Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  1. Fotoware Alto
    • End-User Manual
    • User Guides
    • Solutions
    • Terminology
    • API Changelog
  2. Fotoware Veloz
    • Managing users and groups
    • Configuring archives
    • Configuring workflows
    • Configuring site behavior
    • Navigating and searching to find your assets
    • Working with your assets
    • Editing asset metadata
    • Uploading files
    • Version Control in Fotoware
    • Albums - Creating and sharing collections
    • Placing assets in a CMS
    • Working with the Fotoware Pro interface
    • Using the Fotoware plugins
    • Consent management
    • User guide to FotoWeb for iPad (Legacy)
    • Picture conferencing with FotoWeb Screens (Legacy)
    • What's what in Fotoware
    • GDPR
    • Fotoware Veloz releases
    • Activity Exports
    • Example workflows
  3. Fotostation
    • Getting started with Fotostation
    • Viewing, selecting and sorting files
    • Managing your assets with archives
    • Adding metadata to assets
    • Searching for assets
    • Working with your assets
    • Version Control in Fotostation
    • Automating tasks with Actions
    • Configuring metadata fields and editors
    • Configuring Fotostation
    • Configuring Fotostation for multi-user environments
    • Troubleshooting Fotostation
  4. Fotoware Flow
    • What is Flow?
    • Getting started
    • Flow dictionary
  5. Fotoware On-Premises
    • Getting started
    • Index Manager
    • FotoWeb
    • Color Factory
    • Connect
    • Operations Center Guide
  6. Integrations and APIs (Fotoware Veloz & On-Premises)
    • The Fotoware API
    • Creating integrations using embeddable widgets
    • Authorizing applications using OAuth
    • Auto-tagging
    • FotoWeb Drag and Drop export
    • Integration using webhooks
    • Optimizely and Episerver plugin documentation
    • User Interface Integrations
  7. Fotoware Mobile
    • User guide for Fotoware Mobile for iPhone and Android
    • User guide to FotoWeb for iPad (Legacy)
    • User guide to FotoWeb for iPhone and Android (Legacy)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

Support

Table of Contents

Flow: Architecture and security overview Introduction Summary High-level architecture Azure-hosted Multitenancy Integration with Fotoware SaaS Stateless, microservices approach Data flow summary Asset ingestion Event triggers and workflows Processing and results Web client Hosting architecture, availability zones, data location, and backup Azure regions and Availability Zones Data location Data backups and retention Security measures Isolation and segregation Encryption Authentication and authorization Secure development and deployment Monitoring and incident response Availability and reliability Scalable cloud services Redundancy Zero‐downtime deployments Release and update strategy Continuous delivery Feature flags Environment tiers
  • Home
  • Flow
  • What is Flow?

Architecture and security overview

19. June 2025

Elaine Foley

Table of Contents

Flow: Architecture and security overview Introduction Summary High-level architecture Azure-hosted Multitenancy Integration with Fotoware SaaS Stateless, microservices approach Data flow summary Asset ingestion Event triggers and workflows Processing and results Web client Hosting architecture, availability zones, data location, and backup Azure regions and Availability Zones Data location Data backups and retention Security measures Isolation and segregation Encryption Authentication and authorization Secure development and deployment Monitoring and incident response Availability and reliability Scalable cloud services Redundancy Zero‐downtime deployments Release and update strategy Continuous delivery Feature flags Environment tiers

Flow: Architecture and security overview 

Introduction 

Flow is Fotoware’s next‐generation, cloud‐native, workflow and automation engine, built to replace and extend the capabilities of our older on‐premises Color Factory product. Where Color Factory relied on Windows servers and folder‐based processing, Flow leverages modern Microsoft Azure services and multi-tenantdesign to handle high volumes of assets with efficiency, scalability, and faster release cycles.

Summary

Flow’s modern, Azure‐based architecture provides:

  • High Availability & Reliability: Redundant zones, geo‐replication, and automated failover.
  • Performance & Scalability: Microservices and serverless functions adapt to workload fluctuations.
  • Security & Compliance: Built‐in encryption, role‐based access, and secure development practices.
  • Rapid Innovation: Frequent releases, feature flags, and automated testing.

High-level architecture 

Azure-hosted 

Flow runs in Microsoft Azure, using as main components:

  • Azure Kubernetes Service (AKS) for APIs and core services.
  • Azure Functions for event‐driven tasks, orchestrations, and custom logic.
  • Azure Storage for asset storage.
  • Azure SQL Database for configurations and internal logs. 

Multitenancy 

Flow is designed to serve multiple tenants (customers) from a shared set of Azure resources, with strict logical isolation of data and configurations per tenant.

Integration with Fotoware SaaS 

Flow relies on SaaS for backend services and FotoWeb for user identity. Flow reuses FotoWeb accounts (plus new Flow‐specific roles/permissions) to manage authentication and authorization.

Stateless, microservices approach 

Flow services are containerized or run as serverless functions, allowing horizontal scaling and more granular deployments.

