As discussed, please find below case study followed by below guidelines.

create a document (PPT or any document of your comfort).

The document should provide your approach and solution architecture ( 2 days
time is a good enough time) before that if you are able to complete well and
good.

Case Study 2: Designing a Customer Data Platform (CDP) for Personalization at

Scale

Scenario: A global e-commerce platform wants to design a Customer Data

Platform (CDP) to aggregate data from various touchpoints (e.g., website, mobile
app, in-store) to enable personalized experiences across marketing, sales, and
customer service. The system needs to handle millions of customer records,
integrate with existing systems, and maintain data privacy and security.

Case Study 2: Designing a Customer Data Platform (CDP) for Personalization at

Scale Scenario: A global e-commerce platform wants to design a Customer Data
Platform (CDP) to aggregate data from various touchpoints (e.g., website, mobile
app, in-store) to enable personalized experiences across marketing, sales, and
customer service. The system needs to handle millions of customer records,
integrate with existing systems, and maintain data privacy and security.
ChatGPT said:
ChatGPT
Designing a Customer Data Platform (CDP) for a global e-commerce platform
requires meticulous planning and implementation. Below is a comprehensive
architecture to address the requirements:

1. Key Requirements
 Data Aggregation: Centralize data from multiple touchpoints such as
web, mobile, in-store, and third-party systems.
 Real-Time Insights: Enable real-time updates for personalization (e.g.,
recommendations, promotions).
 Scalability: Handle millions of records across a distributed environment.
 Security and Compliance: Maintain robust security while adhering to
GDPR, CCPA, and other regulations.
 Extensibility: Integrate with marketing, sales, and customer service tools
for seamless orchestration.
2. Core Architecture Design
a. Data Ingestion Layer
 Purpose: Aggregate raw data from diverse sources and standardize
formats.
 Azure Services:
o Azure Event Hubs or Azure IoT Hub: Capture clickstreams and
real-time interactions.
o Azure Data Factory (ADF): Batch ETL/ELT pipelines for larger
datasets (e.g., CRM, POS).
o Azure Logic Apps: Integrate SaaS systems such as Salesforce,
Shopify, or third-party APIs.
o Azure API Management (APIM): Gateway for API ingestion from
third-party platforms.

b. Data Processing and Transformation Layer

 Purpose: Cleanse, standardize, and prepare data for further analysis and
insights.
 Azure Services:
o Azure Databricks: Perform large-scale ETL, stream processing,
and AI-driven feature engineering.
o Azure Stream Analytics: For real-time event processing.

o Azure Synapse Analytics: Store processed data for querying and

reporting.

c. Centralized Data Storage Layer

 Purpose: Store both raw and processed data for different use cases (e.g.,
real-time personalization, ML models).
 Azure Services:
o Azure Data Lake Storage Gen2: Long-term storage of raw and
enriched data.
o Azure Cosmos DB: Low-latency access for real-time customer
insights (NoSQL, multi-region replication).
o Azure SQL Database: Analytical workloads and supporting
structured datasets.
d. Analytics and Personalization Layer
 Purpose: Enable analytics and generate recommendations or insights.
 Azure Services:
o Azure Machine Learning (ML): Build and deploy ML models for
recommendation engines and customer segmentation.
o Azure Cognitive Services: Enhance personalization with pre-built
AI (e.g., sentiment analysis, language understanding).
o Power BI: Self-service business intelligence dashboards for
marketing, sales, and customer insights.

e. Identity, Access, and Privacy Controls

 Purpose: Ensure customer privacy, secure access, and regulatory
compliance.
 Azure Services:
o Azure Active Directory (AAD): Role-based access control for
admins and users.
o Azure Key Vault: Secure secrets, keys, and credentials.

o Azure Purview: Data cataloging and governance to ensure

compliance with data regulations.

f. Integration Layer
 Purpose: Integrate with existing tools and external platforms.
 Azure Services:
o Azure API Management (APIM): Serve personalized content
through APIs for external platforms.
o Azure Logic Apps and Power Automate: Integrate data
workflows with CRM, marketing tools, and customer service tools.
o Azure Service Bus: Enable asynchronous communication across
microservices.

