| Status | |
| Owner | |
| Stakeholders | The business stakeholders involved in making, reviewing, and endorsing this decision. Type @ to mention people by name |
Introduction
Purpose
The purpose of this document is to outline the application architecture of Signavio.
Scope & Objectives
This document will describe the high-level architecture of Signavio application.
Out of Scope:
- Since Signavio is a SaaS aaplication, network and infrastructure architecture will be considered as out of Scope.
- Product documentation and information can be found online will not be documented here.
Key Decisions and Requirement
| Description | Rationale |
|---|---|
| Configure SSO for Signavio. | As part of SyWay project, a common authentication mechanism (e.g., SAML) will be adopted for ease of access and unified user experience. |
| Users must access Signavio using HTTPS. | Based on SyWay implementation approach, all data in transit must be encrypted. |
Application Architecture
Overview
Signavio is deployed in Syensqo to model, analyze, and optimize business processes. Its primary use case is to document business processes using BPMN 2.0 and assists identifying areas for process improvement. Process Manager and Process Collaboration Hub modules are activated in Syensqo's Signavio tenant.
It is integrated with Lean IX to and application and business process data is replicated between the 2 systems as shown below. Signavio is also configured to perform SAML SSO with Syensqo's Entra ID.
Business process replication from Signavio to LeanIX is planned to be activated after SyWay design phase is completed. |
Hosting Details
| Region | Region ID | Data Center ID | Infrastructure Provider |
|---|---|---|---|
Germany: Frankfurt | XAF | EU10 | AWS |
System Landscape
Since Signavio is a tool to model business process, 1 productive instance has been deployed in Syensqo.
Application Security
User access
Signavio is a SaaS application will be access by users over the internet via HTTPS protocol.
When users login for the first time using SSO, Signavio will automatically create an ID with read-only access.
Authentication
Signavio is configured to perform SAML SSO with Syenqo Entra ID.
Communication Security
SAP uses TLS to encrypt customer data during transmission outside of SAP controlled-network.
Data Security
The following controls are implemented to ensure data security:
- Data is segregated such that customers/tenants can only view or access their own data.
- SAP uses NetApp Self-Encrypting (NSE) drives and Software encryption at volume level to ensure data at rest is protected.
- Backups are encrypted.
- Backups are replicated to multiple availability zones.
Other Controls
SLA?
Operation Architecture
Change and Configuration Management
Since Signavio is a single instance landscape, change and configuration management is not applicable.Monitoring
Signavio's availability can be monitored through SAP for me portal using:
Sizing
SAP monitors system load and utilizations and proactively scales up capacity during release deployment.High Availability & Disaster Recovery
Signavio is deployed across multiple availability zones. RPO/RTO?Backup/Restore
SAP performs full backups with the following schedule to meet SAP's recovery point objective..
| Backup Tier | Frequency | Retention Period |
|---|---|---|
| T1 | Hourly | 8 Days |
| T2 | Daily | 35 Days |
| T3 | Every Sunday | 120 Days |