Deployment Overview
Smartflow deploys as an isolated, edge instance within your bank's environment. No document data leaves your infrastructure.
Deployment Model
Smartflow supports two deployment models:
| Model | Description | Best For |
|---|---|---|
| Azure Private Cloud | Deployed in the bank's Azure subscription | Banks with existing Azure presence |
| On-Premise / Edge | Deployed on bank-managed infrastructure | Banks with strict no-cloud policies |
Both models guarantee complete data isolation: each institution gets a dedicated instance with no shared infrastructure or cross-bank data commingling.
What the Bank Provides
| Component | Azure Deployment | On-Premise Deployment |
|---|---|---|
| Compute | Azure subscription with resource group | VMs or Kubernetes cluster (see sizing below) |
| Networking | VNet with private endpoints | Internal network with egress to Smartflow licensing service |
| Storage | Azure Blob Storage (bank-managed) | NFS or object storage |
| Identity | Azure AD or SAML/OIDC IdP | SAML/OIDC IdP |
| TLS Certificates | Bank-managed or via Azure Key Vault | Bank-managed |
What Smartflow Provisions
| Component | Description |
|---|---|
| Application containers | Smartflow platform services (extraction, Q&A, monitoring) |
| AI models | Loan-specific extraction and NLP models, deployed within the instance |
| Configuration | Tenant configuration, field mappings, workflow rules |
| Monitoring agent | Health checks and telemetry (anonymised, no document data) |
Architecture Overview
┌─────────────────────────────────────────────────────┐
│ Bank Environment │
│ │
│ ┌──────────┐ ┌──────────────┐ ┌──────────────┐│
│ │ Users │──▶│ Load Balancer │──▶│ Smartflow ││
│ │ (Browser) │ │ (TLS term.) │ │ Application ││
│ └──────────┘ └──────────────┘ │ Services ││
│ │ ││
│ │ ┌──────────┐ ││
│ │ │ AI Models│ ││
│ │ └──────────┘ ││
│ └──────┬───────┘│
│ │ │
│ ┌─────────────────┼────┐ │
│ │ Data Layer │ │ │
│ │ ┌────────┐ ┌────┴──┐ │ │
│ │ │Database│ │Storage│ │ │
│ │ └────────┘ └───────┘ │ │
│ └──────────────────────┘ │
│ │
│ ┌──────────┐ ┌────────────┐ │
│ │ Identity │ │ LoanIQ │ │
│ │ Provider │ │ (optional) │ │
│ └──────────┘ └────────────┘ │
└─────────────────────────────────────────────────────┘
Network Requirements
| Direction | Source | Destination | Port | Purpose |
|---|---|---|---|---|
| Inbound | User browsers | Smartflow LB | 443 (HTTPS) | Application access |
| Inbound | Identity Provider | Smartflow | 443 | SSO callbacks |
| Outbound | Smartflow | LoanIQ middleware | Configurable | Data export |
| Outbound | Smartflow | Licensing service | 443 | License validation (heartbeat only, no data) |
warning
No outbound connections carry document data. The only outbound traffic is licensing heartbeats and optional anonymised telemetry.
Sizing Guidelines
info
Detailed sizing will be determined during the scoping session. The following are minimum recommendations.
| Component | Minimum (pilot) | Recommended (production) |
|---|---|---|
| CPU | 8 vCPUs | 16 vCPUs |
| Memory | 32 GB | 64 GB |
| Storage | 500 GB SSD | 2 TB SSD |
| GPU | Optional (improves extraction speed) | 1× NVIDIA T4 or equivalent |