JMerlo

System Design for Rally Advisor Market

Overview

Rally Advisor Market is a platform designed to connect users with vetted independent financial advisors. The system supports three distinct user roles: Clients, Advisors, and Admins. Each role interacts with the platform in unique ways:

  • Clients: Search for and connect with advisors.

  • Advisors: Manage their profiles, connect with clients, and provide advice.

  • Admins: Approve, reject, and revoke credentials to maintain platform integrity.

The platform leverages a microservices architecture orchestrated with Kubernetes, ensuring scalability and modularity.

 

Architecture

Core Components

  1. Django REST API

    • Acts as the gateway for all platform interactions.

    • Protects each endpoint with Access Control Lists (ACL).

    • Does not directly interact with SQL/NoSQL databases (except the Sessions Database).

    • Dispatches requests to microservices or queues them for the Executor.

  2. Microservices

    • Built with Python and communicate via gRPC.

    • Deployed in Kubernetes with an Istio service mesh for seamless service discovery and management.

  3. Databases

    • PostgreSQL: Stores normalized core data, such as relationships and approvals.

    • Cassandra: High-throughput and low-latency NoSQL database for chat data and profile details.

    • Redis: Caches session credentials and queues asynchronous requests.

  4. Monitoring and Support

    • Prometheus and Grafana for real-time monitoring and visualization.

    • HubSpot Integration: Automates ticket creation for access requests, abuse reports, and critical incidents.

Infrastructure

  • Deployed using Kubernetes, with databases managed as operators for high availability and fault tolerance.

  • Implements JWT-based authentication for efficient session and token management.

 

Domains

1. Account

  • Primary Key: UUID

  • Services: GUAP (Global User Adivor Profile) and Knox (Session Manager).

  • Handles user authentication, authorization, and account lifecycle management.

  • Access Control:

    • ACLs represented as key-value pairs.

    • Access statuses include: -2 (Apply for Access), -1 (Awaiting Approval), 0 (No Access), 1 (Access Granted), 2 (Access Revoked).

  • Session Management:

    • Uses Redis for storing session credentials and Cassandra for storing refresh tokens.

    • Tokens are JWTs to allow pre-database validation.

    • Token revocation on ACL changes ensures updated permissions.

2. Search

  • Primary Key: Slugs (readable, descriptive strings).

  • Services: Match Engine and Explore.

  • Match Engine:

    • SQL-based service for matching clients with advisors based on needs and financial situations.

    • Ensures equitable distribution of potential clients among advisors.

  • Explore:

    • Returns a list of advisors’ unique slugs.

    • Stores these results in Cassandra for quick retrieval.

3. Connect

  • Primary Key: UUID

  • Services: Advice Broker and Advisory.

  • Advice Broker:

    • Facilitates connections between clients and advisors.

    • Each connection is represented as an Advice entity with a unique ID.

  • Advisory:

    • Manages the state of advisor-client relationships in PostgreSQL.

    • Stores profile details and chat data in Cassandra.

  • Chat Subsystem:

    • A core feature of the Advisory service.

    • Generates a unique, non-expiring chat JWT containing user ID, chat ID, and role.

    • Chat tokens bypass database queries for role-based authorization, enhancing performance.

 

Workflows

Advisor Approval

  1. Advisor submits an application.

  2. Admin reviews credentials and application materials.

  3. Upon approval:

    • Advisor receives a unique slug.

    • Profile details stored in Cassandra for fast access.

Client-Advisor Matching

  1. Client searches for an advisor using specific criteria.

  2. Match Engine returns a list of advisors (via their slugs).

  3. Explore service stores the list for future reference.

Chat and Advice Management

  1. Advice entity created for each advisor-client connection.

  2. Advisory service handles relationship states and stores associated data.

  3. Chat tokens ensure seamless and secure communication.

 

Key Technologies

  • Languages: Python, JavaScript

  • Frameworks: Django (API), gRPC (microservices), React (single page app)

  • Databases: PostgreSQL, Cassandra, Redis

  • Orchestration: Kubernetes with Istio

  • Monitoring: Prometheus, Grafana

  • Integrations: HubSpot

Scalability and Fault Tolerance

  1. Kubernetes ensures dynamic scaling and service resilience.

  2. Istio service mesh provides traffic management, load balancing, and observability.

  3. Database operators manage backups, failover, and high availability.

  4. Redis and Cassandra enable low-latency responses and high-throughput operations.

Security Considerations

  1. JWT-based authentication ensures token validity and tamper resistance.

  2. Token revocation mechanism prevents unauthorized access.

  3. ACL-based endpoint protection enforces role-specific permissions.

  4. Cassandra and PostgreSQL ensure secure data storage and retrieval.

Conclusion

The Rally Advisor Market platform’s design emphasizes modularity, scalability, and security. By leveraging modern technologies and best practices, the system provides a robust and user-friendly experience for clients, advisors, and admins alike.

Leave a Reply

Your email address will not be published. Required fields are marked *