High Level Architecture

The architecture of Symbee Connect Business Intelligence (SCBI) has been designed to provide an easy to install, complete end-to-end Business Intelligence solution for the Contact Center that is cost optimized for both small and large enterprises, is 100% AWS Serverless, and keeps customer data secure in the customer AWS account.

The customer no longer has to support updates/upgrades, costly time-consuming dev-ops processes to keep the solution up to date, and does not have to become an AWS data-science expert to use the solution.

The customer can use the Symbee Connect Business Intelligence (SCBI) solution with Amazon QuickSight to provide Contact Center reporting (real-time and historical), integrated data insights, predictive analytics and Generative AI capabilities during creation of dashboards.

The following two architecture diagrams provide a high-level overview of components and data flow within the Symbee Connect Business Intelligence (SCBI) solution. The complete set up and ongoing maintenance of everything depicted in the following views is provided though:

Live Data Capture and Visualization

Real-time Data Capture and Visualization

AWS Services Used

In the case of compliance and governance requirements, the following lists all the AWS Services utilized in the customers AWS account, and a summary description of the service's use and purpose in the context of the Business Intelligence solution (SCBI):

Amazon Kinesis (Firehoses)

Kinesis Firehoses are used to capture live data off Amazon Connect and Symbee Connect Kinesis Streams, transform and store the data into the Business Intelligence S3 Bucket. Firehoses are also used to storing Contact Lens data, Product Name Evaluation data, and for the one-time migration of Historical Data into the Business Intelligence solution.

Amazon S3

Two S3 Buckets are provisioned and used. One to hold the transformed and curated data received from Amazon Firehose - this is the source data for use by Amazon QuickSight. A second S3 bucket is used for temporary storage of Amazon Athena result-sets (data is only kept for 7 days in this bucket, and then deleted).

AWS Lambda

Lambda Functions are used in various places within the solution, as required:

Amazon EventBridge

EventBridge Rules are used to instigate the above referenced Lambda's, on either regular chronological intervals, or based on events indicating arrival of new data to be collected into the BI S3 bucket.

AWS Systems Manager

Parameter Store, a capability of AWS Systems Manager, is used during Historical Data migration, to track the current state of migration for each type of data being migrated.

AWS Glue

AWS Glue is used to define the database and table structures used when the data is stored in S3 (in Parquet format).

Amazon Athena

Athena is by Amazon QuickSight for the primary SQL-based access of the data collected in S3.

Amazon QuickSight

Amazon QuickSight is used by the Symbee Connect Business Intelligence solution as the primary data-preparation and visualization BI tool. This is the only AWS service accessed by end Business Users that need to view and run reports.

AWS Identity and Access Management (IAM)

IAM roles and policies are inherently required for correct and secure use of each of the above services (for example, execution roles and policies for Lambdas, Firehoses, EventBridge Rules, access to S3 and Glue).

AWS CloudFormation

The configuration and ongoing maintenance of each of the above AWS Service components is performed via a provided AWS CloudFormation Template that gets installed as a CloudFormation stack within the client's AWS Account.

Security and Access

AWS best-practices have been followed throughout the architecture and development of the Symbee Connect Business Intelligence (SCBI) solution.

In all cases, the solution is architected to always keep and leave customer's business data 100% within the customer's AWS Account, and to always store the data (at rest) encrypted, and access the data (in motion) via encrypted paths.

All front-end access by business users is made through Amazon QuickSight, and all security concerns in this regard are delegated to Amazon QuickSight. Refer to the AWS security in Amazon QuickSight section of the Amazon QuickSight documentation for more detailed information.

Additional security notes in context with Symbee Connect Business Intelligence (SCBI)

Single Sign-On (SSO)

As part of Amazon QuickSight's security model, Amazon QuickSight fully supports SAML Federated Single Sign-On (SSO) (among other options), for business user identity and authentication.

Limited AWS Console access

While the Symbee Connect Business Intelligence (SCBI) solution makes use of many AWS services beyond just Amazon QuickSight for the complete implementation (see previous section), 100% of the setup and configuration of all objects outside of Amazon QuickSight are performed (and maintained with later updates) via an AWS CloudFormation template.

While the administrator that deploys the CloudFormation will require a higher level of AWS Console administrative access to perform CloudFormation deploys and updates, the solution is designed such that zero AWS Console access is required by business users. All business user access is performed through the Amazon QuickSight console/portal.

Symbee Connect access into the customer AWS Account

When needed, any and all access by the Symbee Connect SaaS cloud into the customer's AWS account is 100% performed using AWS STS temporary, continuously rotated (never persisted) keys, and is governed and controlled via the SymbeeManagementRole IAM role in the customer's AWS account.