like device-management-service, ivs-scanning-verification-services, and appcentre. The architecture employs a DMZ security boundary, ESB for service integration, and distributed databases (SSO DB, API Gateway DB, App DB) to isolate authentication, routing, and application data. This enterprise-grade design demonstrates defense-in-depth principles with separate authentication paths, network segmentation, and containerized service deployment. Fork and customize this diagram on Diagrams.so to adapt the topology for your organization's security posture and service inventory.

People also ask

How do you design a secure enterprise architecture with separate internal and external API gateways, SSO authentication, and containerized microservices?

This diagram shows a defense-in-depth architecture separating internal traffic (via Internal Traffic SSO and API Gateway) from external traffic (via WAF, External Traffic API Gateway, and External Traffic SSO). Both paths authenticate against Active Directory and SSO DB, route through Docker hosts running microservices (device-management-service, ivs-scanning-verification-services, appcentre), and