Architecture

This section is the architectural map of ElasticBLAST Control Plane.

Core references

• High Level Architecture — the shipped six-sidecar Container App, AKS BLAST jobs, and how the browser, storage, and managed identity connect.
• Container Apps Architecture — authoritative reference for the deployed topology, ingress, identity, secrets, and the Azure Functions retirement history.
• Runtime Plan — supporting infrastructure (VNet/subnets, private DNS, shared MI + RBAC, Storage rules, AKS plan, post-deploy smoke checklist).
• Storage Isolation & Browser ↔ Storage Proxy — the load-bearing security contract: publicNetworkAccess: Disabled, no SAS to the browser, streaming proxy through the api sidecar.
• Authentication & Authorization — MSAL Auth Code + PKCE handshake, managed identity, and the full RBAC role matrix.

Research notes (in-progress)

These pages capture investigations that informed design decisions. They are not user-facing documentation.

• BLAST Search Space Discovery — how the control plane discovers BLAST databases and searchsp metadata.
• Web BLAST Compatibility Plan — implementation ledger for Web BLAST scientific compatibility.