Architecture Overview
This section is intended for IT teams and technical integrators working with the Point platform.
Platform Architecture
Point is a cloud-native platform built on Microsoft Azure. The architecture is designed for:
- Scalability — handles growing data volumes without performance degradation
- Reliability — high availability with automatic failover
- Security — enterprise-grade security with encryption at rest and in transit
- Extensibility — open APIs for integration with third-party systems
High-Level Architecture
┌─────────────────────────────────────────────────────────────┐
│ External Data Sources │
│ Banks │ Custodians │ Market Data │ Fund Administrators │
└────────────────────────┬────────────────────────────────────┘
│ Secure data feeds
┌────────────────────────▼────────────────────────────────────┐
│ Data Ingestion Layer │
│ Validation │ Transformation │ Normalisation │
└────────────────────────┬────────────────────────────────────┘
│
┌────────────────────────▼────────────────────────────────────┐
│ Investment Book of Record (IIBOR) │
│ Bi-temporal │ Versioned │ Audit-ready │
└────────────────────────┬────────────────────────────────────┘
│
┌────────────────────────▼────────────────────────────────────┐
│ Intelligence Engine │
│ Analytics │ Performance │ Attribution │ Risk │
└────────────────────────┬────────────────────────────────────┘
│
┌────────────────────────▼────────────────────────────────────┐
│ API Layer (REST) │
│ Authentication │ Rate Limiting │ Versioning │
└────────────────────────┬────────────────────────────────────┘
│
┌────────────────────────▼────────────────────────────────────┐
│ Presentation Layer │
│ Web Application │ Point AI │ Reporting Engine │
└─────────────────────────────────────────────────────────────┘
Azure Infrastructure
Point is deployed on Microsoft Azure and uses the following services:
| Azure Service | Purpose |
|---|---|
| Azure SQL Database | Primary relational data store (IIBOR) |
| Azure Blob Storage | Document and file storage |
| Azure Service Bus | Message queue for async processing |
| Azure Functions | Serverless compute for data processing |
| Azure App Service | Web application hosting |
| Azure API Management | API gateway and rate limiting |
| Azure Active Directory | Authentication and SSO |
| Azure Key Vault | Secrets and certificate management |
| Azure Monitor | Logging, monitoring, and alerting |
Data Security
| Security Control | Implementation |
|---|---|
| Encryption at Rest | AES-256 encryption for all stored data |
| Encryption in Transit | TLS 1.3 for all data in transit |
| Authentication | Azure AD with MFA support |
| Authorisation | Role-based access control (RBAC) |
| Audit Logging | All data access and changes are logged |
| Data Isolation | Each client's data is logically isolated |
| Penetration Testing | Annual third-party penetration testing |
| Compliance | SOC 2 Type II, ISO 27001 |
Data Residency
Point's Azure infrastructure is deployed in UK South (primary) with UK West as the disaster recovery region. All data remains within the United Kingdom.
For organisations requiring data residency in other regions, contact support@pointgroup.io.
Integration Patterns
Point supports several integration patterns for connecting external systems:
Inbound Data (into Point)
- Scheduled file drops — SFTP or Azure Blob Storage
- REST API — push data via Point's REST API
- Direct database connection — for on-premises systems (via VPN)
Outbound Data (from Point)
- REST API — pull data from Point's API
- Scheduled exports — automated file exports to SFTP or Blob Storage
- Webhooks — real-time event notifications
- Direct database access — read-only replica for BI tools (Power BI, Tableau)
See Data Integration for detailed integration guides.