3. High-Level Workflow
1. Data Collection:
o Web clickstreams, app usage data, in-store transactions are
streamed via Event Hubs.
o CRM data, sales figures, and user preferences are pulled via Data
Factory.
 2. Data Processing:
o Event streams processed in real time by Stream Analytics to
detect user behavior patterns.
o Batch data prepared and cleansed in Databricks.

3. Storage:
o Raw data stored in Data Lake, while real-time insights stored in
Cosmos DB for low-latency use.
4. Insights and Activation:
o Power BI dashboards for visual analytics.

o Recommendations served to websites/apps via APIM-backed APIs.

4. Testing Strategy
1. Unit Testing: Validate ETL pipelines, APIs, and ML models.
2. Performance Testing: Test scalability of ingestion pipelines using Azure
Load Testing.
3. Integration Testing: Verify interoperability between components like
Event Hubs, Stream Analytics, and Synapse.
4. Security Testing: Conduct penetration tests and compliance validation
with Azure Microsoft Defender for Cloud.

5. Ongoing Support
 Monitoring: Use Azure Monitor, Application Insights, and Log
Analytics for proactive monitoring.
 Optimization: Implement Azure Cost Management for resource
optimization.
 Updates and Enhancements: Use Azure DevOps for CI/CD,
automating deployments, and improvements.

6. Security and Privacy Considerations

 Encrypt all data at rest and in transit using Azure Encryption
mechanisms.
 Implement anonymization for Personally Identifiable Information (PII).
 Utilize Azure Purview to classify and monitor sensitive data for
compliance.
Requirement Description Answer
Hours of Operations Describe hours of 24/7
operation for the
Solution. E.g. 24/7 or
weekdays only between
8am and 5pm
Availability (%) Percentage of time that 99.99%
the application, process
or capability needs to be
available (i.e. 99.99%)
SLA Service Level Agreement Deliver emails to
as measured by time customers not more than
(E.g. 30 minutes for 10 minutes after order
completion of the process placed
or batch). If external
interfaces are part of the
solution, provide the SLA
for these individual
interfaces (E.g. file
delivered by 2 AM)
Maintenance/Upgrade When do you plan for Planned downtime for
Time upgrades on the system? Monday mornings 1 to 2
Define a maintenance hours only at 1am
window (E.g. Sundays
from 1:00 AM – 4:00 AM)
Unplanned Downtime Describe the impact of Sales will be impacted
Impact any unplanned downtime
on the business or
process
Batch Processing Define any batch process Batches are expected to
Times time windows (E.g. run to check delivery
batches can only run status. This should run
between 2 AM and 4 AM) every 10 minutes

Number of Total Users Total number of users expected The company expect 10000
to use the solution contoso dealers and 100K
customesr for the first 3 months,
and 200K after 12 months

Number of Concurrent Users Number of concurrent users Allow for at least 10 concurrent
expected to use the system at users accessing the web site
the same time.

User Locations & User Totals Provide total number of users User locations should only be
per each locations. Describe from India
from where in the world will the
solution be accessed or allowed
to be accessed

User Roles & Role Totals List the user roles that will 1x administrator, 100000
access the system. Include the customers, 1x store manager
total number of users per role.
E.g. 2x admin, 1000x customer,
1x store manager, etc.

Number of Total Users Total number of users expected The company expect 10000
to use the solution contoso dealers and 100K
customesr for the first 3 months,
and 200K after 12 months

Number of Concurrent Users Number of concurrent users Allow for at least 10 concurrent
expected to use the system at users accessing the web site
the same time.

User Locations & User Totals Provide total number of users User locations should only be
per each locations. Describe from India
from where in the world will the
solution be accessed or allowed
to be accessed

Business Continuity Describe the high level Utilize Azure’s high

Plan Business Continuity Plan. availability, by using
This is usually a created availability zones. Use
by business and IT Azure Frondoor for
management or IT pushing content to 3
governance. regions, India-1, India-2,
India-3

Minimum Acceptable Give a percent that Not applicable

Number of Users indicates the minimum
number of acceptable
users in a disaster
recovery situation. E.g.
total users are 200, but in
a disaster recovery, allow
 only for 10% user base

Minimum Acceptable Give a percentage Not applicable

Number of indicating the minimum
Transactions number of acceptable
transactions in a disaster
recovery situation. For
example 50% of the
average transaction
volume

Minimum Acceptable Describe the minimally Not applicable

Availability acceptable hours of
operation and/or
availability of the system
in a disaster recovery
situation

