All Features Cloud Architecture

How Lex Etheris Runs in the Cloud

A purpose-built, multi-region cloud platform engineered for Australian legal practice — with two regions both serving live traffic, centralized observability across every service, a dedicated vector database powering Lex Nubes AI, and defense-in-depth security on every request.

0% Uptime Target
Always on across two regions
11×9 Storage Durability
AWS Native Encrypted End-to-End Elastic & Auto-healing
Cloud Disk
Files Storage
DB
Compute
Edge CDN
Vector DB
All regions healthy · AU · Primary · Secondary
Why It Matters

What This Architecture Delivers

Behind every screen of Lex Etheris is a cloud foundation engineered for four uncompromising outcomes — always-on access, ironclad data security, elastic performance, and enterprise-grade reliability.

High Availability

High Availability

Multi-region, multi-zone deployment with smart latency routing and automatic failover keeps the platform accessible around the clock — even during infrastructure updates or full regional outages.

Multi-region · Auto-failover
Data Security

Data Security

End-to-end encryption for data in transit and at rest, managed-key rotation, short-lived access tokens kept away from page scripts, and an edge firewall protect every piece of client information.

Encrypted · Zero-trust
Elastic Scalability

Elastic Scalability

Containers and serverless functions scale horizontally in seconds based on real traffic — so peak filing periods feel just as fast as a quiet Sunday afternoon.

Auto-scaling · Sub-second
Enterprise Reliability

Enterprise Reliability

Built-in redundancy, automated daily snapshots, point-in-time restore, and 11×9s durable object storage deliver the compliance and continuity guarantees a legal practice requires.

11×9s durability · Audit-ready
Architecture at a Glance

Four Layers. One Platform.

The platform is organised into four clearly separated layers — edge, application, data, and observability — each independently scaled, monitored, and hardened behind the scenes.

01

Client Edge

Global delivery & protection

User
Browser
Smart traffic routing
+ health checks
Global edge network
+ encryption
Edge
Firewall
02

Application Plane

Stateless, elastic compute

Load
Balancer
API Services
Cloud Compute
Realtime Gateway
Auto-Scaling Compute
Auth
Service
03

Data Plane

Durable, encrypted storage

Managed
DB
File
Storage
Vector
DB
Search
Index
Session
Cache
04

Observability & Governance

Everything traceable

Metrics
+ Logs
Audit
Trail
Central
Log Lake
Alerts
+ Paging
Infrastructure Pillars

Engineered for Scale, Resilience & Trust

Nine foundational capabilities, each delivered through battle-tested managed cloud services and hardened with our own operational guardrails.

Multi-Region Deployment

Deployments in more than one region, both able to handle live traffic, with smart latency routing and automatic failover — the platform stays online even if an entire region degrades.

Elastic Auto-Scaling

Containers and serverless functions scale horizontally in seconds based on real traffic — so peak tax-year workloads feel the same as a quiet Sunday.

Centralized Logging

Every service and background worker streams structured logs into a centralized log lake — fully searchable, immutable, and tied back to the originating request ID.

Dedicated Vector Database

Lex Nubes AI retrieves context from a dedicated vector database hosted inside our private cloud network — enabling semantic search across Australian immigration law with sub-100 ms recall.

Global Edge Delivery

Static assets and API responses are cached at 400+ edge locations worldwide, so users in Melbourne, Sydney or overseas always get low-latency delivery.

Extremely Durable File Storage

Client case files are stored on managed file storage with 99.999999999% durability, versioning, lifecycle policies, and managed-key encryption — accessed only through scoped, short-lived URLs.

Defense-in-Depth Security

Strong encryption in transit, managed keys for data at rest, each service only gets the access it needs, refresh tokens kept from page scripts, rate limiting, and an edge firewall — every layer checks the next.

Primary
Standby

Managed Databases (Multiple Data Centres)

Application data runs on a managed database with copies kept in more than one data centre, automated daily snapshots, and the ability to roll the database back to an earlier moment in time (within the retention period).

Realtime Messaging Gateway

A dedicated realtime gateway with live connection checks, keeping each user on a stable server, and automatic reconnection powers the Conversation module for lawyer-client messaging.

High Availability

Multi-Region, Always-On

The Lex Etheris platform runs in two or more regions at the same time (so there is no single data centre that must stay up for you to work). Smart latency-based routing directs every user to the closest healthy region, while continuous health checks ensure traffic is automatically re-routed within seconds if a region ever degrades — no manual intervention, no data loss.

