One can say that Enterprise Bridge itself does not have any architecture at all. It is just singular application built entirely on Microsoft© .NET Framework and executed by authorized user of Microsoft© Windows. Enterprise Bridge does not use any third party components, such as databases of cloud services for its operation.
Machine where Enterprise Bridge is installed is considered as a migration server, which connects to the data and transfers these data. Proper protection of migration server is crucially important.
Due to singular structure and local execution context, Enterprise Bridge does not have and does not need any protection on application level. It simply cannot be accessed or executed remotely.
Enterprise Bridge entirely relies on data protection of the OS itself. It makes security management very simple and straightforward. Microsoft© Windows system where Enterprise Bridge runs should be secured and well-guarded corporate system excluding any possibility of unauthorized access or malware code execution on it.
This is achieved by following best security practices advised by Microsoft© including regular OS updates and security patches, residential malware protection in real time and elimination of any unnecessary applications and components. Ideally, migration server must run Enterprise Bridge and no other applications or services.
Equally important is restricted access to migration server. If it is a physical computer, it should reside on secured premise restricting any unauthorized access to computer, except for personnel, which runs data transformation project. It is optimal to minimize a number of persons who have authorized access to migration server.
If migration server runs in cloud, all measures must be taken to protect cloud instance from external access by unauthorized persons. It can include secure login, various network shields, software and hardware firewalls and other security measures.