Systems Architecture

Architecture Patterns

Pattern	Applied In
Event-Driven Pipelines	SIEM Platform — decoupled log ingestion across agents, managers, Logstash, OpenSearch
Shared-But-Isolated Multi-Tenancy	SIEM Platform — Document-Level Security (DLS) for tenant isolation in shared datastreams
Hot/Warm Storage Tiers	SIEM Platform (ISM), K8s Platform (tiered Ceph pools)
Immutable Infrastructure	K8s Platform — Talos Linux, no SSH, no drift
Local-First Sync	Stateless PWA — offline-capable, sync-on-reconnect

Cloud Experience

Hands-on experience with AWS, Azure, and Google Cloud. Recent work has been on-prem because the economics favored it for always-on, storage-heavy workloads. The skills transfer directly: EC2 sizing informs bare-metal sizing, S3 informs Ceph design, VPC networking informs on-prem segmentation.

On-Prem vs Cloud Decision Framework

Factor	On-Prem	Cloud
Workload pattern	Predictable, always-on	Bursty, elastic
Storage costs	Predictable at scale	Variable, accumulates
Compliance	Simpler data residency	Shared responsibility model
Infrastructure control	Full stack visibility	Abstraction tradeoffs
Team investment	Requires infra skills	Managed services reduce ops
Experimentation speed	Hardware procurement cycles	Minutes to spin up/tear down

Distributed Wazuh SIEM Platform — Event-driven pipelines, multi-tenancy, hot/warm tiers
On-Premise Kubernetes Platform — Immutable infrastructure
Stateless PWA with Sync Layer — Local-first architecture

Scott Tompkins

Explorer

Systems Architecture

Systems Architecture

Architecture Patterns

Cloud Experience

On-Prem vs Cloud Decision Framework

Table of Contents

Scott Tompkins

Explorer

Systems Architecture

Systems Architecture

Architecture Patterns

Cloud Experience

On-Prem vs Cloud Decision Framework

Related

Table of Contents