Data flow summary 

Asset ingestion 

Assets arrive from FTP servers hosted in Azure and are placed into Azure Storage containers. Flow can also operate on assets already ingested into the system by other means, such as Fotoware or Fotostation UI.

Event triggers and workflows 

Flow can be notified of new or changed assets with the use of an eventing system. Flow can then start the relevant workflow (for example, editing metadata, moving to another pool, or deleting assets).

Processing and results 

The processing functions carry out tasks on the assets (for example, metadata edits or transformations). The assets can then be forwarded to external systems, saved back after modification, or moved.

Web client 

A secure, browser‐based UI provides user access to configure workflows, view logs, and manage Flow according to role‐based permissions. Authentication is delegated to FotoWeb’s identity service.

Hosting architecture, availability zones, data location, and backup 

Azure regions and Availability Zones 

  • Flow is deployed in one or more Microsoft Azure regions, each withmultiple Availability Zones.
  • Azure Availability Zones are physically separate data centers within the same region, providing fault tolerance if a single data center experiences downtime.
  • Core services, such as Azure SQL Database and Azure Storage, run in a zone‐redundant configuration. This means that if one zone becomes unavailable, the system remains operational in other zones.

Data location 

  • Customer data (assets and workflow configurations) is stored in the Azure region selected for the Flow service.
  • We can accommodate data residency preferences (for example, storing data in a specific region) based on customer requirements and available Azure regions.

Data backups and retention 

  • Automated backups: Flow’s primary data stores (Azure SQL, Azure Storage) are regularly backed up by Azure’s built‐in backup processes. These backups are stored redundantly and retained for a defined period, allowing for point‐in‐time recovery.
  • Geo‐redundant storage (optional): By default, Azure Storage and Azure SQL Databases replicate data across geographically paired regions. This helps safeguard against region‐wide outages and supports faster disaster recovery scenarios.
  • Disaster recovery planning: We periodically test restore procedures and backup integrity, ensuring that Flow can be recovered swiftly in case of unexpected incidents.

Security measures 

Isolation and segregation 

  • Each tenant’s data is logically isolated, with network and application‐level controls ensuring no cross‐tenant data exposure.
  • Azure resource grouping and private network configurations minimize the risk of unauthorized access.

Encryption 

  • Data in Transit: All external access requires TLS (HTTPS). Internal service‐to‐service communication also uses TLS where possible.
  • Data at Rest: Azure Storage and Azure SQL encrypt data automatically with AES‐256.

Authentication and authorization 

  • Single sign‐on (SSO): Flow delegates login to FotoWeb, which stores user identities and credentials.
  • Role‐based access control: Flow defines roles (View, Manage) that govern who can view and modify workflows.

Secure development and deployment 

  • Infrastructure as Code: We define our environment (container resources, functions, networks) programmatically, reducing configuration drift.
  • Automated CI/CD: Code goes through static analysis, security scans, and automated tests before deployment.
  • Regular Patching: Azure resources and Flow container images are updated promptly with security fixes.

Monitoring and incident response 

  • Monitoring service: Collects logs, metrics, and error traces in real time.
  • 24/7 alerting: Automated alerts for key metrics (error rates, resource usage).
  • Audit logging: Critical configuration changes are tracked, aiding compliance and forensics.

Availability and reliability 

Scalable cloud services 

Azure Functions and container orchestration allow Flow to scale dynamically to handle high loads with minimal downtime.

Redundancy 

  • Multiple Availability Zones: If one data center zone fails, the system remains available in another.
  • Geo‐redundancy: Azure replicates data across regions, so a major incident in one region will not automatically result in data loss.

Zero‐downtime deployments 

Flow uses rolling updates to minimize interruption, employing multi‐stage pipelines and feature flags for safe feature rollouts.

Release and update strategy 

Continuous delivery 

Flow is developed in short cycles, with small, frequent releases.

Feature flags 

New functionality can be toggled on/off, enabling phased rollouts and quick rollbacks if necessary.

Environment tiers 

We maintain Development, Staging, and Production environments, ensuring all new changes are tested before release.

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Configuring FotoStation to download QuickList metadata from a database
  • How to separate metadata entries that are added from a hierarchical QuickList
  • Enabling a QuickList for a field in a custom metadata editor
eco-lighthouse-miljøfyrtårn

Company

  • About us
  • Resellers
  • Careers
  • Contact us

Help & support

  • Support center
  • Consultancy
  • Tech partners
  • Fotostation
  • System status

Trust Center

  • Legal
  • Security
  • Sustainability & ESG

Locations

Fotoware AS (HQ)
Tollbugata 35
0157 OSLO
Norway
FotoWare Switzerland AG
Industriestrasse 25
5033 Buchs (AG)
Switzerland

Copyright 2025 Fotoware All rights reserved.

  • Terms of service
  • Privacy policy
  • Cookie policy

Knowledge Base Software powered by Helpjuice

Expand