← ashish.cloud BoardRoom — Technical Architecture v2.0 ⬇ Download
⚡ Enterprise Board Meeting Platform

BoardRoom
Technical Architecture

A cloud-native, microservices-based board meeting management platform deployed on Microsoft Azure with enterprise-grade security, SSO, and CI/CD automation.

6
Microservices
6
CI/CD Pipelines
4
MySQL Databases
8
Pages & Modules
SSL + Custom Domain
Infrastructure

System Architecture

All resources deployed on Microsoft Azure Southeast Asia region under resource group rg-boardmeeting-demo.

User Browser
www.boardroomapp.in
Frontend (React)
Nginx Proxy
Microservices
MySQL + Blob
Azure Web Apps (App Service Plan B1)
webapp-boardmeeting-frontendReact 18 + Nginx
webapp-boardmeeting-proxyNginx Reverse Proxy
webapp-boardmeeting-authNode.js JWT + SSO
webapp-boardmeeting-meetingNode.js Meetings API
webapp-boardmeeting-docsNode.js Documents API
webapp-boardmeeting-actionNode.js Votes/Tasks API
Data & Storage
mysql-boardmeeting-demoMySQL 8.0 · B1ms
auth_dbusers, refresh_tokens
meeting_dbmeetings, agenda, attendees, minutes
docs_dbdocuments, document_versions
action_dbvotes, action_items, audit_log
stboardmeetingdemoAzure Blob Storage
Supporting Resources
kv-boardmeeting-demoKey Vault · 8 secrets
acrboardmeetingdemoContainer Registry
Microsoft Entra IDSSO Provider ✨ New
GoDaddy DNSboardroomapp.in · CNAME
SSL CertificatePFX · Auto-renewed
Demo Data
6 Board Meetings2 completed · 2 published · 2 draft
14 Agenda ItemsAcross all meetings
10 Action ItemsVarious statuses
3 Votes2 closed · 1 open
5 Board DocumentsUploaded to Azure Blob
Capabilities

Platform Features

Eight fully functional modules covering the complete board meeting lifecycle.

🔐
Authentication & SSO
Email/password login with JWT tokens plus Microsoft Entra ID SSO with MFA support. Role-based access control across all modules.
✨ SSO Added
📅
Meeting Management
Create, publish and manage board meetings with scheduling, location, virtual links, quorum tracking, and status workflows.
Live
📋
Agenda Builder
Structured agenda items with durations, ordering, status tracking, and linkage to documents and votes.
Live
📄
Document Management
Upload and manage board documents with Azure Blob Storage. Version control, meeting linkage, and secure file access.
Live
🗳️
Voting System
Open and close votes on agenda items. Cast responses, track results in real-time, and maintain full vote history.
Live
Action Items
Assign tasks to board members with due dates, priorities, and status tracking. Personal task view for each member.
Live
📝
Meeting Minutes
Record, edit, and approve meeting minutes with full history. Minutes linked to specific meetings for easy retrieval.
Live
🔍
Audit Log
Complete audit trail of all user actions with timestamps, IP addresses, entity types, and detailed action records.
Live
👥
Attendee Management
Add and manage meeting attendees with roles (chair, secretary, member). Track RSVP status for quorum management.
Live
Security

Security Architecture

Enterprise-grade security across all layers of the platform.

🔐 Microsoft Entra ID SSO NEW
Single Sign-On via Microsoft Entra ID (Azure AD)
Multi-Factor Authentication (Microsoft Authenticator)
Pre-registered users only — unknown emails blocked
MSAL Node.js library for secure token exchange
JWT issued after SSO — same session flow as password login
Entra credentials stored in Azure Key Vault
🛡️ Authentication & Authorisation
JWT access tokens (8h expiry) + refresh tokens (7d)
bcrypt password hashing with salt rounds
Role-based access — admin, secretary, member
Token refresh flow with rotation
Rate limiting on all auth endpoints (100 req/15min)
🔒 Transport & Network
HTTPS enforced via PFX certificate on custom domain
SSL termination at Azure Web App layer
CORS configured on all backend services
Helmet.js security headers on all Node.js services
Azure DNS resolver (168.63.129.16) for internal routing
🗝️ Secrets Management
Azure Key Vault with 8 production secrets
Key Vault references in App Service settings
Managed Identity for Key Vault access
No secrets in codebase or pipelines
Container Registry with admin credentials in Key Vault
DevOps

CI/CD Pipelines

6 independent Azure DevOps pipelines — each service deploys autonomously on code push.

Auth Service — Deploy
/services/auth/azure-pipelines-auth.yml · Triggers on: services/auth/**
All Green
Meeting Service — Deploy
/services/meeting/azure-pipelines-meeting.yml · Triggers on: services/meeting/**
All Green
Document Service — Deploy
/services/docs/azure-pipelines-docs.yml · Triggers on: services/docs/**
All Green
Action Service — Deploy
/services/action/azure-pipelines-action.yml · Triggers on: services/action/**
All Green
Proxy Service — Deploy
/services/proxy/azure-pipelines-proxy.yml · Triggers on: services/proxy/**
All Green
Frontend — Deploy
/frontend/azure-pipelines-frontend.yml · Triggers on: frontend/**
All Green
Pipeline Flow
Code Push
ADO Trigger
Docker Build
Push to ACR
Deploy to App Service
Smoke Test ✓
Roadmap

Pending Features

Planned enhancements ordered by priority.

