The following article describes EasySend’s environment architecture and introduces the main environments: the Digital Processes Builder and the Player. The article also details a frequently asked questions section about both environments.
Production Environment Architecture
The architecture comprised of two environments, each deployed and managed independently to ensure proper customer data access separation and protection:
- The Digital Processes Builder - a User Interface (UI) editor used by members of your organization to design and create digital processes.
- The Player - a digital process viewer used by your end-users (customers/customers representatives (agents)) to interact with the created process, input data and submit requests.
Architecture Design concept
(See Figure 1)
This architecture was created as a part of our security perception to allow maintaining the following:
- A central multi-tenant environment for the Digital Processes Builder to harness and utilize the full flexibility of a Software as a service (SaaS) solution.
- The highest standard for security and data protection by creating multiple isolated single-tenant player environments - separately dedicated for every customer. The player environment is the only environment that handles personal customer data.
Figure 1: Single and Multi-Tenant
Builder Environment Introduction
(See Figure 2)
The Digital Process Builder is a multi-tenant environment that enables you to perform a variety of actions such as:
- Build - create and edit digital processes.
- Integrate - with different services, third-party Apps, core systems, and APIs like EasySign.
- Measure - using dashboards, get a detailed analysis of how digital processes are performing.
- Operate - track digital processes and create detailed tracking reports.
While digital processes are designed within the EasySend process builder, personal end-user information is never stored within the process builder environment.
Data stored within the Builder is used to define the behavior, look and feel, and business logic of the digital process.
Figure 2: Builder Platform UI
The Builder manages user access by assigning each user to one or more security groups. Each group in turn has restricted access only to their relevant resources. Tenant security groups have a built-in mechanism for restricting access to data of a specific tenant only. This methodology ensures complete data separation between different tenants.
Deploying a Digital Process
(See Figure 3 and Figure 4)
Once a digital process is created by the Builder, it is deployed by clicking the Deploy button and choosing the Player environment for deployment.
Figure 3: Deploy Button and Player Environment
When deploying a process, the player is updated to contain the latest version of the process as built using the Builder.
The deployment process uses an additional set of services and follows these steps:
- EasySend Web Server triggers a background task to initiate deployment, sent as a message on the message queue.
- The message is handled by one of the background task workers in the builder.
- The background task worker packages all the required resources into a zip archive, digitally signs it, and sends it to a Build server.
- The build server verifies signature validity, unpacks the zip archive, and performs additional build steps required for process deployments such as CSS asset construction, theme composition, and conditional and computed logic.
- The build server packs all assets back into a zip file, and digitally signs the package again. It then sends it to the relevant Player environment for deployment.
- The Player verifies the digital signature again, and upon successful verification, deploys the assets to a dedication location in an asset deployment bucket.
Figure 4: Deployment Process Services and Steps
Player Environment Introduction
EasySend Player environments are used to serve the digital processes to your end-users. EasySend player is based on a single-tenant architecture, allowing each organization to receive separate servers and databases.
Organizations typically use at least two separate Player environments:
- Development (Dev) - used for testing before moving into production.
- Production (Prod) - a live environment.
Additional environments such as QA, staging, and pre-prod can also be used according to the requirements of an organization.
The single-tenant architecture also enables complete separation between different environments of the same organization.
Frequently Asked Questions
This section contains different frequently asked questions about EasySend and their answers.
Q: What is the difference between the Builder and the Player?
A: The Digital Processes Builder is a UI editor used by members of your organization to design and create digital processes. The digital process viewer is used by your end-users to interact with the created process, input data, and submit requests.
Q: How many Player environments does an organization have?
A: Organizations would typically use at least two separate Player
environments (Dev/Prod) and possibly more (QA, Staging, Pre-prod) per requirements.
Q: Which environment stores and handles personal customer data?
A: personal end-user information is never stored within the Digital Process Builder environment. The player environment is the only environment that handles personal customer data.
Q: What measures are taken to protect the personal information provided by end-users?
A: All data is encrypted in transit and at rest. An additional encryption layer is added to all stored data. All the data is encrypted using AES 256 before being saved to the database while the encryption key is stored separately in the application server. In addition, all personal information expires as soon as it’s no longer needed
Q: Does each organization receive separated isolated resources?
A: The architecture of EasySend was created as a part of our security perception to allow maintaining the highest standard for security and data protection by creating multiple single-tenant player environments - separately for every customer.
The single-tenant architecture also enables complete separation between different environments of the same customer.