A traditional hosted customer facing CMS system was in production that was originally designed for an alternate market, with simple web GUI drive access and a cumbersome offline client.  Highroads were designing a new “V2” system and was in development as a fully SaaS product with both web GUI access and customer available API access.  Infrastructure was required to support the SaaS product, provide reliable operations, secure access and customer data, and enable customer-driven Single Sign-On integration.

Due to extensive technical debt, a new production stack was architected and implemented, with tertiary systems running on legacy shared infrastructure.  Future growth was expected to be significant, so a key objective outside of feature/functionality was to design a vendor agnostic architecture that could scale outside of a single data centre.

Primary challenges involved security due to the nature of customers on the platform.  Although no PII, PHI or HIPAA data was stored, customers had to manage those controls and by default, Highroads had to be able to achieve the same or similar levels of controls and security.  The infrastructure was architected to provide a level of security and abstraction between SOA microservices, with network segregation controlled by multiple firewalls within a single multi-tenanted environment.  All SOA microservices were designed to be stateless worker nodes carrying out transient processing via API calls, with data only being stored in the backend database.  Infrastructure was tested in-house to verify data isolation and ensure zero tenant bleed with penetration testing performed bi-annually with an external security partner.

Secondary challenges involved the requirements for low latency responses within the application whilst performing complex queries followed by simplistic changes to multiple client data plans.  Initially, a continuance of utilization of the Oracle 10g platform was implemented, however, the costs of implementing Oracle RAC was prohibitive.  We reviewed various options, including migrating data through the application stack into caches, as well as reviewing alternative vendors.  The final decision was made to implement a NoSQL backend that better served the application requirements, whilst enabling full HA clustering at a lesser cost than regular Oracle 10g licensing.  A full migration including development changes and staged QA analysis was carried out over a three-month period to the CI/CD stack and subsequently production stacks.