How it works

A straightforward architecture that lives in your Azure.

Nublou uses Azure-native building blocks—managed apps, Functions, Static Web Apps, Key Vault, and Cosmos DB—to ingest cloud billing data, apply allocation rules, and publish Cloud P&L views, all inside your tenant.

High-level architecture

Data sources (Azure, AWS, GCP) flow into a tenant-deployed ingestion and normalization layer, then into a rules and allocation engine. Curated datasets are published for Power BI, Excel, and APIs.

AzureAWSGCPNublouCloud P&LPower BIExcelAPIs

Diagram is illustrative — replace with your final architecture graphic when ready.

Data flow

1

Connect cloud billing exports and metadata.

2

Normalize to a shared schema and enrich with business hierarchies.

3

Apply allocation rules and compute P&L and unit metrics.

4

Publish curated datasets and reports to Power BI, Excel, and internal tools.

Security touchpoints

  • • Authentication via Microsoft Entra ID (no local passwords).
  • • Authorization enforced at route and API layers.
  • • Secrets stored in your Azure Key Vault with RBAC and managed identities.
  • • Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • • Tenant isolation via a dedicated managed app instance per customer.
Read the full security posture