The OneCloud reference architecture uses a OneCloud GroundRunner, and all interfaces, interactions, and data flow is through that GroundRunner. With this architecture no client data flows through OneCloud's cloud.
Users securely interface with the OneCloud service over the HTTPS (TLS 1.2) protocol via web and mobile-enabled devices. Running within the OneCloud host is the primary OneCloud service, an AES-enabled database that securely houses the application metadata as well as a queue to manage communication and task execution on remote OneCloud service agents (GroundRunners). While agents are external, they are controlled by the OneCloud host to execute discrete tasks that make up a workflow chain.
In summary, the OneCloud architecture has the following key components (see diagram below):
The secure browser-based end-user interface to build, run, and administer integrations.
The central OneCloud multi-tenant cloud service hosted in Amazon Web Services (AWS).
Remote execution agents for interfacing with cloud and on-premises applications.
Read the OneCloud Security Architecture white paper to learn more.