Acceptable Give a percentage Not applicable

Performance indicating the acceptable
Degradation performance degradation
that is acceptable in a
disaster recovery
situation. E.g. the
existing UI performance
is less than 2 seconds,
however in a disaster
recovery situation
acceptable performance
would be 4 seconds

Authentication Describe what Use Azure Entra ID/ Azure

authentication is Entra B2C for user
required, and if required authentication
additional details should
be provided to further
clarify the authentication
requirements (for
example):
• Username / Password
Requirements
(Complexity, Length,
Numerical Numbers, etc)
• Password change
requirements (initial
login, every 30 days,
etc.)
• Password Storage

Authorization Details on the Ensure that only the

 authorization backend web api services
requirements for the can only access the
system. E.g. is the user database.
or system authorized to
access the database or
API’s

Attestation Details on the attestation No attestation needed

requirements for the
solution. E.g. managers
need to review or
approve user access, or
process owner needs to
review or approve user
access

Audit Controls Details on any audit When user change

controls that are required address, add an audit
for the solution table to capture the
change

Confidentiality of Data Details on the Customer data should be

confidentiality of the data encrypted on the
for the solution. E.g. is it database
customer personal
information, secret
information or public
information

Integrity of Data Requirements in regards Validate the the customer

to the integrity of the is a real person/dealer.
data. E.g. the integrity of Use captcha to validate
the public facing internet that it is not a bot trying
site would be considered to add an account.
high due to the
Use SMS to verify that
reputational risk
the customer is valid.
associated with
unauthorized changes to
the content.

Logging Requirements Detail on whether logging Build exceptional

is required. Provide handling to add an error
further details for to the system events.
logging:
Developers should create
• System Events to Log: a log file for error
Security, Configuration, handling.
Admin Events
Keep log files for 7 days,
• Log File Details: Date, then auto delete the log
Time, User Initiating files.
Activity, Details, etc.
Use Azure aplication
 • Time period for insights for tracking
keeping log information azure services. Can also
leverage the serilog
• Required reviews of log
and .NET logging and use
information (timing /
Elastik stack for better
responsibility)
monitoring

In Transit / At Rest Describe the security Use X509 Certificates for

requirements when data data in transit.
is in transit and when
data is in storage or at
rest.

Functional Level Details on the Functional Not required

Authorization Level Authorization
requirements for the
solution.E.g. Is a user
allowed to perform a
specific function on the
system

Data Level Details on the Data Level Not required

Authorization Authorization
requirements for the
solution.

Monitoring Describe the monitoring Azure Monitor, Serilog,

Requirements requirements for the Elastik stack, Watchdog
solution

Operational Support Describe any operational IT Operations should

Roles and support roles and monitor support emails
Responsibilities responsibility from Azure Alerts
requirements for the final
solution

LAN/WAN Describe any LAN or WAN Not applicable

Requirements requirements for the
solution

Cloud Networking Describe any Cloud Create new VPNs, use a

Networking public subnet for the web
requirements. E.g. VPC site, and private subnet
on AWS or VNet on Azure. for the APIM/database.
Include the address Use private DNS and site-
spaces if known to-site VPN to host self
hosted API gateways

Network Bandwidth Describe the the network Data : 5 kbps up and

Requirements bandwidth requirements down
for the solution
Image : 500 kbps up and
down
Inbound/Outbound Requirements on whether Configure security groups
Traffic a firewall usage is for inbound traffic to
required for the solution allow all on public
for inbound and subnet, and deny all on
outbound traffic private subnet

Internal / External Describe any internal or Use APIM API Gateway to

Connectivity external connectivity access Delivery Vendor
requirements for the API’s. Vendors requires to
solution. E.g. VPN, SFTP, whitelist the IP Address
API Gateways, etc. and accepts a secret and
key.

Load Balancing Describe whether a load Use Application load

balancer is needed for balancer for handling
the solution web site traffic between
services, and frontdoor
for global load balancing

User Interface Details on the User This is a web application

requirements for the that will only be accessed
solution. If this solution is via browsers and mobile
required to run on a apps
laptop or desktop,
describe the hardware
requirements.