  • Primary region based in Australia
  • Cross-region replication for databases and file storage
  • If a major outage happens: get back to normal service in under 60 seconds, with at most a few seconds of in-flight work at risk (for critical data)
  • If a region is unhealthy, traffic is automatically steered to a healthy one — no reconfiguration on your end
  • Software updates can roll out with no user-visible downtime (new and old versions run in parallel)
AU · Primary
Sydney
Secondary
Cross-region replica
Observability

Centralized Logging You Can Trust

Audit-ready operations aren't optional for legal software. Every service emits structured, machine-readable logs with a shared request_id (one label per user action), which are shipped through a managed logging pipeline into a central log lake. Combined with an immutable audit trail and real-time metric alerts, every action on the platform is accurate, queryable, and traceable — from a user click all the way down to a database row.

  • Structured logs with a shared request_id so you can follow one action end-to-end
  • Centralized log store with ad-hoc search and reporting
  • Immutable audit trail — who did what, when, from where
  • Real-time alarms & multi-channel notifications
  • Long-term retention for compliance-grade evidence
central-log-lake · live
10:32:04INFOapirequest_id=7f3a action=form.submit
10:32:04DEBUGrtheartbeat ok · realtime channel healthy
10:32:05INFOdbwrite committed · multi-zone replicated
10:32:05WARNedgeblocked suspicious request · possible database attack
10:32:06INFOaisemantic search · top 5 matches · best score=0.94
10:32:06OKfilesstored file_id=e8a2 · encryption verified
Lex Nubes AI

A Vector Database Built for Australian Law

Lex Nubes AI doesn't just call a general-purpose language model on its own — it consults a proprietary vector database deployed inside our private cloud network. Every piece of Australian immigration legislation, case law, and departmental guidance is embedded into high-dimensional vectors and indexed for millisecond semantic retrieval. When a lawyer asks a question, the model is grounded in cited Australian sources before it ever generates a word.

  • Fully deployed inside a private cloud network
  • High-dimensional “meaning vectors” with a fast nearest-match index for similarity search
  • Sub-100 ms semantic retrieval at scale
  • Answers are grounded in retrieved, cited material — not the model’s memory alone
  • Continuously refreshed with the latest regulations
"Subclass 485 post-study eligibility?"
Matched 3 cited sources · answer grounded in what was retrieved
Security by Design

Zero-Trust, End-to-End Encryption

Because every byte of client data is sensitive, Lex Etheris treats security as a first-class product requirement. Traffic is encrypted in transit with current best-practice connection security, data is encrypted at rest with managed keys, passwords are stored only as strong, one-way “fingerprints” (so raw passwords are never kept), and tokens are split into short-lived access passes plus longer-lived refresh tokens that page scripts cannot read, limiting the damage if something leaks. Every call is authenticated and only allowed the minimum access each role needs.

  • Strong in-transit encryption — browsers are told to always use secure connections to us
  • Encryption at rest with centrally managed keys
  • Short-lived access pass + longer-lived refresh token that scripts on the page cannot read
  • Strong one-way password storage + an extra sign-in step for high-privilege accounts
  • Each part of the system only gets the access it needs
  • Edge firewall that filters massive junk traffic and common web-attack patterns
Edge firewall + mass-traffic attack protection Floods and application-level attack patterns filtered out
Edge
Encryption at the edge Up-to-date ciphers, always-on secure browsing to our site, valid certificates
Transit
Token + Access Policies Short-lived access · refresh token hidden from page scripts
Auth
Managed-Key Encryption Per-tenant keys · audited rotation
Data
End-to-End Guarantees

Every Action, Safely Handled

No matter the action, the platform upholds the same promises on every request — secure entry, elastic handling, durable persistence, and full traceability.

01

Secure Entry

Every request leaves the portal signed with a short-lived access token.

02

Edge Protection

Encryption applied at the network edge; obvious junk and attack traffic filtered before it reaches the app.

03

Elastic Handling

Requests are load-balanced onto a healthy instance with near-zero queue time.

04

Durable Persistence

Changes are committed in one go and copied to a backup data centre for safety.

05

Observed & Audited

Structured logs and audit events are streamed to the central log lake.

06

Realtime Sync

Affected users are notified in milliseconds through the realtime gateway.

By the Numbers

Operations You Can Bank On

0%
Uptime Target
Monitored across all regions · 24/7
0
Typical slow request time
Roughly, 99 in 100 API calls complete within this (Australian portals)
0
Storage Durability
Managed object storage
0
Edge Locations
Edge points of presence worldwide
Active Regions
Both regions handle traffic; auto switchover if one fails
0
Encryption
256-bit strength · managed keys rotated
0
Max. data you might re-enter
After a rare total-region failure, at most a few seconds of new input may need redoing (replication window)
0
Time to full service again
Target time from a major regional failure until users are fully back to normal

Enterprise-grade cloud. Law-firm-grade trust.

Experience a legal platform built for the cloud — engineered to keep your practice fast, always available, and secure no matter what.

Explore All Features