Technical Overview

This document provides a detailed technical overview of the Altan Database Service infrastructure, focusing on its architecture, security mechanisms, and scalability features.

Altan leverages:

Google Cloud Platform's AlloyDB for PostgreSQL databases

Kubernetes (GKE) for hosting services and proxies

Open-source PostgREST for client-facing and internal administrative APIs

The system ensures robust tenant isolation, high availability, and seamless scalability for multi-tenant applications.

Architecture Overview

The Altan Database Service is a modular, cloud-native platform for managing structured data collaboratively across multiple tenants.

Core Components

AlloyDB for PostgreSQL
A fully managed, PostgreSQL-compatible database service on Google Cloud Platform (GCP) that provides high performance, scalability, and availability for enterprise-grade workloads.

Kubernetes (GKE)
Hosts Altan's services, including client-facing APIs, internal administrative services, and proxies (e.g., AlloyDB Auth Proxy for secure database connections).

PostgREST
Exposes RESTful APIs for both client-facing and internal operations. Two instances are deployed:

Client-facing APIs

Admin APIs
Ensures clear separation of concerns.

Row-Level Security (RLS)
Enforces fine-grained access control at the database level to ensure tenant data isolation and security.

Core Entities

Altan organizes data into five core entities:

Databases (Bases) – Top-level containers for tables with access control, collaboration features, and API integration.

Tables – Structured collections of records with metadata, versioning, and customizable views.

Fields – Define schemas, data types, validation rules, and relationships.

Records – Rows storing actual data with full CRUD support.

Views – Customizable interfaces for displaying/interacting with data (grid, calendar, kanban, etc.).

Security Mechanisms

Security is central to Altan’s design, focusing on tenant isolation, data protection, and secure access control.

1. Tenant Isolation with Row-Level Security (RLS)

PostgreSQL Schemas per Tenant – Each tenant gets a dedicated schema.

RLS Policies – Restrict access based on JWT-authenticated identity.

Zero-Trust by Default – No policy means no access.

Immutable Enforcement – RLS applies regardless of access method.

JWT Integration – Metadata (e.g., account_id, user_id, role) is injected into DB sessions securely.

2. Dedicated Instances for Critical Workloads

Dedicated AlloyDB Instances – For high-sensitivity or high-throughput tenants.

Private VPC Connectivity – Secure, private IP access via AlloyDB Auth Proxy with IAM authentication.

Encryption – Data encrypted at rest (AES256/AES128) and in transit (TLS).

3. PostgREST Security

Two Instances:

Client-Facing – Tenant-specific schemas + RLS enforcement.

Admin – Internal operations only, restricted network segment.

Role-Based Access Control (RBAC) – Requests execute under specific DB roles (api_user, admin_user).

4. Auditability & Monitoring

Audit Logs – Full traceability via Google Cloud audit logging.

Monitoring & Alerts – Integrated with Google Cloud Monitoring for anomalies.

5. Additional Security Features

IAM Integration – Fine-grained permissions for DB & cluster management.

Network Security – Private VPC deployments with network policies & firewall rules.

Compliance – Supports GDPR, HIPAA, SOC2.

Scalability Features

Altan scales from small apps to enterprise-grade systems.

1. AlloyDB’s Disaggregated Architecture

Compute Scaling – Adjust nodes dynamically.

Storage Scaling – Auto-expanding distributed storage layer.

Read Replicas – Up to 20 per cluster.

2. Kubernetes (GKE) Scalability

Horizontal Pod Autoscaling (HPA) – Scales PostgREST & proxies based on metrics.

Cluster Autoscaler – Adjusts GKE nodes automatically.

Multi-Zone Deployment – High availability across zones.

3. PostgREST Scalability

Stateless Design – Load-balanced scaling.

Query Optimization – Efficient SQL translation.

Batching Support – Faster high-volume operations.

4. Workload-Specific Optimizations

Dynamic Sharding – Auto-redistribution for spikes.

Columnar Engine – Up to 100x faster analytics.

Caching – Low latency with ML-driven data tiering.

5. Cross-Region Replication

Secondary Clusters – Disaster recovery & failover.

Global Accessibility – Multi-region PostgREST deployment with global load balancing.

Integration with AI and Automation

Vertex AI Integration – Run ML models inside SQL queries.

RLS for AI Agents – AI queries respect tenant isolation.

Scalable AI Workloads – Vector search + high-performance analytics.

Conclusion

Altan’s infrastructure, built on AlloyDB, GKE, and PostgREST, provides:

Strong tenant isolation with RLS

Flexible scaling for diverse workloads

AI-ready integration

Happy building with Altan! 🚀

Technical Overview

Architecture Overview#

Core Components#

Core Entities#

Security Mechanisms#

1. Tenant Isolation with Row-Level Security (RLS)#

2. Dedicated Instances for Critical Workloads#

3. PostgREST Security#

4. Auditability & Monitoring#

5. Additional Security Features#

Scalability Features#

1. AlloyDB’s Disaggregated Architecture#

2. Kubernetes (GKE) Scalability#

3. PostgREST Scalability#

4. Workload-Specific Optimizations#

5. Cross-Region Replication#

Integration with AI and Automation#

Conclusion#