Understanding Analysis Modules

Understanding Analysis Modules

Architecto's analysis modules help you evaluate your architecture against multiple critical dimensions before deployment. Each module focuses on a specific aspect: cost, scalability, security, performance, or compliance.

Analysis Overview

Think of analysis modules like a peer review with specialists:

  • Finance Auditor → Cost Estimator
  • Performance Engineer → Scalability Analyzer, Performance Simulator
  • Security Architect → Threat Modeler, Security Posture
  • Operations Lead → Drift Detector
  • Compliance Officer → Compliance Checker

Together, they give you confidence that your architecture is production-ready.

Cost Estimator

Question: "How much will this cost?"

The Cost Estimator models your monthly cloud bill at different scale points.

How It Works

  1. You input your architecture and target scale (1k → 1M users)
  2. Architecto calculates compute, storage, database, and data transfer costs
  3. It models how costs change as you scale
  4. Identifies cost inflection points — Where costs suddenly jump
  5. Suggests optimization strategies

Understanding Cost Curves

Your cost typically follows patterns:

                   Cost
                     ^
                     |     /
                     |    /
                     |   /
                     |  /_____ Cost knee
                     | /
                     |/
                     +-----> Users

The "cost knee" is where your architecture becomes financially unsustainable. For example:

  • At 10k users: $200/month ✓ Healthy
  • At 50k users: $500/month ✓ Still okay
  • At 100k users: $2,000/month ⚠️ Cost knee
  • At 200k users: $5,000/month ✗ Unsustainable

Cost Reduction Strategies

Common optimizations the Cost Estimator suggests:

StrategyExampleImpact
Reserved Instances1-year commitment on EC220-40% savings
CachingAdd Redis for hot data30-50% DB cost reduction
AutoscalingScale down at night10-20% compute savings
Data TransferUse CDN for static assets20-40% data transfer savings
Database OptimizationUse RDS read replicas, connection pooling15-30% DB costs
Spot InstancesFor non-critical workloads70% compute savings

Scalability Analyzer

Question: "How many users can this handle? Where's the bottleneck?"

The Scalability Analyzer uses queuing theory and stress-testing models to predict how your architecture handles load.

Key Metrics

MetricDefinitionExample
ThroughputRequests/second the system can handle5,000 req/s
LatencyResponse time for average request200ms
BottleneckComponent that limits throughputRDS primary database
Scaling LimitMax users before quality degrades100,000 concurrent

Identifying Bottlenecks

Different components bottleneck at different scales:

10k users:   API Server (add more servers)
50k users:   Database (add read replicas, caching)
100k users:  Network bandwidth (add CDN, optimize queries)
1M users:    Distributed systems complexity (redesign for microservices)

The Scalability Analyzer pinpoints exactly which component becomes your constraint.

Scaling Recommendations

Once bottlenecks are identified:

  1. Add Read Replicas (databases)

    • Readers go to replicas, writers to primary
    • Scales read throughput linearly
    • Typical: 3-5 replicas handles 20-50k users

  2. Horizontal Scaling (servers)

    • Add more instances behind load balancer
    • Typical: Each instance handles 500-2,000 concurrent users

  3. Caching Layer (Redis/Memcached)

    • Cache frequently-accessed data
    • Reduces database load by 50-80%
    • Typical: Cache layer handles 10-100x more traffic

  4. Sharding (databases)

    • Split data by key (user ID, region, date)
    • Each shard handles subset of data
    • Enables scaling to millions of users

  5. Connection Pooling (databases)

    • Reuse database connections
    • Reduces connection overhead
    • Typical: 2-3x throughput improvement

Threat Modeler

Question: "What could go wrong? How do we prevent attacks?"

The Threat Modeler uses STRIDE methodology to identify security threats and suggest mitigations.

