RRamainDocs
Infrastructure

SaaS Architecture

Overview of the Ramain SaaS deployment for customers not requiring on-premises installation.

For customers not requiring on-premises deployment, Ramain operates as a multi-tenant SaaS platform hosted and managed by Ramain.

Architecture

The SaaS deployment runs on Ramain-managed infrastructure with shared compute and storage resources, while maintaining tenant isolation at the application and data layers.

Core components:

  • Edge: CloudFront CDN with WAF protection
  • Application: Node.js backend + React frontend
  • Database: Supabase (PostgreSQL + auth)
  • Browser automation: Kernel cloud browser sessions (isolated per tenant)
  • AI: Claude via Anthropic API
  • Storage: AWS S3 for artifacts and uploads
  • Monitoring: CloudWatch + application metrics

Tenant Isolation

Each customer tenant has:

  • Isolated database rows (row-level security)
  • Separate browser sessions
  • Scoped API access via authentication tokens
  • Independent user management and roles

Data Residency

All data resides in Ramain's AWS account. Customer data is logically isolated but shares physical infrastructure.

For customers requiring data to remain in their own cloud account, see On-Premises Architecture.

Security

  • TLS 1.2+ encryption in transit
  • Encryption at rest for all stored data
  • SOC 2 Type II controls
  • ISO/IEC 27001 certified
  • GDPR compliant

Operations

Ramain handles all infrastructure management, updates, scaling, backups, and monitoring. Customers access the platform via web interface and API.

AWS Reference Architecture

Overview of the on-premises AWS deployment for the Ramain platform.

Components

Every AWS service used in the deployment, organized by layer, with the configured specification for each.

On this page

ArchitectureTenant IsolationData ResidencySecurityOperations