Build apps with these cloud architecture diagram examples

Evolution of app architecture

Since the development of the mainframe and minicomputer, enterprise applications have been monolithic -- large, sprawling systems with upward of a hundred thousand lines of code. The PC-era and client-server computing led to a modicum of functional disaggregation, as application user interfaces were built for the PC OS.

Additionally, back-end software was split into separate middleware and database systems. After adapting to technology improvements, like server virtualization and SAN storage pools, such N-tier partitioning persists today in most on-premises systems.

Cloud services significantly alter application architectures through several innovations:

• On-demand, automatically scalable compute instances and multiple types of storage
• Event-driven serverless services
• Application container instances and managed container clusters
• Packaged services for many standard functions such as databases, data warehouses, data caching, load balancing, message queueing, virtual network routing and termination, notifications and content distribution

Applications designed for the cloud typically perform better and more efficiently when broken down into subsystems, many of which can be implemented via packaged cloud services. As a bonus, an increasing number of cloud products don't require provisioning VMs and can automatically scale to handle higher workloads.

The ease of deploying cloud resources and services, and the availability of independent availability zones and geographic regions, makes it simple to implement highly available designs that are resistant to failures at every layer via redundant servers, storage objects and volumes, databases, and network interfaces.

Management automation and automatic scalability features are built into many cloud services. This changes infrastructure design guidelines compared with on-premises standards by emphasizing:

• Scale-out systems that are inherently redundant and easily scaled
• Loosely coupled, independent components that can fail and relaunch without affecting other application layers
• Components or layers that replicate across multiple availability zones and cloud regions
• Security control points between components to minimize the blast radius of compromised systems and provide least privilege permissions for each component

Let's explore cloud application architectures that illustrate these design guidelines using both generic and cloud-specific services.

Serverless website design

Developers can use event-driven cloud services to build websites without deploying dedicated servers for the web front ends, middleware function handling and database storage.

AWS' broad portfolio of serverless products makes it an ideal choice for dynamic websites without the web server. The following example uses AWS cloud services to handle all subsystems, including:

• AWS Amplify. Creates and hosts static content and automatically deploys it to a global content delivery network.
• Amazon Cognito. Hosts a site's user directory and handles authentication.
• Amazon API Gateway. Parses and directs incoming REST requests to the appropriate function handler.
• AWS Lambda. Executes the code for each API function call.
• Amazon DynamoDB and Amazon Redshift. Host persistent data used or created by the site. IT teams can also use other AWS managed database offerings instead of or in addition to these products in this scenario.

Traditional website design

A traditional design for a multi-tier website uses compute instances for the user interface and back-end application code. This type of design also uses a cloud database to store and process persistent data, and load balancers distribute traffic across multiple instances and availability zones between each tier.

The image below shows a traditional website design on Google Cloud using the following cloud services:

• Google Cloud Compute Engine. The first two tiers use Compute Engine instances configured for autoscaling, with each tier deployed in two different zones.
• Google Cloud SQL. A Cloud SQL instance stores and analyzes data and is configured for multizone replication to improve availability.
• Load balancer. An external and internal load balancer distributes traffic across the compute instances.
• Identity-Aware Proxy. Incoming traffic passes to an Identity-Aware Proxy service for user authentication.
• Security Command Center. A Security Command Center instance filters security threats.

Image classification for mobile and web apps

Cloud services are often used for machine learning and deep learning applications, because the software and infrastructure required to implement sophisticated algorithms are expensive and require specialized expertise to develop, configure and manage.

The diagram below illustrates how to process images using a mobile app to identify objects and faces and then match them to known individuals in a database using Microsoft Azure. The design includes the following components:

• Azure API Management. An API management instance to store API descriptions and process incoming calls.
• Azure Functions App. Several Azure Functions apps retrieve images, send them to persistent storage, retrieve new images from an Azure Event Grid subscription and then send them to Azure Cognitive Services. An additional Azure Function app retrieves and returns matches from the database to the mobile app.
• Azure Blob Storage. Blob storage is used for image uploads, as well as static content, for a web application.
• Azure Event Grid. Event Grid sub/pub receives notifications of new uploads and forwards them to a function for processing.
• Azure Computer Vision. This AI service analyzes images and extracts metadata. The app can also use the Azure Cognitive Search service to query metadata.
• Azure Cosmos DB. The database stores and matches metadata with existing entries.

An application with this architecture could match uploaded pictures against a customer, employee or user database to return profile information about individuals identified in a photo. A text transcription service could also use a variant of this design, replacing Azure Computer Vision with Azure natural language services, to translate audio and return a text transcript.

Cloud migration project

Architectural diagrams are helpful for one-time cloud migration projects, such as a lift-and-shift migration of VMs, migrating container clusters to cloud instances and migrating a legacy database to a cloud-native distributed service.

The following diagram illustrates the process for migrating an on-premises Oracle database to Google Cloud Spanner using the following Google services:

• Google Cloud Storage. This storage service holds CSV files.
• Google Cloud Dataflow. Cloud Dataflow performs extract, transform and load processing. This includes parsing the CSV files, converting them to Spanner mutations -- data inserts, updates and deletes -- and handling parsing and processing errors.
• Google Cloud Spanner. Cloud Spanner receives the output from Cloud Dataflow.