SD Tech Solutions logo

Architecture

Under the hood, SD Tech Solutions relies on simple, hardened building blocks: classic web stacks, opinionated access controls, and operations that treat configuration as code instead of guesswork.

Web Tier

Lightweight LAMP and Windows web stacks, tuned for reliability, security, and easy maintenance.

  • Apache on Linux as the primary web tier, with PHP front-controllers and static assets served from versioned /assets bundles.
  • LAMP on Linux and WAMP/IIS on Windows Server when a mixed environment or .NET/IIS workloads are required.
  • MVC-style layouts and simple routing so sites are easy to extend without framework lock-in.
  • Custom-built HTTPS sites with hardened TLS configs, HSTS, and sane defaults for headers and cookies.
  • Secure cgi-bin and script execution policies for cases where CGI or legacy tooling is still needed.
  • Application data stored in encrypted databases on-prem or in the cloud, depending on regulatory and performance requirements.
  • Web apps tailored to user flows: internal tools, portals, ticketing systems, and dashboards built to solve real problems, not just look pretty.

Access

Public sites stay simple; admin and backend access are locked behind keys, VPNs, and 2FA.

  • SSH access with public/private key authentication only — no password logins — and role-based accounts for admins.
  • WireGuard and other VPN solutions for remote desktop, SSH, SMB, and management traffic, with 2FA enforced on user devices.
  • Most services kept off the public internet; on-prem office IPs are largely closed, with admin and RDP access available only over VPN.
  • Segregated networks for servers, users, and guest devices, with firewalls enforcing clear boundaries between them.
  • Support for dedicated connections or MPLS-type links where required, plus secure cloud gateways for hybrid environments.
  • Centralized identity via AD DS / Entra ID so access policies, groups, and MFA flow through to servers, SaaS, and VPN endpoints.
  • Logging and alerting for sign-ins, admin actions, and firewall events so suspicious access patterns don’t go unnoticed.

Operations

Git-friendly layouts, configuration as code, and a mix of IaaS, SaaS, and classic servers run like a small DevOps shop.

  • Git-backed repo structure (including Firefly-style “config as code” where appropriate) so infrastructure changes are reviewable and auditable.
  • Configuration stored alongside documentation: Apache vhosts, firewall rules, and automation scripts live in source control, not on sticky notes.
  • Infrastructure-as-code mindset for repeatable builds: templates for Linux servers, Windows Server roles, and core network services.
  • Mix of IaaS and SaaS used pragmatically: Azure and other clouds for VMs and services; M365 and line-of-business SaaS where they add value.
  • DevOps-style automation with Bash and PowerShell for deployments, health checks, log rotation, backups, and routine maintenance.
  • Hands-on systems administration: Linux maintenance, Windows Server roles (IIS, AD DS, DNS, DHCP, file/print) and GPO baselines.
  • Simple monitoring and observability: log aggregation, disk/CPU checks, certificate expiry alerts, and uptime monitoring that catch issues early.