AHI Cloud provides mechanisms to support AHI technologies, including such features as:
- Remote files hosting to offload some of the SDK content to help reduce the SDK install size.
- User authorization (authZ), not to be confused with user authentication, which helps control rate limits.
- Billing service for the SDK to submit billing events to for AHI to track and create invoices.
AHI Cloud is built in a way that can be deployed and managed by AHI partners. Optionally, AHI can deploy and manage on the cloud service on the partner's behalf.
AHI Cloud is implemented as a suite of Terraform scripts, following the "Infrastructure as Code" architecture solution. Currently, AHI Cloud is devised of AWS (Amazon Web) services, but as these services are generic and widely offered by other Cloud providers, it is entirely possible for AHI Cloud to adopt other Cloud providers in the future.
High level architecture of the AHI Cloud solution:
Where the cloud components are:
- a. The AHI Billing service.
- b. The AHI License service.
- c. The CDN files service. SDK resources can either be geo-located (as depicted) or global (default).
- d. The license auto-renew service.
- e. The partner specific billing service backbone.
- f. The partner specific user authorization service.
- g. The "Scan Control" mechanism, where user's must first be in credit to do a scan.
And MultiScan client SDK interacts with AHI Cloud:
- MultiScan Client SDK will request and receive configuration details when
- SDK remote resources will be downloaded by the MultiScan Client SDK. This can either be from AHI global CDN, or partner confined CDN (as depicted), depending on the arrangement.
- Once user has been authenticated (i.e. logged in), the user must be "announced" to AHI to grant them access, through a process of user authorization. No sensitive data is transmitted for user authorization to AHI services.
- Billing events will be sent from AHI MultiScan Client SDK to AHI Cloud so that AHI may can accurately determine invoices and usage metrics for AHI partners.
- Some scan technologies require cloud resources for processing, such as FaceScan. This can be unique depending on the particular scan being requested.
- Each partner deployment will periodically be reissued with a new AHI service license. Without this license, the service will expire and cause scans to be disabled.
- Billing events are first buffered in each partner deployment, then submitted to AHI global as a batch operation. This allows AHI service to be highly scalable and consist of multiple data redundancies. AHI Billing solution utilizes a ledger technology where each billing event is unique and immutable on the chain, allowing for a high degree of confidence in the security and accuracy of billing events.
- Scan credit will be recorded and signed by AHI as a security measure.