Sign in Subscribe

FoundryOS's multi-tenant architecture

Dave Morris

3 min read

When we set out to design the cloud infrastructure underlying the FoundryOS platform, we wanted to make sure that we could build a scalable, multi-tenant environment that was aligned to the needs of regulated financial services businesses.

We started with a set of principles that are enshrined throughout our infrastructure design:

  • Segregation - two dimensions of segregation are fundamental. Firstly, clients must be segregated from each other; and secondly, non-production and production environments must be segregated.
  • Residency - clients will want to keep their data in specific geographical locations to meet their regulatory requirements.
  • Scalability - environments must meet the needs of clients from a start-up to a tier-1 bank, and everything in between. They must also be able to scale with the growth of a client without the need to migrate.
  • Security - all infrastructure needs to meet the needs of ISO 27001 and SOC 2 to ensure we are confident in the key principles of Confidentiality, Integrity, Availability, Authentication, and Non-Repudiation.
  • Cost-effective - infrastructure should be lean and only incur costs for what is actually needed and used.

That all seems pretty straightforward, but we wanted this to all be automated, metered and, wherever possible, self-service.

The FoundryOS platform building blocks

We defined a reusable block of scalable infrastructure for compute that could run FoundryOS, inside which we could host a client Tenant (one of their environments). This compute block is called an Execution Environment and has everything needed that can be automatically built using infrastructure-as-code.

These basic building blocks underpin our platform and allow us to manage every client need across several dimensions:

  1. Production vs. non-production - we separate these Execution Environments so that a client's data cannot move between live and test.
  2. Regionality - an Execution Environment is hosted in a specific cloud region ensuring the residency of data for any Tenant hosted in it.
  3. Shared vs. dedicated - an Execution Environment can host Tenants from multiple FoundryOS clients, while ensuring each client's data is fully separated from others within it.

    We can also provide a dedicated Execution Environment for larger clients who want to be away from everyone else.

All of this is shown in the diagram below:

and more 3 dimensional

Everything is repeatable and automated, whether that is creating a new Region, a new Execution Environment or a new Tenant.

Building and maintaining solutions with FoundryOS

The core cloud infrastructure design provides the foundation, but FoundryOS manages this even more deeply to allow our clients to build and maintain their solutions on the platform.

It all starts with a Workspace and the FoundryOS Console. A Workspace is a client's account that defines their end-to-end solution and manages its deployment across Tenants, from development through to test and ultimately to production.

The FoundryOS Console is our no-code configuration system that allows all aspects of the platform to be configured into a solution, whether that be a full bank or an embedded payment offering or even a wealth management solution.

A group of changes to a solution can be bundled up to be validated and approved before they're deployed into specific Tenants across the Workspace as defined by the client's requirements.

FoundryOS gives clients a gated continuous deployment capability with full control and audit of all changes made to their solutions, all within the FoundryOS Console.

We have always focused on speed of change, and the power of the FoundryOS no-code model allows changes to be made or new solutions to be launched in days, not months. However, in a regulated world this also needs to be controlled, and the four-eyes approval process and segregation of duties ensures both.

So what does the roadmap look like?

The validation of FoundryOS solutions and their changes ensures integrity of the solution, but we want to go further and introduce an AI-powered regulatory advisor to check your solutions against key pillars of the regulations aligned to your business.

Connecting the FoundryOS deployment capability into standard CI/CD platforms such as GitHub will enable clients to embed FoundryOS changes into their wider change management ecosystem.

Want to know more?

FoundryOS is the building the future fabric of Financial Services and our journey is only just beginning. Subscribe and keep informed on what we are working on or get in touch if you want to chat.