🔴 Critical
Entra ID SSO
Always On (all Web Apps)
🔒Private Blob + SAS Tokens
🛠️Admin Panel — Phase 1
🔵 High Priority
📧MFA Email OTP
✉️Email Notifications
💧Document Watermarking
📦Data Export & Backup
📊Application Insights
🌐White-label Domain
🛠️Admin Panel — Phase 2
🟣 Medium Priority
👁️In-app Document Viewer
🗄️Year-wise Data Archiving
✍️Digital Signatures
📜Compliance Reports
Real-time Notifications
📝Rich Text Editor (Minutes)
📅Calendar Integration
🔍Global Search
Coming Soon

Admin Panel — Planned Features

A comprehensive administration layer for enterprise governance, policy control, and platform management. Planned in 2 phases.

Phase 1 — Core Admin
Critical
User Management — Add, invite, disable, delete users; manage teams, departments, guest users
Role-Based Access (RBAC) — Super Admin, Org Admin, Meeting Host, Moderator, Compliance Viewer
Custom Roles — Create roles like "Joint Secretary" with granular permission checkboxes
Meeting Management — Create, edit, reschedule, cancel; view upcoming and past meetings
Meeting Policies — Recording on/off, attendance tracking, waiting room, screen share, chat defaults
Security Controls — SSO config, MFA policy, password rules, IP restrictions, session timeout
Audit Logs — Who changed what, login history, policy changes, forensic records
Phase 2 — Enterprise Controls
High Priority
Analytics Dashboard — Active users, meeting hours, no-show rate, recording usage, peak times
Content & Storage Control — Recordings, transcripts, chat history, retention settings, download permissions
Template & Policy Automation — Default rules by team, department, or meeting type (board, interview, webinar)
Integration Settings — Calendar sync, Slack/Teams/email notifications, CRM/HRMS connectors, webhooks, API keys
Branding & Workspace — Logo, email templates, custom domain, white-label, meeting invite templates
Support Tools — Admin impersonation with logging, meeting diagnostics, session troubleshooting
Export & Compliance — User/meeting export, legal hold, retention exceptions, approval workflows
🎭 Custom Role System
Beyond pre-defined roles, admins will be able to create fully custom roles with granular permissions — for example "Joint Secretary" with access to minutes and agenda but not user management.
👤 Super Admin
Full platform access
🏢 Org Admin
Organisation-level control
📋 Secretary
Minutes, agenda, docs
✨ Custom Role
Admin-defined permissions
Future Architecture

Multi-cloud & On-premise Deployment

BoardRoom is fully containerised with Docker — making it portable across any cloud or on-premise infrastructure. Only the surrounding infrastructure needs to change, not the application code.

☁️
Model 1 — BoardRoom Cloud
You host on Azure. Client accesses via browser. Monthly SaaS fee per tenant.
Current Model
🏗️
Model 2 — Client Cloud
Client hosts on their AWS/GCP/Azure. You provide Docker images + setup guide. One-time setup fee + annual support.
Planned
🏢
Model 3 — On-premise
Client runs on their own servers. You provide docker-compose.yml + documentation. Higher one-time fee + premium support.
Planned
Infrastructure Compatibility Matrix
Component Microsoft Azure AWS Google Cloud On-Premise
App Hosting Azure App Service ECS / EKS Cloud Run / GKE Docker / K8s
Database Azure MySQL RDS MySQL Cloud SQL MySQL on VM
File Storage Azure Blob S3 GCS MinIO
Secrets Key Vault Secrets Manager Secret Manager HashiCorp Vault
SSO Entra ID ✨ Cognito Firebase Auth Keycloak
Container Registry ACR ECR GCR Harbor
CI/CD Azure DevOps CodePipeline Cloud Build Jenkins / GitLab
🔧 What needs to be built
Storage Abstraction Layer — Single interface for Azure Blob, S3, GCS, MinIO
SSO Provider Abstraction — Support Entra ID, Keycloak, Cognito, or none
docker-compose.yml — Full stack for on-premise deployment
Environment Config Templates — Per-cloud .env templates
Deployment Documentation — Step-by-step guide per cloud
✅ Already portable (no changes needed)
All 4 Node.js services — Pure Node.js, runs anywhere
React frontend — Static build, runs on any Nginx
MySQL schema — Standard MySQL 8.0, cloud-agnostic
Docker images — Already containerised, runs anywhere
Nginx proxy — Standard Nginx config
Demo Access

Login Credentials

Use the following credentials to explore the platform. All accounts use password: password

Live URL
https://www.boardroomapp.in
● LIVE
Admin
Ashish Dholakiya
Email
admin@boardmeeting.demo
Password
password
Access
Full access — all modules
Secretary
Priya Sharma
Email
secretary@boardmeeting.demo
Password
password
Access
Minutes, agenda, documents
Member
Rahul Mehta
Email
member@boardmeeting.demo
Password
password
Access
View, vote, action items
Member
Sneha Patel
Email
sneha@boardmeeting.demo
Password
password
Access
View, vote, action items
Member
Vikram Joshi
Email
vikram@boardmeeting.demo
Password
password
Access
View, vote, action items
🔐 Microsoft Entra ID SSO Accounts NEW
These accounts support "Sign in with Microsoft" on the login page. Microsoft Authenticator MFA is required on first login.
💡 Demo Tips: Login as admin@boardmeeting.demo for the best overview. Use Incognito mode to avoid browser extension interference. The "Sign in with Microsoft" button uses Entra ID SSO with MFA.
🔒 CONFIDENTIAL — BoardRoom Enterprise Platform