MOBIRAN
·
Platform

Inside the platform.

The deep technical surface of MOBIRAN — how the platform is built, what it runs, how it is operated, how it is secured. Each AR product implements a verb in this model; this page makes the model itself explicit.

Architecture

Built like infrastructure.

Every AR data product is a Spring Boot service with a React control surface, a PostgreSQL state store and JWT-secured APIs. The architecture is the message: predictable, replaceable, auditable.

ecosystem flowmodel → move → stream → store → operate → govern
Model
ARCA
Move
ARFlow
Stream
ARStreams
Storecoming
ARLake
Operate
ARCloud
Governcoming
ARVault
control plane / data planeoperator → control → data
CONTROL PLANEDATA PLANEOperator consoleReact + WebSocketREST APIJWT-securedAudit trailappend-onlyIdentityJWTSourcePostgreSQLARStreamsCDC runtimeTargetPostgreSQLARLakelakehouse · coming
cap_01

Single control plane per product

REST and WebSocket APIs. No hidden agents. No proprietary RPC.

cap_02

PostgreSQL as state

Schema-versioned with Flyway. No NoSQL surprise. No vendor lock-in beyond Postgres itself.

cap_03

JWT identity end-to-end

One identity model across the platform. RBAC at API, tenant and resource scope.

cap_04

Deterministic deployment

JAR artefacts, systemd, optional containers. No mandatory orchestrator.

cap_05

Observability built in

Metrics, run history, audit logs. Surface the platform — do not hide it.

cap_06

Operator surface

Every product exposes a CLI surface and a control UI. Same primitives in both.

Operations

Run it like infrastructure.

Every AR product is shipped with the operational surface real platforms require — visible lifecycle, deterministic upgrades, audit by default, recoverable state.

  1. op_01

    Lifecycle management

    Provision, version, retire. Every product exposes its install / upgrade / decommission path. Operators own the schedule; the platform owns the safety.

  2. op_02

    Upgrades without surprise

    Flyway-versioned metadata schemas. Migrations roll forward; rollback paths documented. No silent in-place upgrade of state.

  3. op_03

    Disaster recovery

    PostgreSQL-resident state means standard backup, point-in-time recovery and replica patterns apply. ARStreams CDC fans out to a recovery target if you configure it.

  4. op_04

    Topology failover

    Active / passive control planes, multi-region target replicas, partition-tolerant streaming. Failover is a configuration, not a re-platforming project.

  5. op_05

    Operational workflows

    Every long-running operation is observable in the control plane — stream sync, ETL run, VM provisioning, alert triage. Stalls surface before disks fill.

  6. op_06

    Audit by default

    Every administrative action — config change, RBAC mutation, run trigger — lands in an append-only audit trail with operator, timestamp and target.

  7. op_07

    Deployment ownership

    Air-gap supported. No outbound telemetry. No SaaS dependency. Upgrades happen when your team decides — never on the vendor's calendar.

Enterprise solutions

Where MOBIRAN runs in production.

The platform is shaped by the workloads it has to carry — long-running, regulated, mission-critical. Not weekend projects.

workload_01

Banking core data

ACID replication, audit-grade lineage and regulator-ready isolation across PostgreSQL fleets.

workload_02

Government infrastructure

On-premise deployment, sovereign storage, role-based separation between operators and consumers.

workload_03

High-load analytics

Streaming ingestion into Apache Iceberg. Snapshot + incremental pipelines. No vendor cloud required.

workload_04

Import substitution

Replacement path for legacy commercial DBMS, ETL tools and CDC stacks — operated by the same team.

workload_05

Regulated SaaS providers

Multi-tenant by default. Compliance evidence built into the platform — not bolted on.

Security & sovereignty

Trust earned through architecture.

Security and sovereignty are platform properties, not features. They live in the deployment model, in the network surface, in the audit trail.

Data residency
Every byte stays where you put it. No cross-region replication unless you configured it.
Identity and RBAC
One identity model across products. Roles at platform, tenant and resource scope. Auditable, revocable.
Audit trail
Every administrative action recorded with operator, timestamp and target. Append-only by default.
Self-hosted deployment
Runs in your perimeter. No outbound telemetry. No SaaS dependency. Air-gap capable.
Deployment models

Run it where your data is allowed to live.

Three supported deployment shapes. All on the same artefacts. No edition split.

deployment topologyon-prem · private cloud · hybrid
ON-PREMISEPRIVATE CLOUDHYBRIDCONTROL PLANECo-locatedmobiran-c.service · nginxDATA PLANEAR productsPostgreSQL · JVM · React UITARGETCustomer DCCONTROL PLANECo-locatedmobiran-c.service · nginxDATA PLANEAR productsPostgreSQL · JVM · React UITARGETCustomer VPCCONTROL PLANEOn-prem controlmobiran-c.service · nginxDATA PLANEAR productsPostgreSQL · JVM · React UITARGETAnalytics zone
On-premisemode_01

Bare-metal or Proxmox VE. Systemd, JAR artefacts, PostgreSQL. Operated by your team.

  • Air-gap supported
  • No outbound calls
  • Operator-owned upgrades
Private cloudmode_02

Your VPC, your network. Optional container packaging. Same control plane, same APIs.

  • Container-friendly
  • Reverse-proxy ready
  • Identity federation supported
Hybridmode_03

Control plane on-premise, workloads where they need to be. ARStreams fan-out to a separate analytics zone.

  • Per-tenant placement
  • Cross-zone replication via ARStreams
  • Single audit surface
Governance & Control (coming)

ARVault joins as the governance layer over the ecosystem — metadata catalog, lineage, policy management, sensitive-data control. The platform model already accounts for its position; the implementation is on the roadmap.