UI Channels Describe which channels Web application should

will use the solution. be access from the
Desktop, Mobile, following browsers:
Browsers, Tablets, IoT Chrome, Internet
Devices, etc. Explorer, FireFox, Edge
and Safari

Architecture Describe any specific Use the Azure APP

Requirements architecture services, AKS,Azure
requirements for the functions, Microservices
solution: architecture patterns.
Design can include using
·System Design - N Tier,
containerization
Web Services, API,
technology, such as
Containers, Kubernetes,
docker. API’s should use
etc
RESTful web services
·Required Patterns, using json files.
Pub/Sub, Queues, ESB,
Microservices, etc.

Environment Details on the number of Create 4 environments:

Requirements environments required Dev, QA, UAT and
and sizing for each of the Production. Each
environments. E.g. the environment needs to be
application will require in its own VPN on Aazure
 Development, Quality
Assurance, User
Acceptance Test, and
Production environments.
Production and UAT might
have the same size, while
Development, Quality
Assurance can all be 10%
of the Production
environment

Virtualization Support Information on any Not required

requirements for
virtualization support
within the solution. E.g.
on-premise use VMWare,
Cloud use EC2 or ECS

Development Stack Detailed requirements on Use the following

development stack that development stack: C#
need to be supported as ASP.Net Core web api ,
part of the build of the React.Js, React Native,
solution Clean architecture, CQRS,
DDD, SOLID principles,
XUnit, Bootstrap, Docker,
Azure SQL server, Azure
Cosmos db

Non-Functional Requirements for CDP

Availability

 Target: Ensure 99.99% availability for real-time data processing and customer
interactions.
 Implementation:
o Leverage Azure Availability Zones to deploy critical services redundantly
across multiple regions.
o Use Azure Front Door for global load balancing to route traffic to healthy
endpoints.
o Configure automated failover using Traffic Manager for disaster scenarios.

Performance

 Target: Web and API responses under 2 seconds for 95% of requests; batch
processing jobs within 1 hour for 1TB of data.
 Implementation:
 o Use Azure Cache for Redis to store frequently accessed customer
personalization data.
o Implement horizontal scaling using Azure Kubernetes Service (AKS) for
microservices.
o Optimize query performance in Azure Cosmos DB and Synapse Analytics
with index tuning.

Scalability

 Target: Support 1 million customer records at launch and scale to 5 million within
12 months.
 Implementation:
o Enable auto-scaling for AKS and Azure App Services.
o Configure Cosmos DB Autoscale for elastic throughput based on demand.
o Use Data Partitioning techniques in Azure Data Lake and Cosmos DB.

Security

 Target: Maintain data encryption in transit and at rest, aligned with GDPR/CCPA.
 Implementation:
o Data in Transit: Use TLS 1.2 and X509 certificates for API traffic.
o Data at Rest: Enable Managed Encryption Keys for all Azure storage
solutions.
o Enable Azure Sentinel to monitor potential security threats.
o Apply Azure Key Vault for secrets and credential management.

Monitoring and Logging

 Target: Full observability with less than a 5-minute detection time for critical
failures.
 Implementation:
o Integrate Azure Monitor with Log Analytics and Application Insights for
centralized observability.
o Use Azure Event Grid to trigger alerts based on log anomalies.
o Deploy Elastic Stack or Serilog for application-level logging.

Disaster Recovery (DR)

 Target: Achieve RPO (Recovery Point Objective) of 15 minutes and RTO (Recovery
Time Objective) of 30 minutes.
 Implementation:
o Maintain backup copies in Geo-Redundant Storage (GRS) for critical data.
 o Configure Azure Site Recovery (ASR) for regional replication of workloads.

Compliance

 Implementation:
o Ensure all PII is classified using Azure Purview.
o Regularly validate compliance with Azure Policy for regulatory enforcement.
o Establish audit mechanisms for access logs, ensuring traceability for all data
processing activities.

Maintainability

 Target: Minimize planned downtime to less than 2 hours per month.

 Implementation:
o Implement Blue-Green Deployment Strategy for updates using Azure
DevOps Pipelines.
o Maintain containerized microservices (Docker), allowing seamless rollback
during issues.

Capacity Management

 Target: Proactively scale resources to handle 1.5x expected peak traffic.

 Implementation:
o Implement cost optimization insights using Azure Advisor.
o Use Azure Cost Management and Billing to monitor cost versus capacity.