Mintoak Architecture

Compatibility for On Premise Deployment

Jan, 2025

Version 1.0
 Table of Contents
1 Mintoak Architecture - AWS Hosted (without DR)
1.1 Managed Services Used
1.2 Heading 2: Example of Subsection 2
1.2.1 Heading 3: Open Sans Semibold 12
1.2.2 Heading 3: Example of a Table

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 1

 Document Summary

Item Remarks
Client SBIP

Document Name Mintoak Architecture - Compatibility for On Premise

Deployment
Document Type Technical Document

Created By Nilesh Lonkar

Document Revision and Review History

Date Version Prepared By Reviewed By Reason for Update

03-Jan-25 1.0 Nilesh Lonkar Kabeer Jain

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 2

 1 Mintoak Architecture - AWS Hosted (without DR)

Mintoak deployment architecture on AWS has the following best practices in place:

● Security best practices - Mintoak platform has security components built into the
architecture like WAF, end to end encryption using BYOK, rate limiting, private
subnets as well as secure SDLC in place.
● High Availability - all components are HA by design and there is no single point of
failure in the application
● Horizontal scalability - All application services are stateless and horizontally
scalable. Managed services are used for database and storage that can be scaled
without downtime

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 3

 1.1 Managed Services Used

Service Category Service Purpose

Compute AWS EC2 Elastic Cloud Compute which lets users configure virtua
machines and the underlying resources they leverage fr
a central console
AWS NLB Network Load Balancer is used to route network traffic
across servers
AWS ALB The application load balancer distributes incoming HTTP
and HTTPS traffic across multiple targets such as
Amazon EC2 Instances, microservices, and containers

Containers AWS EKS Amazon Elastic Kubernetes Service (EKS) is a managed

Kubernetes service that allows users to build, secure, an
maintain Kubernetes clusters on AWS. EKS offers a varie
features, including scalability, availability etc..

Storage AWS S3 Object storage service that offers industry-leading

scalability, data availability, security, and performance. Y
can use Amazon S3 to store and retrieve any amount of
at any time, from anywhere.
●
Database AWS Managed Postgres Relational Database Service, to deploy and scale the
RDS relational database engines of your choice in the cloud
high availability
AWS Elastic Cache For caching and in memory data store use cases.
(Redis)

Networking & Content NAT Gateway Network Address Translation (NAT) gateway is a manag
Delivery service from Amazon Web Services (AWS) that allows
resources in a private subnet to connect to services out
the subnet
AWS Cloudfront Amazon CloudFront is a fast content delivery network (C
service that securely delivers data, files, videos, applicat
and APIs to customers globally
AWS Global Accelerator AWS Global Accelerator is a networking service that help
improve the performance and availability of application
global users. It can be used for:
 Improving network performance
 Delivering highly available applications
 Protecting applications from DDoS attacks
 Deploying multi-region applications
 Building a global, low-latency NTP service

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 4

 Service Category Service Purpose
Management & AWS Cloudwatch Amazon CloudWatch is a monitoring and management
Governance service for Amazon Web Services (AWS) resources and
applications. It's used to
 Monitor resources: Track the health and
performance of AWS resources, such as Amazon
instances, Amazon DynamoDB tables, and Amaz
RDS DB instances
 Monitor applications: Track the health and
performance of applications running on AWS, on
premises, or in other clouds
 Collect metrics: Collect and track metrics, such
CPU utilization, latency, and request counts
 Collect logs: Collect and monitor log files gener
by applications
 Set alarms: Set alarms to automatically react to
performance changes
 Troubleshoot: Troubleshoot AWS infrastructure
operational issues
 Optimize: Optimize resource use
 Reduce MTTR: Reduce mean time to resolution
(MTTR) by using alarms, logs, and events data to
take automated actions
AWS Cloudtrail AWS CloudTrail is a tool that tracks and records user ac
and API calls across AWS services to help with security,
compliance, and troubleshooting:
 Security: CloudTrail helps improve security pos
by tracking user activity and API usage.
 Compliance: CloudTrail helps ensure complianc
with internal policies and regulatory standards.
 Troubleshooting: CloudTrail helps troubleshoo
operational issues by recording and archiving ev
logs.
 Auditing: CloudTrail provides an audit trail of u
activity, which can be used to investigate securit
incidents.

Security, Identity & AWS IAM AWS Identity and Access Management (IAM) is a service
Compliance allows administrators to control access to AWS resource
 Users: Define individual users and assign them
unique credentials, like passwords and access k
 Groups: Collect users into groups and assign
permissions to the group
 Roles: Assign roles to users who need them, ins
of associating them with a single person
 Policies: Use JSON documents to define permis
and specify what actions are allowed or denied
which resources

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 5

 Service Category Service Purpose
AWS KMS AWS Key Management Service (AWS KMS) is a managed
service that allows users to create, control, and use
encryption keys to secure data
AWS WAF AWS WAF (Web Application Firewall) is a security tool
that protects web applications from attacks by:
 Filtering web traffic
 Blocking attack patterns
 Monitoring traffic
 Preventing account takeover fraud

AWS Certificate AWS Certificate Manager (ACM) is a service that allows u

Manager to Provision and manage certificates.

