Cloud architecture

Architecture overview

Board Cloud reduces both setup time and maintenance overheads of your planning applications by offering world-class security, reliability, scalability, and performance.

Board Cloud‘s globally spanning infrastructure supports enterprise level rollouts by providing robust levels of integration with many third-party systems such as ERPs, CRMs, Cloud applications, Data Warehouses, and many more.

Board Cloud provides one (or more) production instance(s) with the possibility to activate one or more Sandbox environments to be used for Development, User Acceptance Testing, and Pre-production instances, depending on the Customer’s project requirements and policies. Board Cloud customers also have access to dedicated Subscription Hub and Cloud Administration portals, where they can manage their Board Cloud environment and carry out a range of administrative and management tasks.

The diagram below shows a high-level description of the Board Cloud Architecture.

Dedicated tenant

Each customer is provided with a dedicated tenant that houses their Board instances and data. Secure network segregation guarantees complete isolation from other tenants.

This architectural approach provides the following benefits:

• Enhanced security: A complete separation ensures the isolation of all customer data.

• Superior reliability: The performance of a customer’s instance will never be impacted by any concurrent activity of another Board Cloud customer.

• Version isolation: Customers can upgrade their Cloud instances whenever it’s needed, regardless of other customers’ upgrade activity.

Subscription Hub

The Board Cloud Subscription Hub is an administration portal that allows you to carry out several user management tasks on multiple Board Cloud instances at once, such as handling user authentication and authorization.

The Subscription Hub makes it easier to manage all users and ensures a higher degree of efficiency while reducing administration efforts:

When using Board local authentication, you can import users in bulk and customize the password policy to meet your requirements or leverage a federated identity provider already in place within your organization and automatically sync user accounts and permissions through Board SCIM APIs.

Board supports identity providers based on SAML2 and OIDC standards.  

The Subscription Hub also allows you to set up and manage Board’s Collaboration services, allowing users to connect, share, and work together on Cloud instances in the same, unified interface.

Cloud Administration Portal

The Cloud Administration portal provides a full overview of each Board instance and allows customers to manage it.

The Cloud Administration portal offers many features and options, including:

• Platform\sandbox resource consumption monitoring

• Scheduling and management of administrative tasks, such as data import via Board Procedures

• Complete management of your data backups (preserve, archive and purge)

• Management of Capsule files and Folders in the instance

• Managing connections to your data sources and to the Cloud connector

• Access to the extensive range of Board logs and the instance level services event log

Instances type

Each tenant contains one (or more) production instance(s) with the possibility to activate one or more Sandboxes to be used for Development, User Acceptance Testing, and Pre-production.

Platform and sandbox environments are technically similar, the distinction lies in their Service Level Agreement (SLA) for availability. In this context, platform environments are suitable for Board Cloud production solutions, and production data.

Data integration and Cloud Connector

Board Cloud is designed to offer a seamless connection to on-premises and cloud data systems, allowing you to deliver planning solutions that fully leverage your existing software investments.

Board Cloud integration capabilities enable native external integrations with all major cloud storage systems, such as Amazon S3, Azure File\Blob storage, and Google storage. The Board Cloud connector enables the most complex integration scenarios, as it is specifically designed to allow Board applications to access external data sources, both on-premises or in the cloud.

The Board Cloud Connector consists of two components:

• Hybrid Data Pipeline Cloud Service

• On-Premises Connector (for those data sources on the customer premise)

Hybrid Data Pipeline Cloud service

The Hybrid Data Pipeline is the main component of the Cloud connector, creating a web portal where the user can configure all the necessary connections and rules.

On-Premises Connector

This component is installed remotely to allow Board applications to access source systems that reside behind customer firewalls. It provides the services needed to securely move data from on-premises applications to Board Cloud. This component connects to the Hybrid Data Pipeline Service using a secure HTTPS connection without requiring additional firewall configuration changes.

Unlike other solutions on the market, Board also supports write-back from cloud to on-premises through a secure tunneling connection. Using this mechanism, data stored in Board can easily be written back to the original source systems within a customer domain.

Board Cloud provides a wide range of connectors to easily integrate different data sources from third-party systems.

The Hybrid Data Pipeline Service supports the data sources shown in the following image:

Board Shared Storage (also referred to as Cloud Storage)

In Board Cloud, a Shared Storage Area is provided for importing data into the cloud tenant and exporting data externally. Platforms and sandboxes refer to it as “remote drive Z”.  You can leverage it to:

• load files from outside the tenant

• share files between platforms and sandboxes

• store Data model backups (on-demand or scheduled backups).

The Board Shared Storage is shared across platforms and sandboxes, including storage space and quota. In contrast, local storage refers to the specific and local storage areas within a specific instance, where Board Cloud data and logs reside.

The Board Shared Storage is completely independent between platform and sandbox instances from an infrastructure point of view, with data redundancy in place to increase the reliability of backup restore points.

Datacenter locations

Board Cloud is deployed across Microsoft Azure datacenters. The list of supported Azure regions and datacenters is constantly growing, and, if necessary, customers can select Azure regions not on the list with the help and validation of Board’s Cloud Team.

Microsoft Azure’s geographical coverage enables compliance with various local policies and regulatory requirements regarding the processing and storage of personal or financial data, ensuring the highest levels of security, reliability, transparency, and compliance (Azure compliance documentation | Microsoft Learn).

Board ensures that all servers and systems used in providing the Board SaaS Services maintain consistent time settings. This ensures that logs, events, and transactions across different systems are timestamped accurately, preventing discrepancies that could affect system operations, data integrity, or auditing.

Officially supported datacenter location

IP Addresses and Failover IP Addresses for allowlist

Below is the list of IP addresses that customers could use in their network access control lists (company's allowlist or safelist) to grant access to Board platforms, sandboxes, and the Subscription Hub for their end users. If your organization’s security policies require enabling access to external IP addresses for inbound connections, external services, or portal, please refer to the following list. This list contains the primary IP address and the failover IP address for each region. Below is the list of IP addresses that customers can use in their network access control list to grant access to Board platforms and services for their end users.

The above IP addresses are designated for delivering new Board Cloud Tenants. Existing Board Cloud Tenants will only begin using these IP addresses after receiving a specific notification. If you haven't received this notification, your Tenant will continue to use the previously configured static IP address.

The IP addresses above are only related to: Subscription Hub portal, Platform portal(s), Sandbox portal(s), and administrator portal(s).