R.Design System Architecture Overview (For Enterprise Customers)
This document explains the system configuration of R.Design and the roles of various cloud services used.
Target Audience: Sales Representatives, Technical Sales, IT/Security Departments of Enterprise Customers
This document serves as reference material when explaining the R.Design system architecture to Enterprise customers.
Note on Document Creation
This document contains items marked with [to check]. These are inferred from source information and require verification of actual specifications.
System Architecture Diagram
R.Design is built on an architecture that combines multiple cloud services.
Roles of Major Components
1. Salesforce (SaaS) - Customer Management Infrastructure
Role: CRM/Customer Information Management, Contract Management, Support Ticket Management
- Centralized management of R.Design customer information (company info, contract plans, license info) in Salesforce
- Storage of support inquiry history
- Recording of sales activities and pipeline management
Explanation Point for Enterprise Customers (Draft): “Your contract information and inquiry history are managed in Salesforce, an enterprise-grade CRM. Salesforce holds certifications such as ISO 27001 and SOC 2 Type II, providing financial-institution-level security.”
Verify specific certification status of Salesforce.
2. Heroku (PaaS) - Application Execution Platform
Role: Backend API execution environment, database management
2-1. Heroku Postgres (RDBMS)
- Stores user data, room design data, asset information, etc.
- [to check] Automated backups (verify frequency/retention period)
- [to check] Verify existence/specification of failover support
2-2. Heroku Redis (Key-Value Store)
Verify specific usage of Heroku Redis:
- Is it used for session management?
- Is it used for API response caching?
- Is it used for real-time communication (Pub/Sub)?
Explanation Point for Enterprise Customers:
“Heroku is a PaaS platform under Salesforce, enabling automatic scaling and high availability. [to check: Backup frequency/Failover specs]“
3. AWS (Amazon Web Services) - Computing & Storage Infrastructure
3-1. ALB (Application Load Balancer)
- Traffic distribution
- Health checks and auto-recovery
- SSL/TLS termination
3-2. ECS (Elastic Container Service) / EC2
- Execution environment for R.Design application (made with Unreal Engine)
- Auto-scaling support
- [to check] Verify use of GPU instances (for high-quality rendering)
3-3. S3 (Simple Storage Service)
- Storage of user-uploaded images/3D models
- Storage of rendering results (images/videos)
- Prevention of accidental deletion via versioning
Explanation Point for Enterprise Customers (Draft): “AWS is the world’s largest cloud provider, offering [99.99% availability SLA]. Your data is stored encrypted in S3 and automatically replicated across multiple data centers.”
Verify actual SLA contract details.
4. Cloudflare (CDN) - Content Delivery & Security
Role:
- High-speed content delivery via global CDN
- Protection from DDoS attacks
- WAF (Web Application Firewall)
- Automatic management of SSL/TLS certificates
Explanation Point for Enterprise Customers:
“Cloudflare has edge servers worldwide, and access from within Japan is delivered from servers in Japan. It automatically blocks DDoS attacks and unauthorized access, maintaining service stability.”
5. Cloudinary (CDN) - Image & Video Delivery Optimization
Role:
- Automatic optimization of images/videos (format conversion, resizing)
- Responsive delivery (optimal size per device)
- High-speed delivery (Global CDN)
Explanation Point for Enterprise Customers:
“Cloudinary is a CDN specialized in image and video delivery, delivering in the optimal format and resolution according to device and network conditions. This ensures comfortable usage even in mobile environments.”
6. Keycloak (IdP Service) - Authentication & Access Control
Role:
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- SAML/OpenID Connect support
- Role-Based Access Control (RBAC)
Explanation Point for Enterprise Customers:
“Keycloak is an open-source enterprise authentication infrastructure. It can integrate with your existing Active Directory or Azure AD via SAML/OpenID Connect to realize Single Sign-On (SSO).”
Enterprise SSO Integration [to check: Implementation Status]
The Enterprise plan allows SSO integration with your existing authentication infrastructure (Active Directory, Azure AD, Okta, etc.). This centralizes account management for employee onboarding and offboarding.
Verify SSO integration implementation status and supported IdP types.
7. SendGrid (SMTP Service) - Email Delivery
Role:
- Transactional email delivery (registration confirmation, password reset, etc.)
- Notification emails (rendering completion, sharing invitations, etc.)
- Delivery log management
Explanation Point for Enterprise Customers (Draft): “SendGrid is an enterprise email delivery service under Twilio, boasting a [99.95% delivery success rate]. It supports SPF/DKIM/DMARC, minimizing the risk of emails being sorted into spam folders.”
Verify delivery success rate figures.
8. WordPress / Magento (CMS) - Corporate & EC Sites
Role:
- WordPress: Corporate site, blog, product information pages
- Magento: EC site for furniture manufacturers (linked with Pro for Brand plan)
Explanation Point for Enterprise Customers:
“The corporate site is built on WordPress and the EC site on Magento, separated from the main R.Design application. This ensures that marketing initiatives and content updates do not affect app stability.”
