Technology Architecture Diagram

Crew Management System – technology stack by layer, independently deployable services, data platforms, identity controls, and operational support connectivity
User → Security / Access → Presentation → Application → Data
Identity, Observability, and Delivery apply across multiple layers
User Layer
Client-side entry point for operational users, supervisors, and admins accessing the CMS through a browser.
CMS Users Operational users, supervisors, and administrators
Browser User agent used to access the React single-page application
Security / Access Layer
Enterprise access and protected internet-facing entry path before requests reach CMS application components.
Zscaler Enterprise-controlled access path and zero-trust access enforcement
Akamai Edge security with WAF, DDoS protection, bot management, and routing
Azure Application Gateway Protected ingress, routing, and controlled exposure of application endpoints
Presentation Layer
User-facing web interface delivered as a React SPA that consumes BFF APIs rather than directly orchestrating backend service composition.
React SPA Single-page web client for CMS modules, dashboards, workflow actions, notifications, and document interactions
Shared Frontend Components Routing, navigation, layout, reusable widgets, forms, filters, tables, and screen composition
Application Layer
Core application runtime composed of a BFF / orchestration layer plus domain and shared services that can be deployed and evolved independently.
BFF / Orchestration UI-facing APIs, response shaping, and multi-service coordination
Domain Services Profile, roster, attendance, events, leave, trainings, qualifications, recruitment, productivity
Workflow Service Workflow state, approvals, lifecycle transitions, and routing logic
Notification Service Internal notification generation, delivery tracking, and outbound integration
Document Management Service Controlled upload / download, metadata handling, and file lifecycle operations
Data Layer
Technology separation between enterprise analytical reads, operational application state, and binary file storage.
Microsoft Fabric Read-only enterprise analytical datasets used by CMS services
Azure DocumentDB Operational state for workflows, notifications, preferences, and metadata
ADLS Gen2 Binary file / object storage for uploads, attachments, and exports
Identity & Authorization Layer
Authentication and policy enforcement used across presentation and application layers for protected access and server-side authorization.
Azure AD SSO, authentication, token issuance, and identity context
RBAC / ABAC Enforcement Server-side authorization policies applied to BFF and backend operations
Observability & External Delivery Layer
Operational monitoring and outbound communication services supporting the CMS platform without merging into the core business domains.
Datadog Centralized logs, metrics, traces, monitoring, alerting, and observability
Infobip Outbound email / notification delivery for asynchronous communication scenarios
Browser → React SPA
Presentation technology runs in the browser and provides the user-facing web experience.
React SPA → BFF / Orchestration
Frontend consumes UI-optimized APIs rather than coordinating all backend service composition in the client.
BFF / Services → Microsoft Fabric
Enterprise datasets are consumed in a read-only manner by backend application components.
Workflow / Notification / Document Services → DocumentDB
Operational application records are stored separately from analytics and file storage.
Document Service → ADLS Gen2
Binary file content is stored in dedicated object storage rather than in the operational document store.
Azure AD + RBAC / ABAC
Identity and authorization apply across presentation and application layers, with enforcement trusted server-side.
Zscaler → Akamai → Application Gateway
Requests traverse enterprise and edge security controls before reaching CMS technology components.
Datadog + Infobip
Observability and outbound delivery integrate with application services as supporting technologies.
User layer Security / access layer Presentation layer Application layer Data layer Identity & authorization Observability & delivery
This technology architecture organizes the CMS by stack layers and clearly separates user access technologies, presentation runtime, application services, data platforms, identity controls, and operational support integrations.