Search

Filer Architecture

Aaron Rendell
Aaron Rendell

All the components of Encodian Filer will be installed in a customer’s own Azure and SharePoint Online tenant. The following diagram shows the components that form the base architecture of the product.

Port 433   Port 433   Port 433   Port 1433   Port 433  

App Plan & App Services

An Azure App Plan is a set of compute resources for the App Services to run under.

The Filer API App Service provides both internal and 3rd party access to the APIs exposed by Filer including,

  • Routing - submission service that accepts a document and associated metadata and routes it to the correct destination within Filer.
  • Entities - service that acts as proxy between Filer and 3rd party entity sources.  Entity data is transformed into a standard format that can be consumed by Filer and 3rd party integrations.
  • Auditing - service that allows audit events from both Filer and 3rd party integrations to be captured.
  • Classification - service that returns classifications to both Filer and 3rd party integrations.  This includes access types and document types.

The Filer Management App Service hosts the administration interface for Filer.

Application Insights

All trace and logging data is tracked within the Application Insights resource.

Key Vault

The key vault is used to store certificates and secrets associated with the Entra ID App Registrations.

Storage Account

The storage account utilises blob storage for the temporary storage of documents, and message queues used to push messages around the solution.

Function App

The Function App is used for long running operations such as file conversions, record operations (merge and move), and document library creation.

The following section provide a high-level summary of the Functions running within the Function App.

Queues

These functions map to queues in the Filer Storage Account. When an item is added to a queue, it is picked up and processed by the function app, typically for long-running operations.

  • CopyBriefcaseRecordOperationFunction: Processes the asynchronous copying of documents into a Briefcase, which can be used for Subject Access Requests (SAR).
  • ProcessBriefcaseFunction: Processes a briefcase and its documents into either a merged PDF or a Zip file ready for distribution.
  • RecordOperationFunction: Helps process record operations initiated via the admin, such as moving or merging documents between entities if they were added incorrectly.
  • RoutingOperationFunction: Handles the processing of documents added to Filer, including converting to PDF, performing OCR, and adding metadata.
  • SaveBriefcaseRecordOperationFunction: Backend operation for saving a document after it has been redacted in a Filer Briefcase.
  • SavePolicyOperationFunction: Performs backend processing to recalculate expiry and retention dates when a policy is saved in the admin.

Timers

The function app will run based on schedule-based functions.

  • AuditRecordPurgingFunction: Purges audit records from the Filer application after 90 days (default). Runs daily.
  • BreakGlassScheduleFunction: Checks and revokes temporary permissions granted to a user every 5 minutes.
  • BriefcaseRetentionScheduleFunction: Deletes briefcases that have passed their retention date. Runs daily.
  • PolicyManagementExpiryActionFunction: Processes documents associated with a Filer document type that has passed its retention/expiry date. Runs daily.
  • PolicyManagementFunction: Recalculates expiry/retention dates. Runs daily.
  • RecordOperationPurgingFunction: Deletes record operation entries in the Filer database after 90 days. Runs daily.
  • RecordPurgingFunction: Deletes records/document references in the database marked as deleted. Runs daily.
  • RoutingOperationPurgingFunction: Deletes routing operation entries in the Filer database after 90 days. Runs daily.
  • RunSiteLibraryDeltaQueryFunction: Updates delta information in Filer to reflect documents manually deleted from the SharePoint library. Runs frequently.
  • SendRecordNotificationFunction: Notifies users about record updates.
  • SiteLibraryManagementFunction: Monitors the health of a document library and creates a new copy if it exceeds a certain number of records. Runs daily.
  • UpdateDocumentCreditsFunction: Updates the credits value stored in the database against the configuration every 5 minutes. This function is related to the older licensing approach based on credits. Please check with Aaron and Dan K regarding the current approach.
  • UpdatePageCountFunction: Calculates the number of pages in a document. This calculation is done when a new document is added to Filer and runs frequently to keep counts up to date.
  • UpdateSiteLibraryStatisticsFunction: Updates site library statistics every 5 minutes, including record and entity counts, and saves the information against the site library reference in the Filer dataset. This information is used to assess the health of the site libraries.

 

SQL Server & Database

Filer configurations are stored within an Azure SQL database.

Resilience

All Azure resources rely on the default resilience Microsoft provides for each resource type. No additional resilience features are used with Encodian Filer, this includes but is not limited to features such as availability zones or multi geo.

Vulnerability Management

Filer is installed in your own Azure environment. The solution is hosted on your infrastructure and as such responsibility for testing and managing vulnerabilities would lie with yourselves. Security is handled using your Active Directory.

If a vulnerability was detected in the components that make up our part of the solution, it would be investigated, patched and an update would be released for deployment into your environment. Internally, we use Microsoft Defender Advanced Threat Protection, and conduct Penetration tests every six months.