CMA is an application designed for easy contracts management, mostly for large enterprise companies with the wide net of various business units and departments in different countries.
The application allows an easy access and various workflows setup using roles-based approach. As soon as organization structure, workflow and access are all configured, the system allows to:
So, the application functionality implements all of the steps of the contracts approval workflow, including electronic signing of the documents.
The application is developed using service-oriented approach, so the solution consists of several separated services. Each of the components of the solution is separately scalable and distributable. It allows to support vertical and horizontal scalability. Azure is used in the back-end as a cloud platform with the powerful automatic scalability and SLA. Therefore, the described approach provides the best possible level of the whole scalability and stability.
Most of the application components are implemented as WCF-services. At the same time there are several front-end components (HTTP based interface) and common services required in order to support different sign-on systems. To provide the best quality for the Enterprise companies, ADFS are integrated as a standard SSO for most-widely used corporate AD structures.
From high-level point of view, the application is separated into 3 layers:
Each of the layers is a separate solution and may be represented as a single instance or a farm of the instances. It is possible to scale each layer separately.
From deployment point of view, it was suggested to use Azure components as the layers supporting automatic deployment and provisioning:
Front-end is implemented as a standard ASP.Net MVC 5 application using the following technologies and libraries:
Business layer is implemented as a separate solution that provides the functionality via WCF API:
The authentication is implemented based on tokens. Front-end provides security tokens on each request. The token is used to authenticate and to authorize a user in the BL. At the same time, the connection from front-end to API itself is not secured and is protected by restricting the access to the API from the Internet. API modules are parts of the internal virtual network, from which only the front-end services are exposed to the end users.
Entity Framework with the code-first approach is used as an ORM. DTO (Data Transfer Objects) are implemented for data transfer from API to front-end. DTO classes do not contain any behavior and are purposed for the isolation of the required data from the unneeded behavior.
Considering the multi-tenancy requirements it was suggested to separate data in the database based on DB schemas. Each customer has his own set of tables included into his own schema. While DataContext is being created from the DataAccess layer, the application determines and sets the certain tenant’s DB schema, therefor any further processing does not take multi-tenancy into account .