| Status | Approved |
| Owner | |
| Stakeholders |
Introduction
Purpose
The purpose of this document is to outline the application architecture of Signavio.
Scope & Objectives
This document will describe the high-level architecture of Signavio application.
Out of Scope:
- Since Signavio is a SaaS aaplication, network and infrastructure architecture will be considered as out of Scope.
- Product documentation and information can be found online will not be documented here.
Key Decisions and Requirement
| Description | Rationale |
|---|---|
| Configure SSO for Signavio. | As part of SyWay project, a common authentication mechanism (e.g., SAML) will be adopted for ease of access and unified user experience. |
| Users must access Signavio using HTTPS. | Based on SyWay implementation approach, all data in transit must be encrypted. |
Application Architecture
Overview
Signavio is deployed in Syensqo to model, analyze, and optimize business processes. It assists in detailing processes using BPMN 2.0 and identifying areas for process improvement. Process Manager and Process Collaboration Hub modules are activated in Syensqo's Signavio tenant.
Signavio is integrated with Lean IX to to replicate application and business process as shown below. Signavio is configured to perform SAML SSO with Syensqo's Entra ID.
Business process replication from Signavio to LeanIX is planned to be activated after SyWay design phase is completed.
Hosting Details
| Region | Region ID | Data Center ID | Infrastructure Provider |
|---|---|---|---|
Germany: Frankfurt | XAF | EU10 | AWS |
System Landscape
Since Signavio is a tool to model business process, 1 productive instance has been deployed in Syensqo.
Application Security
User access
Signavio is a SaaS application will be access by users over the internet via HTTPS protocol from a web browser.
Authentication
Signavio is configured to perform SAML SSO with Syenqo Entra ID.
Communication Security
SAP uses TLS to encrypt customer data during transmission outside of SAP controlled-network.
Data Security
The following controls are implemented to ensure data security:
- Data is segregated such that customers/tenants can only view or access their own data.
- SAP uses NetApp Self-Encrypting (NSE) drives and Software encryption at volume level to ensure data at rest is protected.
- Backups are encrypted.
- Backups are replicated to multiple availability zones.
Other Controls
SLA?
Operation Architecture
Change and Configuration Management
Since Signavio is a single instance landscape, change and configuration management is not applicable.Monitoring
Signavio's availability can be monitored through SAP for me portal using the cloud availability dashboard.Sizing
SAP monitors system load and utilizations and proactively scales up capacity during release deployment.High Availability & Disaster Recovery
Signavio is deployed across multiple availability zones. RPO/RTO?Backup/Restore
SAP performs full backups with the following schedule to meet SAP's recovery point objective..
| Backup Tier | Frequency | Retention Period |
|---|---|---|
| T1 | Hourly | 8 Days |
| T2 | Daily | 35 Days |
| T3 | Every Sunday | 120 Days |
Release & Maintenance Plan
SAP performs quarterly releases. Dates?Change log
Workflow history
| Title | Last Updated By | Updated | Status | |
|---|---|---|---|---|
| There are no pages at the moment. | ||||