Skip to main content

Acceptance and production environment reference architecture

Introduction to the acceptance and production environment reference architecture

For the infrastructure of the Acceptance (UAT) and Production environments it’s best when they are identical in architecture, components, configuration, and capacity. Ensuring parity between these environments guarantees realistic user acceptance testing, accurately reflects actual usage scenarios, and minimizes deployment risks. Any deviations could lead to discrepancies in test results, reduced reliability, and unforeseen performance or stability issues in production.

Maintaining infrastructure consistency is essential for reliable deployments, effective troubleshooting, and high-quality software delivery.

Acceptance environment

Purpose

  • User Acceptance Testing (UAT), stakeholder validation, and final approval.

User Types

  • Product Owners & Stakeholders - Verify features against requirements
  • Business Analysts/Test Coordinators - Organize and oversee user testing
  • Representative End-users - Limited group for acceptance validation

Access Method

  • Typically via secure authentication, including:
    • OpenID / OAuth for realistic validation of external authentication
    • Internal/managed accounts for users without external IDs

Data

  • Realistic, but anonymized or sanitized datasets

Typical Activities

  • User scenario testing
  • Stakeholder demos
  • Sign-off on acceptance criteria

Production environment

Purpose

  • Live environment providing stable and secure service to actual users.

User Types

  • End-Users/Customers - Full access, performing real tasks and transactions
  • Administrators/Support Staff - Monitoring, supporting, and managing the environment
  • Operations Team (DevOps/SRE) - Manage infrastructure, deployments, and monitoring

Access Method

  • Robust authentication methods required, including:
    • OpenID / OAuth for secure external authentication
    • Multi-Factor Authentication (MFA) for administrative or sensitive access

Data

  • Real, live customer data

Typical Activities

  • Real usage, live transactions
  • Support, troubleshooting real-time incidents
  • Monitoring and proactive maintenance

Environment requirements

The acceptance and production environments must be stable, secure, and representative of the final application deployment. These environments are intended for validation, user acceptance testing (UAT), and live operations. The following technical and functional requirements apply:

  • Controlled Configuration - Clearly defined access controls, performance parameters, and security policies. Unlike development and test environments, changes should be strictly managed through formal change procedures.
  • AI Configuration - Requires an active (paid) API key to access AI services such as OpenAI or other platforms. API credentials must be securely stored and managed in accordance with internal security guidelines.
  • Microsoft SQL Server:
    • Version: Standard or Enterprise
    • Features: Full Text Search must be enabled
    • Production databases must be regularly backed up and monitored for performance and availability
  • Security (SSL/TLS):
    • Full support for SSL is required to ensure secure client-server communication
    • Use of HTTP is not permitted
    • Only trusted certificates are allowed:
      • Standard SSL certificate
      • Wildcard certificate
      • Self-signed certificates are not permitted
  • Availability & Monitoring - Environments must be monitored for uptime, performance, and security incidents. Logging and alerting mechanisms must support operational oversight and auditing.
  • Indicium Service Account - Must have:
    • Write permissions on the Indicium directory
    • Access rights to both the IAM database and the application database
    • Secure management in line with the organization's IAM policies

Cloud

Architecture and connections

Cloud acceptance and production environment reference architecture

Connections:

  1. Internet → External Firewall
    Traffic originating from the Internet passes through the external firewall.
  2. External Firewall → Azure Application Gateway or Azure Front Door (VNet 1)
    Incoming traffic is routed to Azure Application Gateway or Azure Front Door services.
  3. Application Gateway/Front Door → Internal Firewall
    Traffic passes through an internal firewall to reach internal VNets.
  4. Internal Firewall → App Service Plan (VNet 2)
    Secured traffic is routed to Azure App Service or similar hosting environments.
  5. Service Plan (App) → Azure Storage Account (VNet 3, optional)
    Applications may access Azure Storage for files, blobs, or data.
  6. Service Plan (App) → Azure SQL (VNet 2)
    Applications communicate with Azure SQL databases for storage, retrieval, and IAM.

Common Ports Overview:

ServiceTypical Port Numbers
HTTPTCP 80
HTTPSTCP 443
Azure SQL DatabaseTCP 1433 (TLS secured)
Azure StorageTCP 443

Sizing (hardware cloud)

Recommended Specs Cloud:

ComponentAzureAWSGoogle
SQLAzureDBAWS RDS
db.m5.xlarge (4 vCPU, 16 GB)
SQL Server
(4 vCPU, 16 GB)
Indicium & UniversalAppService
Premium v3 P2V3
Elastic Beanstalk
m6i.xlarge (4 vCPU, 16 GB)
Cloud Run (Memory: 2 GB)
Storage Bucket
Class data: Default Class Standard

Cloud environment setup

For more information about setting up a cloud environment, see:

On Premise

Architecture and connections

On-premise acceptance and production environment reference architecture

Connections:

  1. Internet → External Firewall
    External user traffic reaches the first firewall, which controls incoming web traffic.
  2. External Firewall → Reverse Proxy in DMZ
    Allowed traffic moves to the reverse proxy server located in the DMZ, which acts as a secure intermediary.
  3. Reverse Proxy (DMZ) → Internal Firewall
    Traffic verified by the reverse proxy moves through the internal firewall into the secure internal networks.
  4. Internal Firewall → App Server (Network 2)
    Application requests forwarded by the reverse proxy reach the internal application servers.
  5. Client Network → App Server (Internal)
    Internal clients (phones, laptops, tablets, desktops) connect directly to the application servers.
  6. App Server → SQL Server (Network 1)
    Application servers communicate with SQL servers for data queries, storage, and authentication.

Common Ports Overview:

ServiceTypical Port Numbers
HTTPTCP 80
HTTPSTCP 443
SQL ServerTCP 1433

Sizing (hardware on premise)

Recommended hardware specifications (IIS Server):

ComponentConfiguration
CPU4 vCPUs
Memory16 GB RAM
Storage100–200 GB
OSWindows Server 2019/2022

Recommended hardware specifications (SQL Server):

ComponentConfiguration
CPU4 vCPUs
Memory16 GB RAM
StorageWindows/SQL installation: 200 GB
SQL Data: 200 GB
SQL Log: 100 GB
Best practice: Separate the installation, data and log locations.
OSWindows Server 2019/2022
SQLSQL Server 2019/2022 Standard or Enterprise

On-premise environment setup

For more information about setting up an on-premise environment, see:


Was this article helpful?