High Level Architecture
The architecture of Symbee Connect Business Intelligence (SCBI) has been designed to provide an easy to install, complete end-to-end Business Intelligence solution for the Contact Center that is cost optimized for both small and large enterprises, is 100% AWS Serverless, and keeps customer data secure in the customer AWS account.
The customer no longer has to support updates/upgrades, costly time-consuming dev-ops processes to keep the solution up to date, and does not have to become an AWS data-science expert to use the solution.
The customer can use the Symbee Connect Business Intelligence (SCBI) solution with Amazon QuickSight to provide Contact Center reporting (real-time and historical), integrated data insights, predictive analytics and Generative AI capabilities during creation of dashboards.
The following two architecture diagrams provide a high-level overview of components and data flow within the Symbee Connect Business Intelligence (SCBI) solution. The complete set up and ongoing maintenance of everything depicted in the following views is provided though:
- Symbee Connect SaaS components provided through the Symbee Connect cloud
- A Symbee Connect Business Intelligence (SCBI) AWS CloudFormation template to set up and maintain all the components that reside in your AWS Account (to achieve the goal of keeping customer data secure and in the customer's AWS account). This CloudFormation template is enhanced and updated on a continuous dev-ops cycle with the latest always being able to be downloaded from the customer Symbee Connect Administration Portal. All updates will remain backwards compatible, such that the only step required to remain current is downloading the latest version and performing a "CloudFormation Update" to your currently deployed stack.
- A managed set of predefined Amazon QuickSight Datasets and Dashboards that provide an out-the-box set of Contact Center reports you can begin using as soon as your deployment is complete. These are available and deployed from a screen in your Symbee Connect Administration Portal and are enhanced and updated on a continuous dev-ops cycle.
Live Data Capture and Visualization
Real-time Data Capture and Visualization
AWS Services Used
In the case of compliance and governance requirements, the following lists all the AWS Services utilized in the customers AWS account, and a summary description of the service's use and purpose in the context of the Business Intelligence solution (SCBI):
Amazon Kinesis (Firehoses)
Kinesis Firehoses are used to capture live data off Amazon Connect and Symbee Connect Kinesis Streams, transform and store the data into the Business Intelligence S3 Bucket. Firehoses are also used to storing Contact Lens data, Product Name Evaluation data, and for the one-time migration of Historical Data into the Business Intelligence solution.
Two S3 Buckets are provisioned and used. One to hold the transformed and curated data received from Amazon Firehose - this is the source data for use by Amazon QuickSight. A second S3 bucket is used for temporary storage of Amazon Athena result-sets (data is only kept for 7 days in this bucket, and then deleted).
Lambda Functions are used in various places within the solution, as required:
- Lambda functions are used by Firehose during data transformation before the data is stored in S3
- Lambda functions are used for the continuous collection and storage of Realtime data into S3
- Lambda functions are used for scheduled population of Athena reference tables
- Lambda functions are used to control and managed the one-time Historical Data Migration process
EventBridge Rules are used to instigate the above referenced Lambda's, on either regular chronological intervals, or based on events indicating arrival of new data to be collected into the BI S3 bucket.
AWS Systems Manager
Parameter Store, a capability of AWS Systems Manager, is used during Historical Data migration, to track the current state of migration for each type of data being migrated.
AWS Glue is used to define the database and table structures used when the data is stored in S3 (in Parquet format).
Athena is by Amazon QuickSight for the primary SQL-based access of the data collected in S3.
Amazon QuickSight is used by the Symbee Connect Business Intelligence solution as the primary data-preparation and visualization BI tool. This is the only AWS service accessed by end Business Users that need to view and run reports.
AWS Identity and Access Management (IAM)
IAM roles and policies are inherently required for correct and secure use of each of the above services (for example, execution roles and policies for Lambdas, Firehoses, EventBridge Rules, access to S3 and Glue).
The configuration and ongoing maintenance of each of the above AWS Service components is performed via a provided AWS CloudFormation Template that gets installed as a CloudFormation stack within the client's AWS Account.
Security and Access
AWS best-practices have been followed throughout the architecture and development of the Symbee Connect Business Intelligence (SCBI) solution.
In all cases, the solution is architected to always keep and leave customer's business data 100% within the customer's AWS Account, and to always store the data (at rest) encrypted, and access the data (in motion) via encrypted paths.
All front-end access by business users is made through Amazon QuickSight, and all security concerns in this regard are delegated to Amazon QuickSight. Refer to the AWS security in Amazon QuickSight section of the Amazon QuickSight documentation for more detailed information.
Additional security notes in context with Symbee Connect Business Intelligence (SCBI)
Single Sign-On (SSO)
As part of Amazon QuickSight's security model, Amazon QuickSight fully supports SAML Federated Single Sign-On (SSO) (among other options), for business user identity and authentication.
Limited AWS Console access
While the Symbee Connect Business Intelligence (SCBI) solution makes use of many AWS services beyond just Amazon QuickSight for the complete implementation (see previous section), 100% of the setup and configuration of all objects outside of Amazon QuickSight are performed (and maintained with later updates) via an AWS CloudFormation template.
While the administrator that deploys the CloudFormation will require a higher level of AWS Console administrative access to perform CloudFormation deploys and updates, the solution is designed such that zero AWS Console access is required by business users. All business user access is performed through the Amazon QuickSight console/portal.
Symbee Connect access into the customer AWS Account
When needed, any and all access by the Symbee Connect SaaS cloud into the customer's AWS account is 100% performed using AWS STS temporary, continuously rotated (never persisted) keys, and is governed and controlled via the SymbeeManagementRole IAM role in the customer's AWS account.