DokPlan

Make it easy

Make it easy

Technical Architecture

Our platform is a modern, web-based software solution built entirely on the latest .NET framework. It is engineered for modularity, security, and high availability, supporting enterprise-grade performance, scalability, and operational resilience.

Schema

HTTPS

Load Balancer

SSL Offleading, Session Persistence, Health Checks, Layer 7

Web Servers

Clustered

Dynamic Scaling, Redundancy

Remote Services

Background Processing Remote Operations

API Gateway

Identity Management

Federated Identity Provider

MFA-SSO

SAMS

SCIM

Databases

Always-On HA Cluster

Synchronous Replication

Data Centers

Geo-Rendundant

Tier 3, 180 Certified

EU, Redundant Power Climate Control, Network Paths

Application Design

Multi-endpoint Architecture

The system is composed of several dedicated web endpoints, each fulfilling a distinct role—ranging from user interfaces to backend services and remote operations.

Distributed Application Servers

Multiple independently hosted web applications act as application servers. This design supports horizontal scaling, fault isolation, and optimized resource allocation.

Centralized Backend & API Layer

A core service handles all API traffic and backend logic. It acts as the central integration point for internal modules and external systems, supporting RESTful communication and stateless processing.

Remote Execution Service

A dedicated service manages asynchronous and remote tasks, such as background job processing, scheduled operations, and third-party integrations. This ensures that time-sensitive or resource-intensive tasks do not impact user-facing performance.

Identity & Security

Federated Identity Management

The platform integrates with an enterprise-grade identity provider that supports:

  • Multi-Factor Authentication (MFA): Users authenticate using a combination of credentials (e.g., password + mobile token or biometric).
  • Single Sign-On (SSO): Once authenticated, users can seamlessly access all authorized services without repeated logins.
  • SAML 2.0: Enables secure, browser-based SSO between identity providers and service providers.
  • SCIM 2.0: Automates user provisioning and deprovisioning across systems via RESTful APIs.

Trust & Federation

  • Each external service or application is registered with a unique trust profile, including metadata exchange, attribute mapping, and access policies.
  • Attribute release policies ensure that only the minimum required user attributes are shared with each service.

Transport Security

  • All communication between clients, services, and identity providers is encrypted using TLS over HTTPS.
  • Tokens and session identifiers are cryptographically signed and validated to prevent tampering or replay attacks.

Infrastructure & Hosting

Our infrastructure is designed for resilience, scalability, and compliance, ensuring that the platform remains operational even under adverse conditions or during maintenance windows.

Web Hosting Environment

  • The application is hosted on a modern server OS with a clustered web server configuration, providing redundancy, load distribution, and session persistence.
  • The web tier supports dynamic scaling and is optimized for high concurrency and low-latency response times.

Load Balancing

  • A high-performance application-aware load balancing layer intelligently routes incoming traffic across multiple nodes.
  • Supports Layer 7 (application-level) routing, health monitoring of backend services, SSL offloading, session persistence, and failover handling.
  • Ensures optimal resource utilization, high availability, and uninterrupted service during node failures or rolling updates.

Data Layer

  • The platform uses Always-On High Availability (HA) failover clusters for its data services.
  • These clusters are configured for synchronous replication and automatic failover, ensuring continuous access to critical data.

Data Center Architecture

  • All infrastructure nodes are hosted in geographically separated Tier 3 data centers located in the European Union, ensuring compliance with EU data residency and privacy regulations.
  • The data centers are ISO 27001 and ISO 9001 certified, equipped with redundant power (1800 kVA capacity), climate control, and fire suppression systems.
  • Built with independent network paths and 326 rack capacity across 805 square meters of floor space.
  • Operated by a provider with in-house expertise and a redundant backbone network, enabling rapid deployment and high service availability.
  • This setup allows for live maintenance without service interruption, multi-node failure resilience, disaster recovery readiness, and setup within 24 hours for new deployments or scaling needs.

Update Strategy

  • All infrastructure components support live updates and rolling maintenance.
  • The only exception is core software upgrades, which require brief, scheduled downtime to ensure consistency and integrity across all services.

Discover More

Ready to explore our application in depth? Reach out for a demo, request more information, or dive into our detailed insights.

Request more info or demo
Getting started
Features

Contact us

03 / 295 17 00

Palieterdreef 53
2280 Grobbendonk

hello@blueit.be