Cloud Hosting

• Cloud Hosting
• Introduction
• Architecture Diagram
• Architecture Components
• Azure Container Instances (ACI) - Compute Layer
• Sub-components
• Azure File Storage - Persistent Storage Layer
• Azure Database for PostgreSQL - Database Layer
• Azure App Service - Web Frontend
• Security
• Rollout

Introduction

MineTrust can be hosted in the cloud using Microsoft Azure services. This architecture leverages Azure Container Instances (ACI) for compute, Azure File Storage for persistent storage, Azure App Service for a web frontend, and a PostgreSQL database backend.

Architecture Diagram

Architecture Components

Azure Container Instances (ACI) - Compute Layer

• ACI provides a scalable, serverless compute environment to host microservices and application workloads.
• Containers run stateless processing tasks, including data transformation, ingestion, and API services.
• Secure communication with other Azure services using managed identities and private networking.

See also https://learn.microsoft.com/azure/container-instances/container-instances-overview.

Sub-components

• MineTrust: Core business logic container which hosts the main MineTrust processes, and exposes functionality via a REST API.
• Provisioner: Sidecar container responsible for the automatic provisioning of entities within MineTrust.
• NGINX: Acts as a reverse proxy, handling incoming traffic, load balancing, and API gateway functionalities.

Azure File Storage - Persistent Storage Layer

• Provides the underlying persistent file storage to both the MineTrust and Provisioner container instances.
• Supports high availability and redundancy with geo-replication capabilities.

See also https://learn.microsoft.com/azure/storage/files/storage-files-introduction.

Azure Database for PostgreSQL - Database Layer

• Provides a database backend for the MineTrust relational data model.
• May optionally be enabled from high availability, automated backups, and disaster recovery features.
• MineTrust communicates with the database backend via Entity Framework.

See also https://azure.microsoft.com/products/postgresql.

Azure App Service - Web Frontend

• Hosts the user-facing web application for managing and visualizing data (informally 'MineTrust Online').
• Connects to MineTrust backend via the REST API.

See also https://learn.microsoft.com/azure/app-service/overview.

Security

• The MineTrust Online web application endpoint is automatically secured using Transport Layer Security (TLS) when deployed to Azure.
• HTTP traffic between MineTrust and its client components may optionally be secured using TLS (an appropriate certificate must be provided).
• Encryption support for data at rest may be facilitated via the capabilities provided natively by Azure for those resources.

Rollout

• Deployment of the MineTrust cloud platform is orchestrated using Azure Resource Manager (ARM) templates.
• ARM templates provide infrastructure-as-code (IaC) to ensure consistent, repeatable deployments across environments.
• The rollout process automates provisioning of ACI instances, Azure File Storage, PostgreSQL databases, and Azure App Service.
• Internally, we integrate the ARM templates into our continuous integration and deployment (CI/CD) system to ensure reliability and consistency of the platform.