Technology Architecture Diagram

CMS technology layers, protected entry path, separate frontend delivery, secured backend services, data platforms, identity controls, and operational support technologies
👥
CMS Users / Browser Access
PRESENTATION LAYER (REACT SPA)
Separate frontend deployable delivered through the protected access path
UI
Shared UI Components
Layout, routing, widgets, tables, filters, forms, and reusable interface elements
React
React SPA
Web client for CMS modules, dashboards, workflows, documents, alerts, and user actions
NAV
Navigation & Routing
Screen access, route control, and page flow management
SCR
Screen Modules
Profile, roster, attendance, events, leave, trainings, qualifications, recruitment, productivity, and overview
Protected requests pass through enterprise and edge access controls before reaching secured CMS backend APIs and private backend services.
SECURITY & ACCESS LAYER
Zscaler
Zscaler
Enterprise-controlled access path and zero-trust access enforcement
Akamai
Akamai
WAF, DDoS protection, bot mitigation, and internet-facing edge routing
Azure Application Gateway
Azure Application Gateway
Protected ingress and controlled routing into private AKS-hosted backend services
TLS
Secure Transport
HTTPS / TLS-protected communication path across the access flow
APPLICATION LAYER
Secured CMS backend APIs and independently deployable backend services with no dedicated BFF layer
API
CMS Backend APIs
Frontend-facing secured API layer handling request routing, response shaping, and protected application access
DOM
Domain Services
Profile, roster, attendance, events, leave, trainings, qualifications, recruitment, and productivity services
WF
Workflow Service
State, routing, approvals, transitions, escalation, and workflow lifecycle management
NT
Notification Service
Internal notifications, delivery state tracking, retry handling, and outbound trigger coordination
DOC
Document Management Service
Controlled upload, secure retrieval, metadata handling, and file lifecycle management
Application services access enterprise and operational stores through controlled backend paths only. The browser never directly accesses Fabric, DocumentDB, or ADLS.
DATA LAYER
Microsoft Fabric
Microsoft Fabric
Read-only enterprise analytical datasets used by backend services for dashboards, summaries, and insight-driven reads
Azure DocumentDB
Azure DocumentDB
Operational application data for workflow state, notification state, preferences, audit records, and file metadata
Azure Storage Account (Blob Storage)
Azure Storage Account (Blob Storage)
Binary file storage for documents, attachments, generated exports, and downloadable artifacts
IDENTITY & AUTHORIZATION
Azure AD
Azure AD
SSO, token issuance, authentication, and identity context for secured CMS access
RBAC
RBAC + ABAC
Authorization enforced directly in backend services for protected APIs, workflows, documents, and notification access
EXTERNAL & SUPPORT TECHNOLOGIES
Datadog
Datadog
Logs, metrics, traces, monitoring, dashboards, and operational observability
Infobip
Infobip
Email and outbound notification delivery integration for asynchronous communication flows
OBS
Observability
Operational insight across backend services, failures, retries, and integrations
OPS
Support Controls
Cross-cutting operational controls, governance, and runtime support capabilities
Presentation layer Security & access layer Application layer Data layer Identity & authorization External & support technologies
This technology architecture diagram shows the CMS technology stack as a layered solution with protected access, separate frontend delivery, secured backend APIs and services, clear data-store separation, centralized identity controls, and supporting operational technologies.