Hybrid Deployment

In a hybrid deployment, you harness the capabilities of our Cloud conversational engine while utilizing one or more DRUID-specific components to store all conversational data within your infrastructure.

Deployment Architecture

Below is a comprehensive recommended deployment architecture diagram, providing insight into the connections among various DRUID components and services installed on your premises, as well as internal and external resources and systems.

Each DRUID environment is hosted in an Azure Cloud data center located in a specific region, as follows:

DRUID Environment Azure Cloud Region
PROD EU West Europe
PROD US East US
PROD AU Australia East

DRUID provides SaaS from these Azure Cloud regions, with geo-redundant backup storage for added data protection.

For detailed low-level diagrams, please consult the specific ones provided below.

The figure below illustrates the high-level architecture of the hybrid deployment.

The figure below provides an overview of the main components of the DRUID platform from a deployment perspective..

The figure below outlines the logical structure and interactions among the deployed DRUID components.

The figure below describes the physical setup and hardware configurations of the DRUID deployment.

Understanding Data Flows in a DRUID Hybrid Deployment

Within a DRUID hybrid deployment, data flows dynamically through interactions among different components. This section outlines the primary data flows to facilitate your understanding of how information traverses within your system. Acquiring insight into these data flows is essential for upholding the integrity and security of your DRUID hybrid deployment.

Data Requests and Responses via Azure Service Bus

  • Data exchanges happen between the conversation engine and internal systems.
  • DRUID platform and Connector Host place messages into Azure Service Bus.
  • Messages are encrypted using AMQPS and/or HTTPS protocols to ensure secure transmission.
  • Data from connected apps is also included in these messages.

Interactions with Connected Apps

  • The system interacts with connected apps through ODBC or REST API calls.
  • These interactions are tailored to your specific implementation. For instance, in a Chatbot HR scenario, actions like reading employee files (e.g., badge, job title, department, vacation days) or saving vacation requests are examples of such interactions.

Utilization of DRUID APIs

DRUID APIs are accessed for triggering conversation flows and reading metadata, among other functionality.

Storage of Conversation History

Conversation messages are saved into the Conversation History database, which is hosted on your premises. This database preserves a record of interactions for future reference.

Chat Sessions Across Channels

Messages flow between the chatbot and end users across various communication channels.

Note:   In instances where sensitive data should not be shared within the conversation, the "Send Email" connector offers a solution. This connector enables the direct delivery of emails to users, bypassing the conversation interface.

Druid Components

DRUID AI Platform

The DRUID AI Platform is a cloud solution hosted on Microsoft Azure. It encompasses all the necessary components for setting up and operating chatbots. The platform operates on a multi-tenant deployment model managed by DRUID.

It uses the following frameworks:

  • Data access: Microsoft Entity Framework Core v 2.1.4
  • Web: Microsoft ASP .NET Core v.2.0

Druid Connector Host

The DRUID Connector Host is a Windows service facilitating integration between DRUID chatbots and on-premise applications, services, or databases. It becomes essential when chatbots require access to internal systems inaccessible directly from the internet. Typically, the DRUID Connector Host is deployed on a server within the demilitarized zone (DMZ).

DRUID Data Service

The DRUID DataService serves as DRUID's data storage solution, preserving DRUID entity records created and managed within the DRUID Platform. This storage simplifies record authoring for bot authors, who can use these records for Named Entity Recognition (NER) training and various other contexts.

DRUID Knowledgebase

The DRUID Knowledgebase serves as the primary engine for managing knowledge base-related requests, such as web crawling, document extraction, embedding, training, and prediction.

Web Channel

The web channel, comprising the DRUID Portal or local bot web pages, along with the DRUID Mobile app, communicates with the chatbots using the TCP/IP protocol.

Authentication

The DRUID AI Platform provides a robust set of authentication methods to ensure secure access to its features:

  • Local Authentication: You can connect to Druidplatform.com using user credentials (username and password) stored within the DRUID AI Platform. Users can be provisioned directly into the DRUID Portal, with security roles assigned to control access to specific functionality. For enhanced security, two-factor authentication can be enabled for provisioned users.
  • Single Sign-On (SSO): The platform supports integration with Active Directory for authentication and authorization purposes. You can host the chatbot on a website or intranet configured with Windows Authentication. Integration with internal solutions allows automatic provisioning of users and their associated roles.
  • User Authentication during Chat: Users interacting with the chatbot can be authenticated by asking specific questions and verifying the provided information with Druid backend systems. Authentication can also be extended to other channels such as Teams, Facebook, or WhatsApp when users initiate a conversation for the first time.
  • Channel-specific Authentication: Chatbots for internal use by employees typically utilize Active Directory integration, MS Teams, or Slack. For external users, including customers and partners, local Druid two-factor authentication is commonly employed.
Note:  When employing Active Directory Integration with Teams, Slack, or Facebook, it's important to note that no passwords are stored within the DRUID AI Platform. Instead, the authentication process is managed directly by the respective channels. The DRUID AI Platform retains only the user ID (account name from AD, etc.) for identification and authorization purposes.

By storing only the necessary user information and delegating authentication responsibilities to trusted channels, the DRUID platform ensures a secure and streamlined authentication experience for users across various communication channels.

Integrations

DRUID seamlessly integrates with a variety of systems, including Core Banking, CRM, ERP, BI, and HCM, through REST, SOAP, Web services, APIs, MQs, and SQL connections. If applications lack exposed interfaces, integration with RPA solutions like UiPath is also supported. For more information on DRUID integrations, see Integrations.

In UiPath integration scenarios, the UiPath orchestrator necessitates initiating a callback to the DRUID platform to trigger a chatbot conversation. The method for this callback varies depending on your deployment of the UiPath orchestrator, whether it's cloud-based or on-premise:

  • If your UiPath orchestrator is deployed in the cloud, the callback is directed to the DRUID Platform API at https://druidplatform.com/api.
  • For on-premise deployments of the UiPath orchestrator, the callback is directed to your local DRUID Connector deployment at http://<druid_connector_host>:12345/services.

By initiating these callbacks, the UiPath orchestrator seamlessly triggers chatbot conversations within the DRUID platform, facilitating efficient workflow automation.

Credentials Security

The DRUID platform manages two types of credentials to ensure secure access:

  • User Passwords
  • Integration Credentials (such as connection strings and API/SDK authentication credentials).

Within the DRUID Platform, local users are designated for Administrators, Bot Configurators, and End Users engaging with bots via the DRUID portal (https://<tenant>.druidplatform.com).

Note:  With Active Directory Integration, Teams, Slack, or Facebook, passwords are not stored within the DRUID AI Platform. For instance, in scenarios like Chatbot HR, passwords are not retained.

For Local Users, the DRUID AI Platform securely stores hashed passwords in its internal database. It's important to clarify that these passwords are specific to the DRUID platform and are distinct from Active Directory passwords or passwords used in other channels.

By adhering to these security measures, the DRUID AI Platform ensures the confidentiality and integrity of user credentials across various authentication scenarios.

Channels

Druid supports multi-channel deployment, enabling communication through diverse digital channels in multiple languages to cater to customer preferences.

  • External channels: Mobile App, Web, WhatsApp, Facebook Messenger etc.​
  • Internal channels: Microsoft Teams, Intranet, Slack.​

Cross-channel interaction is also available, expanding communication capabilities beyond the standard channels mentioned above.

Related Topics Link IconRelated Topics