STRIDE Framework

ThreatDefinitionExample
SpoofingAttacker pretends to be someone elseFake user login, forged API requests
TamperingAttacker modifies data in transit or at restMan-in-the-middle attack, database corruption
RepudiationAttacker denies performing an actionDenies deleting data, denies making transfer
Information DisclosureAttacker reads data they shouldn'tExposure of API keys, customer data leak
Denial of ServiceAttacker prevents legitimate users from accessing serviceDDoS, resource exhaustion
Elevation of PrivilegeAttacker gains higher-level access than allowedSQL injection to read all data, privilege escalation

Example Threat Analysis

For your e-commerce architecture:

Spoofing Threat:

  • Attacker impersonates another user
  • Accesses their orders and payment methods
  • Mitigation: MFA on login, OAuth 2.0, session tokens

Tampering Threat:

  • Attacker modifies order price during checkout
  • Changes $100 order to $1
  • Mitigation: Cryptographic signatures, server-side validation, encrypted communication

Information Disclosure:

  • Attacker reads database backup
  • Steals customer credit cards and personal data
  • Mitigation: Encrypt database at-rest (AWS KMS), encrypt backups, access controls

Denial of Service:

  • Attacker floods API with requests
  • Legitimate users get HTTP 503 errors
  • Mitigation: Rate limiting, CloudFront DDoS protection, WAF, auto-scaling

Security Best Practices

Architecto recommends:

  1. Authentication — MFA, OAuth 2.0, passkeys
  2. Encryption — TLS 1.3 for transit, AES-256 for data at rest
  3. Authorization — Least-privilege IAM, role-based access control
  4. Network Security — VPC isolation, security groups, NACLs
  5. Data Protection — Tokenization of PII, masking in logs
  6. Monitoring — CloudTrail for audit logs, CloudWatch for anomalies

Architecture Diff

Question: "What changed between versions? What's the impact?"

The Architecture Diff shows semantic differences between two versions of your architecture.

What It Compares

  • Added Components — New services, databases, etc.
  • Removed Components — Deprecated services
  • Modified Components — Configuration changes (instance type, scaling, etc.)
  • Connection Changes — New/removed data flows

Example Diff

Version 1:
- Single RDS database (no replicas)
- Single EC2 instance
- No caching layer
- Direct database access from app

Version 2:
+ Added 2 RDS read replicas
+ Added autoscaling group (3-10 instances)
+ Added Redis cache layer
+ Added connection pooling
~ Changed database instance type (t3.medium → r5.large)

Impact Analysis

The diff explains impacts:

  • Cost Impact: +$500/month (for additional replicas and cache)
  • Scalability Impact: +400% (can now handle 5x more users)
  • Availability Impact: +99.9% (multi-AZ failover now configured)
  • Complexity Impact: Medium (added cache and replicas to manage)

Performance Simulator

Question: "How will latency and throughput perform under load?"

(Coming soon: Full performance simulation with latency modeling)

The Performance Simulator predicts how each component behaves under different loads.

Compliance Checker

Question: "Does this meet compliance requirements?"

(Coming soon: SOC2, HIPAA, PCI DSS, GDPR validation)

The Compliance Checker validates your architecture against standards.

Drift Detector

Question: "Has our infrastructure drifted from the designed architecture?"

(Coming soon: Continuous monitoring for configuration drift)

Running Complete Analysis

All-in-One Review

  1. Click "Analyze All" (coming soon)
  2. Architecto runs all applicable modules:
    • Cost estimate (1k, 10k, 100k, 1M users)
    • Scalability bottleneck analysis
    • Complete STRIDE threat review
    • Compliance check
    • Performance simulation
  3. Generates comprehensive Architecture Review Report:
    • Executive summary (score 1-10)
    • Detailed findings from each module
    • Critical issues requiring attention
    • Recommended next steps
    • Cost/benefit of each recommendation

Tracking Analysis Over Time

Save multiple analysis runs to track:

  • How architecture improves
  • Cost trends
  • Scaling readiness improvements
  • Security posture improvements

Next Steps

Key Takeaway:
Analysis modules aren't just reports—they're your architecture review board. Use them to catch problems early, optimize costs, and build confidence before deployment.

On this page

Understanding Analysis ModulesAnalysis OverviewCost EstimatorHow It WorksUnderstanding Cost CurvesCost Reduction StrategiesScalability AnalyzerKey MetricsIdentifying BottlenecksScaling RecommendationsThreat ModelerSTRIDE FrameworkExample Threat AnalysisSecurity Best PracticesArchitecture DiffWhat It ComparesExample DiffImpact AnalysisPerformance SimulatorCompliance CheckerDrift DetectorRunning Complete AnalysisAll-in-One ReviewTracking Analysis Over TimeNext Steps
Understanding Analysis Modules | Dokumentation | Architecto