Deployment Architecture

Overview

The deployment architecture of the Intelligent Universal Data Exchange (IUDX-Novo) platform illustrates the flow of data, control mechanisms, and security safeguards across platform components.

The architecture is designed to ensure secure, efficient, and well-governed data exchange operations, while supporting scalability, observability, and operational resilience.

IUDX Cloud

The IUDX Cloud serves as the central hosting environment for all core platform services and data management systems. It is logically divided into two primary network segments.

Private Network

The Private Network hosts internal platform components, including:

  • Internal services and control-plane components

  • Data pipelines and processing systems

  • Storage and persistence layers

Access to this segment is protected through restricted access controls, network isolation, and internal-only routing.

Public Network

The Public Network exposes selected platform services to users through secure gateways.

Key characteristics:

  • Only explicitly exposed services are accessible

  • All access is mediated via gateway components

  • Communication is secured using TLS-based encryption

Both network segments are protected using firewalls, network isolation techniques, and encrypted communication.

Gateways and Servers

Identity Gateway and Server

The Identity Gateway and Server handle platform identity and access management.

Responsibilities include:

  • User and client authentication

  • Token-based authorization

  • Secure identity verification

  • Enforcement of permission checks prior to resource access

AAA Gateway and Server

The AAA (Authentication, Authorization, and Accounting) Gateway and Server enforce access governance across the platform.

Key functions:

  • Validation of tokens issued by the Identity Server

  • Enforcement of authentication and authorization policies

  • Application of access-control rules

  • Maintenance of user activity logs for auditing and compliance

Catalogue Gateway and Server

The Catalogue Gateway and Server manage all metadata-related operations.

Responsibilities include:

  • Handling dataset discovery and metadata queries

  • Managing metadata for all datasets registered on the platform

The Catalogue Server serves as the metadata registry for the IUDX platform.

Resource Gateway and Server

The Resource Gateway and Server manage data ingestion and access.

Key responsibilities:

  • Ingestion and processing of data from Data Providers

  • Validation of access tokens and policies

  • Secure processing and transfer of data into and through the platform

Data Pipeline Components

Data Broker

The Data Broker facilitates data flow between external sources and internal processing components.

It:

  • Acts as an intermediary in the ingestion pipeline

  • Supports decoupled and asynchronous data movement

  • Enables scalable and reliable ingestion workflows

Credentials and Policy Data Store

This datastore maintains:

  • Authentication credentials

  • Access-control policies

  • Data-sharing rules

It plays a critical role in enforcing authorization decisions throughout the data exchange lifecycle.

Data Stores

Metadata and Data Store

This datastore:

  • Maintains dataset metadata

  • Stores data exchanged through the platform

It supports both discovery and access workflows.

Auditing and Metering Data Store

The auditing and metering datastore:

  • Tracks data access events

  • Records resource usage metrics

  • Stores metering information for:

    • Compliance

    • Monitoring

    • Billing and credit management workflows

Metrics, Logs, and Monitoring

The monitoring subsystem provides end-to-end observability across the platform.

Capabilities include:

  • Continuous monitoring of system health and performance

  • Collection of operational metrics and logs

  • Detection of anomalies and critical events

Critical alerts are forwarded to the Alerting System, which notifies administrators for timely intervention.

Backup System

A dedicated backup mechanism ensures:

  • Data integrity

  • High availability

  • Disaster recovery readiness

Regular backups of critical data and configurations support platform resilience and recovery.

Network Security Model

Public Network Access

  • Users access the platform through secure, token-authenticated endpoints

  • All incoming requests pass through designated gateways:

    • Identity

    • AAA

    • Catalogue

    • Resource

These gateways validate requests before forwarding them to backend services.

Private Network Access

  • Hosts internal data pipelines, storage systems, and monitoring utilities

  • Access is restricted to:

    • Internal services

    • The DX systems and operations team

This ensures controlled operational environments and secure data handling.

Role of Administration

The administrative entity is responsible for:

  • Platform-wide operations and governance

  • Policy management and enforcement

  • System health monitoring

  • Security oversight of deployed components

Summary

The IUDX-Novo deployment architecture incorporates multiple layers of security, governance, and operational monitoring.

This design ensures that the platform functions as a reliable, secure, and scalable data exchange system, capable of supporting diverse data sharing, analytics, and AI-driven workflows.

PreviousCore DX Technology Stack

Last updated