Designing Pega for the enterprise 

2 Tasks

1 hr

Pega Platform '25

Pega Platform '24.2 Pega Platform '23 Pega Platform 8.8 Pega Platform 8.6 (English) Pega Platform 8.6 (日本語) Pega Platform 8.6 (Español) Pega Platform 8.3.1

Visible to: All users Applies to: Pega Platform '25

Advanced

English

Scenario

You are meeting with the Enterprise Architecture team to discuss the architectural landscape at MDC and how the Delivery Service application fits into it. The following topics will be covered:

• Application access and identity management
• Application server and deployment technology
• Integration and web services
• Data storage, search infrastructure, and reporting

Application access and identity management

MDC plans to enable prospective customers to register as business partners and truck vendors through a cloud-based web portal built using Pega Constellation UI and exposed through a Web Embed Channel. Business partners can initiate delivery requests either through chat interactions powered by the Pega GenAI™-driven chatbot or through a dedicated user portal.

City Managers require a mobile application to track all open truck requests for pickup and delivery and to follow up with vendors in real time. Because City Managers frequently travel to oversee field operations, the mobile application must include offline-enabled functionality, which would enable users to access and update delivery service request details even when disconnected from the network.

For identity management, MDC uses an open-source SAML 2.0 single sign-on (SSO) package and OAuth 2.0 Open Identity providers for user access across all applications. In Pega Platform™, authentication is supported through SAML 2.0 Assertions, JSON Web Tokens (JWT), and OAuth 2.0 provider data instances, enabling seamless identity federation with the existing enterprise identity infrastructure at MDC. Pega enforces a Zero Trust Architecture model by validating and authorizing each access request through Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Client-Based Access Control (CBAC).

Application server and deployment technology

In earlier versions of Pega Platform, MDC deployed Pega as an enterprise archive (EAR) on traditional application servers. This model is deprecated and is not supported in Pega Infinity '25 and later releases. Pega now follows a container-only architecture, where all deployments, including Pega Cloud and client-managed, run as Docker containers orchestrated by Kubernetes.

For client-managed deployments (on‑premises or private cloud), MDC must:

• Deploy Pega Platform as Docker containers within a Kubernetes cluster.
• Use Pega-provided Helm charts and configure deployments via the values.yaml file.
• Ensure strong Kubernetes expertise for cluster operations, scaling, and maintenance.
• In restricted or private networks, locally cache Helm charts and mirror Docker images to a client-managed container registry.

Integration and web services

Global Truck Rating Services (GTRS) provides REST services to retrieve truck ratings. MDC requires the truck rating during the Truck Vendor registration process, and the request and response payload is in JSON format. In Pega Infinity '25, this integration is configured using a Pega REST Connector, which supports:

• OAuth 2.0 authentication for securing API calls to GTRS
• JSON mapping for parsing and transforming the response into the Pega data model
• Connection pooling and retry policies to ensure resilience in high-traffic scenarios

All contact and payment information for Business Partners and Truck Vendors must be secured using HTTPS and encrypted data handling, in alignment with Pega Cloud Zero Trust security principles. For event-driven integration, MDC can make use of externalized Apache Kafka (the Pega Stream Service), to support high-volume, asynchronous data flows, such as streaming truck location updates or triggering delivery case creation from incoming data events.

Data storage search infrastructure and reporting

MDC stores and reports historical delivery, truck request, and invoice data in a data warehouse. The Delivery Service application feeds the warehouse for executive reporting, and warehouse reports must be accessible from within the Pega application.

Search and Reporting Service (SRS):
Pega Platform no longer supports embedded Elasticsearch. Full-text search is now provided by the Search and Reporting Service (SRS), which is an independent, externalized microservice deployed as a Docker image provided by Pega. SRS connects to an external Elasticsearch or OpenSearch cluster and must be configured using OAuth-based authorization between Pega Platform and the SRS endpoint.

Business Intelligence Exchange (BIX):
For Pega Cloud deployments, BIX operates on a dedicated separate node for data extraction, ensuring that BIX processing does not impact production performance. BIX extracts Pega application data into industry-standard formats that are compatible with the MDC data warehouse and BI tools.

Externalized Cassandra:
If MDC adopts Pega Customer Decision Hub™ for intelligent decisioning within the Delivery Service application, Apache Cassandra must be externalized to handle high-volume decision management data. MDC is responsible for provisioning and managing the Cassandra cluster, either self-hosted or through a third-party managed service.

Produce a high-level architecture diagram and describe each application component. Use Visio, PowerPoint, Image, or hand-draw your diagram. Assume an on-premises deployment.

In the diagram, illustrate the:

• Components of the application, including web services and the components of the Delivery Service application
• Relationship between Delivery Service application architectural components
• Integration with the Global Truck Rating System (GTRS)
• Integration with the Datawarehouse system

As an alternative solution, describe any differences in design choices for the same set of Pega Cloud requirements.

The following table provides the credentials you need to log in to the Delivery Service application. However, this challenge is mainly meant for evaluating the design options, and there are no specific implementation tasks. 

Role	User name	Password
Admin	admin@deliveryservice	rules

You must initiate your own Pega instance to complete this Challenge.

Initialization may take up to 5 minutes so please be patient.

• Log In

Detailed Tasks

1 Identify design options

With Pega Infinity ’25, all supported deployment options are fully containerized. Review the Pega Platform Support Guide to determine the supported Kubernetes platforms, container registries, and required externalized services relevant to MDC’s environment.

2 Consider alternative approaches

If MDC deploys the Delivery Service application on Pega Cloud 3, consider the following architectural differences:

• Pega Cloud services networking – Work with the Pega Cloud team to configure the application to access secured for MDC resources.
• Integrating Pega applications in Pega Cloud with external systems – Review integration options, including REST connectors and Kafka connectivity for event-driven flows.
• Pega Cloud Security – Pega Cloud provides isolated environments, Zero Trust Architecture, and manages all infrastructure security, patches, and compliance on behalf of the client.
• Business Intelligence Exchange (BIX) for Pega Cloud applications – BIX runs on a dedicated separate node in Pega Cloud. Review extraction scheduling and format compatibility with MDC's data warehouse.

---

---

Available in the following mission:

• Infrastructure and Architecture v1