REFERENCE ARCHITECTURE
Microservices on private Fabric
Multiple Compute services on an isolated Fabric network, public ingress via Gateway, per-service Datastores and Autoscale policies.
IntermediatePlan: Business+Resilience: multi-zona
Diagram
Use cases
- Order management
- Payment platform
- Modular SaaS backend
Components
| Layer | Role | Product |
|---|---|---|
| Perimeter | WAF and bot mitigation | Sentinel |
| Edge | API ingress and TLS | Gateway |
| Orchestration | BFF / API gateway service | Compute |
| Services | Domain microservices (private) | Compute + Fabric |
| Scaling | Per-service replica policies | Autoscale |
| Data | Database per service | Datastore |
| Operations | Distributed tracing | Insight |
Products
Fabric
View product docs →Compute
View product docs →Datastore
View product docs →Gateway
View product docs →Sentinel
View product docs →Autoscale
View product docs →Insight
View product docs →When to use
- Domain-driven teams owning independent release cycles.
- API gateways aggregating internal services.
- Payment, orders, or inventory as separate bounded contexts.
When to avoid
- Single monolith team under 5 engineers — operational overhead may exceed benefit.
- Strong cross-service transactions without saga/event design.
Design notes
Fabric isolation
All internal Compute instances attach to a private Fabric. Only Gateway exposes public ports.
Database per service
Each bounded context gets its own Datastore. Shared tables across services are an anti-pattern.
Independent scaling
Attach Autoscale to high-traffic Compute (gateway, read-heavy APIs) with metric: requests or cpu.
Blueprint
Use this JSON as a starting point when creating a project via the Tesserra API or console. Replace image URLs, domains, and resource references with your values.
json
{
"nome": "Acme Backend",
"modo": "avancado",
"resiliencia": "multi-zona",
"recursos": [
{
"tipo": "fabric",
"nome": "fabric-main",
"config": {
"cidr": "10.30.0.0/16",
"publica": true
}
},
{
"tipo": "compute",
"nome": "gateway-svc",
"config": {
"subtipo": "api",
"porta": 8080,
"replicas_min": 2
}
},
{
"tipo": "compute",
"nome": "orders-svc",
"config": {
"subtipo": "api",
"porta": 3000,
"replicas_min": 2
}
},
{
"tipo": "compute",
"nome": "payments-svc",
"config": {
"subtipo": "api",
"porta": 3000,
"replicas_min": 2
}
},
{
"tipo": "datastore",
"nome": "db-orders",
"config": {
"engine": "postgres",
"ha": false,
"tamanho_gb": 50
}
},
{
"tipo": "datastore",
"nome": "db-payments",
"config": {
"engine": "postgres",
"ha": true,
"tamanho_gb": 50
}
},
{
"tipo": "sentinel",
"nome": "edge-waf",
"config": {
"modo": "bloquear",
"alvo_recurso_id": "gateway-svc"
}
},
{
"tipo": "gateway",
"nome": "public-dns",
"config": {
"dominio": "api.acme.io",
"tls": true,
"alvo_recurso_id": "gateway-svc"
}
},
{
"tipo": "insight",
"nome": "platform-insight",
"config": {
"retencao_dias": 30,
"alertas": true
}
}
]
}Related
Event-driven integration
Asynchronous workflows with Conduit (Kafka), Lane (RabbitMQ), and Beacon (NATS) — decouple producers from consumers and scale workers independently.
Single-region web application
Production-ready pattern for SPAs, e-commerce, and public APIs — Compute, Datastore, Gateway, Sentinel, and Insight in one region.
Multi-region active-active
Compute replicas across continental Zones, Gateway geo-routing, asynchronous or synchronous Datastore replication — Business and Enterprise tiers.