Skip to main content

Architecture and Stability

Tonkean is designed and built with security, scalability, and availability as first principles. It leverages modern microservices and containerization paired with a cloud-agnostic, multi-region infrastructure to support mission-critical enterprise workloads.


Tonkean is cloud-agnostic and can be deployed on any of the three major cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). All deployments feature a hardened operating system installation, firewall protection, and are regularly updated with patches.

There are three deployment options:

  • Public cloud - Tonkean multi-tenant shared environment leverages the AWS public server cloud. It has tenant isolation and encryption that ensures data segregation and protections managed by Tonkean.

  • Dedicated cloud - Single-tenant cloud environment that is dedicated to individual customers. This instance is managed by Tonkean and hosted on AWS infrastructure.

  • Private cloud - Tokean is installed on your organization's private cloud infrastructure environment. Your internal IT team manages and is responsible for this environment.

Infrastructure Layout and Security

The Tonkean frontend is powered by the Tonkean API, which allows users to build and manage their workflows, and also enables secure webhook connections with various third-party applications—providing real-time updates and data flow. Users interact with the frontend through a web UI on their chosen device.

Backend services generally process and store data, including data from user-connected sources. The backend also powers notifications, runs workflows, and calculates formulas.

These processes are made possible by several applications and databases that mediate between the Tonkean API and the backend using HTTPS and TLS. Access to each of these applications is granted only to the Tonkean API and backend using specific IPs through a secure VPN connection.

Infrastructure security is our top priority and is maintained in various ways:

  • End-to-end network isolation - The virtual private cloud is logically separated from other cloud customers to prevent data within the cloud from being intercepted.

  • Firewall protection - All servers are protected by restricted AWS firewalls rules. The configuration of AWS firewalls rules is restricted to authorized personnel.

  • Server hardening - All server services are hardened according to industry best practices.