Architecture - Overview
Learn about the key components of the Aptible platform architecture and how they work together to help you deploy and manage your resources
Overview
Aptible is an AWS-based container orchestration platform designed for deploying highly available and secure applications and databases to cloud environments. It is compromised of several key components:
- Stacks: Stacks are fundamental to the network-level isolation of your resources. The underlying virtualized infrastructure (EC2 instances, private network, etc.), provides network-level isolation of resources. Each stack is hosted in a specific region and is comprised of environments. Aptible offers shared stacks (non-isolated) and dedicated stacks (isolated). Dedicated stacks automatically come with a suite of security features, including encryption, DDoS protection, host hardening, intrusion detection, and vulnerability scanning — alleviating the need to worry about security best practices.
- Environments: Environments determine the logical isolation of your resources. Environments help you maintain a clear separation between development, testing, and production resources, ensuring that changes in one environment do not affect others.
- Containers: Containers are at the heart of how your resources, such as apps and databases, are deployed on the Aptible platform. Containers can be easily scaled up or down to meet the needs of your application, making it simple to manage resource allocation.
- Endpoints (Load Balancers) allow you to expose your resources to the internet and are responsible for distributing incoming traffic across your containers. They act as load balancers to ensure high availability and reliability for your applications. See App Endpoints and Database Endpoints for more information.
FAQ
How does the Aptible platform/architecture compare to Kubernetes?
How does the Aptible platform/architecture compare to Kubernetes?
Aptible is a custom-built container orchestration solution designed to streamline deploying, managing, and scaling infrastructure scaling, much like Kubernetes. However, Aptible distinguishes itself by being developed in-house with a strong focus on security, compliance, and reliability. This focus stemmed from our original mission to automate HIPAA compliance. As a result, Aptible has evolved into a platform for engineering teams of all sizes, ensuring private, fully secure, and compliant deployments - without the added complexities of Kubernetes.
Moreover, Aptible goes beyond basic orchestration functionalities by providing additional features such as Managed Databases, a 99.95% uptime guarantee, and enterprise-level support for engineering teams of all sizes.
What kinds of isolation can Aptible provide?
What kinds of isolation can Aptible provide?
Multitenancy is a key property of most cloud computing service models, which makes isolation a critical component of most cloud computing security models.
Aptible customers often need to explain to their own customers what kinds of isolation they provide, and what kinds of isolation are possible on the Aptible platform.
The Reference Architecture Diagram helps illustrate some of the following concepts.
Infrastructure
All Aptible resources are deployed using Amazon Web Services. AWS operates and secures the physical data centers that produce the underlying compute, storage, and networking functionality needed to run your Apps and Databases.
Network/Stack
Each Aptible Stack is an AWS Virtual Private Cloud provisioned with EC2, ELB, and EBS assets and Aptible platform software.
When you provision a Dedicated Stack on Aptible, you receive your own VPC, meaning you receive your own private and public subnets, isolated from other Aptible customers…
You can provide further network level isolation between your own Apps and Databases by provisioning Additional Dedicated Stacks.
Host
The Aptible layers where your Apps and Databases run are backed by AWS EC2 instances, or hosts.
Each host is deployed in a single VPC. On a Dedicated Stack, this means you are the only Aptible customer using those EC2 virtual servers.
In a Dedicated Stack, these EC2 instances are AWS Dedicated Instances, meaning Aptible is the sole tenant of the underlying hardware. The AWS hypervisor enforces isolation between EC2 hosts running on the same underlying hardware.
Within a Stack, the EC2 hosts are organized into Aptible services layers. Each EC2 instance belongs to only one layer, isolating against failures in other layers:
App Layer: Runs your app containers, terminates SSL. Database Layer: Runs your database containers. Bastion Layer: Provides backend SSH access to your Stack, builds your Docker images. Because Aptible may occasionally need to rotate or deprovision hosts in your Stack to avoid disruptions in service, we do not expose the ability for you to select which specific hosts in your Stack will perform a given workload.
Environment
Aptible Environments are used for access control.
Each environment runs on a specific Stack. Each Stack can support multiple Environments. Note that when you use Environments to separate Apps or Databases, those resources will share networks and underlying hosts if they are on the same Stack.
You can use separate Environments to isolate access to specific Apps or Databases to specific members of your organization.
Container
Aptible uses Docker to build and run your App and Database Containers.
Each container is a lightweight virtual machine that isolates Linux processes running on the same underlying host. Containers are generally isolated from each other, but are the weakest level of isolation.
You can provide container-level isolation between your own customers by provisioning their resources as separate Apps and Databases.