☁️ Cloud Infrastructure
BayanCore's infrastructure is hosted on Oracle Cloud Infrastructure (OCI) inside Saudi Arabia, utilizing containerized orchestration and managed database clustering to guarantee high availability and regulatory compliance.
1. Network Topology (VCN & Security)
Our Virtual Cloud Network (VCN) isolates environments and enforces traffic boundaries:
- Public Edge Subnet: Contains the OCI Load Balancers and OCI Web Application Firewall (WAF) routing public HTTPS (TLS 1.3) traffic.
- Private Application Subnet: Contains OCI Kubernetes Engine (OKE) worker nodes running backend microservices, celery workers, and frontend Next.js instances.
- Private Data Subnet: Contains managed MariaDB database clusters, Redis caches, and OCI Search with OpenSearch nodes. This subnet blocks all direct public inbound traffic.
- Secure Access: Engineers connect to private instances using OCI Bastion Service, utilizing multi-factor authentication and transient SSH keys.
2. Compute & Container Orchestration (OKE)
We use OCI Kubernetes Engine (OKE) to manage containerized microservices:
- Node Pools: Worker nodes are deployed across multiple Availability Domains (AZs) in ap-riyadh-1.
- Horizontal Pod Autoscaling (HPA): Pods automatically scale horizontally based on CPU and memory utilization thresholds (target: 70% CPU).
- GPU Compute Pools: AI inference services are deployed on dedicated compute pools utilizing GPU shapes (e.g.,
BM.GPU.A10.4with NVIDIA A10 cards) for low-latency LLM generations.
3. Storage Architecture
- Block Volumes: High-performance SSD block storage is attached to relational database nodes, configured with auto-scaling IOPS.
- Object Storage (OCI Object Storage): Standard object storage bucket used for document uploads (invoices, employee CVs), backup archives, and system logs. Files are encrypted at rest using AES-256 with keys managed by OCI Vault.
- File Storage Service (FSS): Shared NFS mount attached to ERPNext app containers to share temporary assets (e.g. print format PDF previews).
4. Disaster Recovery & Replication
To satisfy Saudi regulatory resilience requirements:
- Database standby: A managed MariaDB replica is hosted in the OCI Jeddah region (
ap-jeddah-1), maintaining hot-standby readiness. - Async Replication: Production databases execute block replication to the Jeddah node hourly.
- RPO & RTO Targets:
- RPO (Recovery Point Objective): < 1 hour.
- RTO (Recovery Time Objective): < 4 hours.
- Failover Execution: In the event of a total Riyadh region outage, traffic is redirected to the Jeddah node by updating DNS routing policies at the Edge.