CloudBees Unify uses a cloud-native, microservice architecture that provides scalable, reliable software delivery automation. Understanding how the platform is built helps you make informed decisions about setup, integrations, and technical requirements for your organization.
What the architecture enables
CloudBees Unify’s architecture delivers several key benefits:
-
Scalability: Microservices scale independently based on workload demands.
-
Reliability: Distributed services provide fault tolerance and high availability.
-
Flexibility: Container-based deployment adapts to different organizational needs.
-
Integration: Open standards enable connections with existing development tools.
-
Security: Network isolation and access controls protect sensitive workflows.
This foundation supports everything from individual developer workflows to enterprise-scale software delivery orchestration.
Core architectural principles
CloudBees Unify is built on three foundational design principles that enable scalable, reliable software delivery automation. These principles shape how the platform operates and integrates with your existing development infrastructure.
Microservice architecture
CloudBees Unify consists of independent services that communicate through well-defined APIs. Each service handles specific platform functions like user management, workflow execution, or security scanning. This design provides several advantages:
-
Services can be updated and scaled independently.
-
Failures in one service don’t affect others.
-
Different services can use optimal technologies for their specific functions.
-
Resource allocation can be tuned per service based on usage patterns.
Container-based deployment
All platform services run as containers orchestrated by Kubernetes. Deployment automation uses Helm charts and Pulumi scripts to ensure consistent, repeatable infrastructure provisioning. This approach enables:
-
Consistent environments across regions and deployments.
-
Automated scaling based on demand.
-
Simplified updates and rollbacks.
-
Efficient resource utilization.
Cloud-native philosophy
The platform leverages cloud-native technologies and patterns:
-
Kubernetes for container orchestration.
-
Tekton for workflow execution.
-
OpenSearch for logging and analytics.
-
OAuth and OpenFeature for standards-based integrations.
This foundation integrates naturally with existing cloud-native development workflows.
Infrastructure components
CloudBees Unify runs on a standardized set of AWS infrastructure components designed for enterprise-scale software delivery. Understanding these components helps you plan integrations, assess network requirements, and optimize performance for your organization.
AWS regional model
CloudBees Unify deploys within AWS regions using a standardized infrastructure template. Each deployment includes:
-
Kubernetes clusters: Platform services and workflow execution environments.
-
Databases: RDS for transactional data, OpenSearch for logs and metrics, Cassandra for specific use cases.
-
Storage: S3 for artifacts, logs, and backup data.
-
Networking: VPC with subnets, security groups, and load balancers.
-
DNS and certificates: Route 53 for domain routing, Certificate Manager for TLS.
-
Content delivery: CloudFront CDN for global performance.
-
Monitoring: Datadog integration for platform observability.
Kubernetes cluster organization
Each region typically includes two EKS clusters with distinct purposes:
Platform services cluster: * Hosts core CloudBees Unify services (user management, API gateway, dashboards). * Manages workflow orchestration and scheduling. * Runs security scanning and analytics services. * Handles integrations with external systems.
Workflow execution cluster: * Dedicated to running customer workflows via Tekton. * Isolated from platform services for security and performance. * Scales based on workflow demand. * Provides clean execution environments for builds and deployments.
This separation ensures that workflow execution doesn’t interfere with platform operations.
Deployment configurations
CloudBees Unify offers flexible deployment options to match different organizational needs for availability, performance, and cost optimization. The choice between single-region and multi-region deployment affects infrastructure costs, operational complexity, and business continuity capabilities.
Single-region deployment
Most organizations start with single-region deployment, which provides:
-
Cost-effective infrastructure footprint.
-
Simplified management and monitoring.
-
Adequate performance for geographically concentrated teams.
-
Full platform functionality including high availability within the region.
Choose single-region when: * Teams are primarily located in one geographic area. * Latency to a single region meets performance requirements. * Budget optimization is a priority. * Compliance doesn’t require multi-region data residency.
Multi-region deployment
Multi-region deployment adds geographic distribution and enhanced availability:
-
Data replication: S3, RDS, OpenSearch, and Cassandra replicate across regions.
-
Traffic distribution: DNS routing directs users to their nearest region.
-
Workload distribution: Workflows can execute in optimal regions.
-
Disaster recovery: Platform remains operational if one region fails.
Choose multi-region when: * Teams are distributed globally. * Low latency is critical for all users. * Business continuity requires maximum availability. * Compliance mandates geographic data distribution.
Integration patterns
CloudBees Unify integrates with your existing development toolchain through multiple connection methods and protocols. These integration patterns accommodate different organizational security requirements, from public SaaS tools to private enterprise infrastructure.
Connecting external systems
CloudBees Unify integrates with development tools through several patterns:
-
API-based integrations: Direct connections to SaaS platforms like GitHub, Jira, and monitoring tools.
-
Webhook receivers: Event-driven triggers from external systems.
-
Agent-based connections: Secure tunnels for private infrastructure access.
-
Standard protocols: OAuth, SAML, and other industry standards for authentication.
Private network connectivity
For organizations with private infrastructure, CloudBees Unify offers secure connectivity options:
-
Single-tenant deployments: Dedicated infrastructure with VPC peering or transit gateways.
-
Private endpoints: Secure connections to private SCM, artifact registries, and deployment targets.
-
Network isolation: Traffic routing that never traverses public internet.
-
Compliance alignment: Architecture that meets enterprise security requirements.
API and authentication architecture
The platform provides multiple access methods:
-
Web UI: Browser-based access for interactive platform management.
-
REST APIs: Programmatic access for automation and custom integrations.
-
CLI tools: Command-line interfaces for developer workflows.
-
SDK libraries: Language-specific libraries for application integration.
Authentication supports personal access tokens, OAuth flows, and SAML federation to integrate with existing identity systems.
Operational considerations
Understanding how CloudBees Unify scales, updates, and maintains itself helps you plan for growth and operational requirements. These characteristics affect capacity planning, maintenance windows, and operational monitoring strategies.
Scalability and performance
The architecture scales through several mechanisms:
-
Horizontal scaling: Adding more instances of services as demand increases.
-
Cluster autoscaling: Kubernetes automatically provisions nodes for workflow spikes.
-
Database scaling: Managed database services handle capacity expansion.
-
CDN optimization: Global content delivery reduces latency for distributed teams.
Updates and maintenance
CloudBees manages platform updates through:
-
Rolling deployments: Services update without downtime.
-
Scheduled maintenance windows: Coordinated updates for infrastructure components.
-
Version compatibility: Backward compatibility for APIs and integrations.
-
Status communication: Proactive notification of maintenance and incidents.
Monitoring and observability
Built-in observability includes:
-
Platform health monitoring: Real-time status of all services and infrastructure.
-
Performance metrics: Response times, throughput, and resource utilization.
-
Security monitoring: Access patterns, authentication events, and threat detection.
-
User activity analytics: Usage patterns and adoption metrics.
Next steps
Now that you understand CloudBees Unify’s architecture:
-
Review technical requirements to verify compatibility with your environment