Application Integration Amazon MQ Amazon MQ is a managed message broker service

that helps users set up, operate, and maintain message
brokers in the cloud
AWS Simple Amazon Simple Notification Service (SNS) is a managed
Notification Service service that allows users to send messages from publish
(SNS) to subscribers
AWS Simple Queue Amazon Simple Queue Service (Amazon SQS) is a messa
Service (SQS) queuing service that allows you to:
 Send, store, and receive messages between soft
components
 Decouple and scale microservices, distributed
systems, and serverless application

AWS Simple Email ●Amazon Simple Email Service (SES) is a cloud-based ema
Service (SES)
service that allows businesses to send and receive em
for marketing, notifications, and transactions

The above listed managed services will not be available on Hitachi on-premise data
center and need to be replaced

1.2 Application Services

Service Purpose
Login Authentication, Authorization and User/Access Management
MOB Merchant onboarding service onto the platform. Onboards terminal and credentials d
Universal Handles non transactional read data from App to Backend Service
MMP Service Responsible for payment initialization, callback and settlement.
Campaigns kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server a
Segments Loki is a log aggregation system designed to store and query logs from all your applica

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 6

 ListMonk Prometheus is used for event monitoring and alerting. It records metrics in a time seri
flexible queries and real-time alerting
ListMonk UI Blackbox Exporter is used for endpoint monitoring and can help generate meaningful
probe endpoints over HTTP, HTTPS, DNS, TCP, and ICMP.
X-Sell Promtail is an agent which ships the contents of local logs to a private Grafana Loki ins
applications needed to be monitored.
MOAR NATS is highly scallable pub sub provider which is used for event driven data processin
MCustomer The Prometheus NATS Exporter consists of both a package and an application that exp
monitoring.
MAC RedisInsight makes it easy to query, visualize, and interactively work with all of the late
Admin Portal UI Is used to restart application when there are any changes in the configmaps
Tempo Tempo is high-scale distributed tracing backend. Tempo lets you search for traces, gen
with logs and metrics.
Metabase/Superset For Data Exploration and visualization

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 7

 AWS EKS ●Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed
do eiusmod tempor incididunt ut labore et dolore magna
aliqua.
●Ac felis donec et odio pellentesque. Integer vitae justo eget
magna fermentum iaculis.
Ut aliquam purus sit amet luctus venenatis lectus.
quam vulputate ●Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed
do eiusmod tempor incididunt ut labore et dolore magna
aliqua.
●Ac felis donec et odio pellentesque. Integer vitae justo eget
magna fermentum iaculis.
●Ut aliquam purus sit amet luctus venenatis lectus.

1.3 Supporting Services

Service Purpose
Argo CD For Automated CD based on GitOps. It detects the config changes and sync the change
Kong Kong is an open source API gateway and platform that acts as middleware between co
platform easily extends the capabilities of APIs with the use of plugins.
Argo Events For managing events based workflows at backend
Grafana Grafana is a multi-platform open source analytics and interactive visualization web app
web when connected to supported data sources
Kube State Metrics kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server a
Loki Loki is a log aggregation system designed to store and query logs from all your applica
Prometheus Prometheus is used for event monitoring and alerting. It records metrics in a time seri
flexible queries and real-time alerting
Prometheus Blackbox Exporter is used for endpoint monitoring and can help generate meaningful
Blackbox Exporter probe endpoints over HTTP, HTTPS, DNS, TCP, and ICMP.
Promtail Promtail is an agent which ships the contents of local logs to a private Grafana Loki ins
applications needed to be monitored.
Nats NATS is highly scallable pub sub provider which is used for event driven data processin
Prometheus Nats The Prometheus NATS Exporter consists of both a package and an application that exp
Exporter monitoring.
Redis Insight RedisInsight makes it easy to query, visualize, and interactively work with all of the late
Reloader Is used to restart application when there are any changes in the configmaps
Tempo Tempo is high-scale distributed tracing backend. Tempo lets you search for traces, gen
with logs and metrics.
Metabase/Superset For Data Exploration and visualization

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 8

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 9
 1.3.1 Heading 3: Example of a Table

Table Format

Placeholder Text Placeholder Text

Orci ● Lorem ipsum dolor sit amet, consectetur adipiscing
elit, sed do eiusmod tempor incididunt ut labore et dolore
magna aliqua.
● Ac felis donec et odio pellentesque. Integer vitae
justo eget magna fermentum iaculis.
Ut aliquam purus sit amet luctus venenatis lectus.
quam vulputate ● Lorem ipsum dolor sit amet, consectetur adipiscing
elit, sed do eiusmod tempor incididunt ut labore et dolore
magna aliqua.
● Ac felis donec et odio pellentesque. Integer vitae
justo eget magna fermentum iaculis.
● Ut aliquam purus sit amet luctus venenatis lectus.

www.mintoak.com | © Mintoak Innovations Pvt Ltd | All Rights Reserved 10