Q-Sensei SaaS AWS Architecture

Q-Sensei Logs is a fully managed analytics service for log events and metrics built on top of Q-Sensei Fuse. Q-Sensei Logs is built with a focus on security and high availability. In this section, SaaS architecture of Q-Sensei Logs is explained in detail.

The below diagram gives an overview of the Q-Sensei Logs SaaS architecture.

Q-Sensei_SaaS_AWS_Architecture_Diagram.png

 

Amazon Route 53 DNS

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) cloud web service. Q-Sensei Logs customers get their own personal domain. The personal domain name is of the form https://{personal-domain-name}.logs.qsensei.cloud. SaaS users can access their Q-Sensei Logs application by simply typing the personal domain name in the browser. The DNS service has an entry to forward all requests for the personal domain to an internet facing application load balancer.

 

HTTPS Internet-Facing Application Load Balancer

All incoming requests are forwarded to an Internet facing application load balancer which listens only on the HTTPS port 443. The application load balancer authenticates each and every request using AWS Cognito and then routes the traffic to targets within the AWS Virtual Private Cloud (VPC) depending on the request.

 

AWS Cognito - Identity and Access Management

AWS Cognito User pool is a standards-based identity provider and supports identity and access management standards, such as OAuth2.0, SAML 2.0 and OpenID Connect. We create an AWS Cognito User pool for each of our customer account. After successfully authenticating, depending on the user role, the user either sees Manager UI or the Analytical UI. Amazon Cognito is HIPAA eligible and PCI DSSSOCISO/IEC 27001ISO/IEC 27017ISO/IEC 27018, and ISO 9001 compliant.

 

Q-Sensei Logs Manager Application

The Manager application is deployed in a private subnet with no connectivity from outside. A virtual firewall is employed to only allow traffic from the application load balancer. The manager application supports the following important functionalities

  • Deployment Management – Create, delete and update deployment stacks using AWS CloudFormation
  • User Management – Add and Remove users per Q-Sensei Logs deployment using AWS Cognito

For more details, check our Manager UI Documentation. 

 

Q-Sensei Logs Deployment

Q-Sensei Logs deployment represents the core set of services required to ingest events, provide analytics and alerting on the ingested events. All resources are deployed in a private subnet with no connectivity from outside. A virtual firewall is employed to only allow traffic from the application load balancer. Following are the components of the Q-Sensei Logs deployment:

  • Upload API
  • Analytical UI
  • Alerting Service
  • Q-Sensei Fuse Cluster
  • Q-Sensei Service Registry
Was this article helpful?
0 out of 0 found this helpful