Aurva

PaaS Architecture on AWS

Reference architecture for the Aurva PaaS control plane on AWS.

High Level Architecture (Control Plane, Central)

paas-aws

Data Plane Interaction

Multiple dataplanes can be deployed across AWS, on premises environments, or other cloud providers. The primary responsibility of a data plane is to operate within customer business VPCs or accounts and collect relevant data based on the product license purchased by the organization.

For example, in the case of DAM, the data plane is responsible for collecting queries executed against customer data assets deployed within a specific AWS account or on premises network. After collecting the required data, the data plane forwards it to the Control Plane, where it is processed and made available for reporting to end users.

Dataplanes can be kept Centralised, as well as per account basis. The architecture of both of these data-planes are provided below with their technical prerequisites.

Per Account model (De-centralised)

paas-aws

Model Prerequisites:

  1. The Data Plane VPCs should be able to connect to the Management plane (Application or Network load balancer) via Private Link or VPC Peering.
  2. Every AWS Account / VPC will be hosting a Data Plane component.

Since the data plane resides in the same VPC as the target database, it can establish direct connectivity without the need for additional network whitelisting.

Centralised Account model

paas-aws

In a centralised account model, the data plane will also reside centrally (in the same VPC as the management plane)

Model Prerequisites:

  1. Control Plane infrastructure VPC should be able to reach the databases deployed in multiple different customer AWS Accounts.
  2. Cross Account IAM permissions should be provided to the Data Plane applications.

Advantages

  1. Infrastructure Management becomes very easy as we are managing everything in a centralized place.

Unlike the De-centralised approach, here we have to whitelist the VPC (by VPC peering) or use AWS Private link to connect privately to the database.

For a low level product wise overview of the Data Plane architecture, please refer to the following documentations:

  1. Data Plane for RDS DAM

  2. Data Plane for DSPM