Data Flow
When a User Creates/Saves a Room
- Client → Cloudflare → ALB → ECS/EC2
- ECS/EC2 → Keycloak (Authentication check)
- ECS/EC2 → Heroku Postgres (Save room data)
- ECS/EC2 → S3 (Save 3D models/textures)
- ECS/EC2 → Salesforce (Record usage)
When a User Renders an Image
- Client → Cloudflare → ALB → ECS [to check: GPU instance usage]
- ECS → S3 (Retrieve scene data)
- ECS → S3 (Save rendering result)
- ECS → Cloudinary (Image optimization/delivery prep)
- Client → Cloudinary (Deliver optimized image)
Security Measures
1. Data Encryption
Verify the following encryption methods/specifications:
| Target | Method | Description |
|---|---|---|
| Communication | [TLS 1.3?] | All communication is encrypted |
| Database | [AES-256?] | Heroku Postgres encrypts at rest |
| Storage | [SSE-S3? SSE-KMS?] | S3 Bucket Server-Side Encryption setting |
| Backup | [to check] | Encryption method for backups |
2. Access Control
Verify implementation status of access controls:
- Principle of Least Privilege: Each service is granted only minimum necessary privileges [to check: Status]
- IAM Roles: Communication between AWS services controlled by IAM roles (no access keys) [to check: Status]
- VPC: Heroku Private Spaces block direct external access [to check: Usage]
- IP Restriction: Admin panel access allowed only from specific IPs [to check: Implementation]
3. Monitoring & Log Management
- CloudWatch: Monitoring and alerting for AWS resources
- Heroku Logs: Aggregation of application logs
- Salesforce Shield: Audit log retention [to check: Enterprise Edition contract status]
- Anomaly Detection: Automatic detection and blocking of unauthorized access [to check: Status]
4. Backup & Disaster Recovery
Verify backup specifications:
| Item | Backup Frequency | Retention Period | RPO/RTO |
|---|---|---|---|
| Database | [Daily? Multiple?] | [30 Days?] | [To Check] |
| S3 Data | Real-time (Replication) | Indefinite (Versioning) [Enabled?] | [To Check] |
| Application | CI/CD Pipeline | Git History | [To Check] |
Enterprise Plan Backup Enhancement
The Enterprise Plan may increase backup frequency to twice daily and extend retention to 90 days. It may also provide a dedicated Disaster Recovery environment.
Verify accuracy of this content.
Compliance & Certification
Verify certification status of each service:
R.Design uses services that likely comply with the following certifications/standards:
| Service | Certification/Standard (To Check) |
|---|---|
| AWS | [ISO 27001, SOC 2 Type II, PCI DSS, HIPAA?] |
| Salesforce | [ISO 27001, SOC 2 Type II, GDPR?] |
| Heroku | [ISO 27001, SOC 2 Type II?] |
| Cloudflare | [ISO 27001, SOC 2 Type II?] |
| SendGrid | [ISO 27001, SOC 2 Type II?] |
Provision of Compliance Documents [to check: Availability]
We may be able to provide certification documents (SOC 2 reports, etc.) for each service to Enterprise customers. Please contact your sales representative.
FAQ for Enterprise Customers
Q1: Is data stored within Japan?
Verify regions for database/storage:
A: Regarding the storage location of the database (Heroku Postgres) and storage (AWS S3), we need to confirm:
- [Database Region: US East? Tokyo? Other?]
- [S3 Bucket Region: US East? Tokyo? Other?]
- [Reason for region selection (Availability, Cost, Performance, etc.)]
Enterprise Plan Handling:
- [Availability of data placement in Japan (Tokyo Region)]
- [Additional costs/amount]
Q2: Is there support for GDPR / Act on the Protection of Personal Information?
A: R.Design complies with GDPR and Japan’s Act on the Protection of Personal Information via the following measures:
- Right to Erasure: Users can delete their account and data at any time [to check: Implemented?]
- Data Portability: User data can be exported in JSON format [to check: Implemented?]
- Privacy Policy: Explicitly states purpose and scope of collected data usage [to check: URL]
- Data Processing Agreement (DPA): DPA can be concluded for Enterprise customers [to check: Availability]
Q3: Are third-party security audits conducted?
A: Each cloud service used (AWS, Salesforce, Heroku, etc.) undergoes regular security audits by independent third-party organizations (SOC 2 Type II, etc.).
Verify R.Design’s own security audits:
- Frequency of vulnerability assessments (Annual? Multiple times?)
- Vendor (Name of third-party organization)
- Availability of report provision to Enterprise customers
Q4: How about SLAs?
Verify SLA and support structure for each plan:
A: SLA for each plan [Figures below are estimates. Verify actual contract details]:
| Plan | Uptime SLA | Support Hours |
|---|---|---|
| Free / Pro | Best Effort | Email only (Business hours) |
| Pro for Brand | [99.5%?] | Priority Email (Business hours) |
| Enterprise | [99.9%?] | [24/7 Dedicated Support?] |
Enterprise SLA Guarantee Content (To Check):
- Monthly uptime guarantee (specific figure)
- Compensation for SLA violation (Refund conditions/amount)
- Advance notice period for planned maintenance
Q5: Can we integrate with existing Active Directory?
A: [to check: Verify SSO integration implementation status]
The Enterprise plan may support integration with the following authentication infrastructures via Keycloak:
- Active Directory (LDAP)
- Azure Active Directory (SAML/OpenID Connect)
- Google Workspace (OpenID Connect)
- Okta (SAML/OpenID Connect)
- Other SAML 2.0 compliant IdPs
Related Documents
Verify creation status of the following documents:
For Enterprise Customers
- Security Whitepaper [Created?]
- Compliance Certification Documents [Available?]
- SLA Details [Contract Exists?]
For Technical Staff
- API Specifications [Public URL]
- SSO Integration Guide [Created?]
- Audit Log Output Specs [Status]
For Sales Staff
- Enterprise Proposal Template [Created?]
- Competitor Comparison Material [Created?]
- Price List (Enterprise)
Revision History
- December 29, 2025: First edition created (from Slack discussion) - System architecture diagram and major component listing
- ⚠️ Many unverified items: All items marked with [to check] require verification of actual specifications