Platform logical architecture

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Overview

The Registries Platform is a distributed system with microservice architecture. Its design is based on the following fundamental ideas:

  • Deployment infrastructure agnosticism

  • Centralized development and updating

  • Provision of sufficient level of registry isolation

  • Joint (re-)use of typical services by the registries

  • Usage of secure transport for integrations

  • Registry compliance with security, scalability and fault-tolerance requirements

2. Architecture principles

  • The Registries Platform is built using open standards and open-source technologies.

  • The Registries Platform is a distributed system with a microservices architecture, where each component has a well-defined function, and inter-component communication is based on standardized information exchange protocols.

  • The Registries Platform is a cloud-native system built on the OpenShift container orchestration platform to ensure reliability, scalability, and infrastructure independence.

  • The Registries Platform follows the GitOps approach to automate infrastructure configuration, component deployment, and overall system management.

  • The Registries Platform implements a comprehensive cybersecurity approach that includes mandatory authentication and authorization for all interacting services, strict access control, and encryption of data in transit to ensure its security.

  • External access to Registries Platform components is provided through API gateways with mandatory authentication and authorization.

  • Registries Platform components follow a standardized approach for exporting monitoring metrics, business transaction tracing data, and event logging.

  • Component instances of the Registries Platform do not store critical system state data or user session data in memory.

  • All user actions on data and system-critical events within the Registries Platform are subject to mandatory audit logging.

  • Business data within registries deployed on the Registries Platform must be encrypted for long-term storage.

3. High-level structure

This structure diagram shows the decomposition of the Registries Platform on the zone and subsystem levels, and the general interaction scenarios.

A separate system level may contain two zones with subsystems responsible for servicing administration and operational traffic.

The subsystems consist of services that address both functional and non-functional requirements.

ddm platform structural view

3.1. Infrastructure

The Registries Platform supports deployment in public and private cloud environments.

3.2. Container orchestration platform

You can learn more about the container orchestration platform here:

3.3. Central components of the Platform

Every Registries Platform instance includes a level of Central components of the Platform and comprises two logical zones:

3.4. Registries

One Registries Platform instance can service a group of isolated registries. Two separate zones present each registry tenant:

  • Registry administrative zone — subsystems that provide development functions, deployment functions, and the service of digital registry regulations

  • Registry operational zone — subsystems that provide the functioning of the registry according to the deployed digital regulations

3.5. Component for managing the state of platform resources

You can learn more about the Platform resource state management component here:

4. Technology stack

The following high-level diagram displays the key technologies and their usage in realizing functional and non-functional requirements of the Registries Platform.

The complete list of technologies used in the Registries Platform development can be found here.
ddm platform tech view.drawio