This playbook condenses field lessons for designing and running Big Data platforms at scale. It focuses on decisions a CTO and lead architect must get right the first time: reference architectures, storage and format choices, network/SLO design, security-by-default, and cost control. Throughout, we map options to Unihost capabilities (compute, storage tiers, high-bandwidth fabric, managed colocation) so you can move from decision to delivery quickly.

Reference Architectures

1) Real‑Time Analytics (stream-first)

Ingest: Kafka (3+ brokers), schema registry, REST/gRPC gateways.
Process: Flink (low-latency), Spark Structured Streaming for micro-batch.
Storage: Lakehouse (S3-compatible object storage) with Delta/Iceberg/Hudi.
Serve: Presto/Trino, ClickHouse for sub-second OLAP; API via FastAPI.
Unihost fit: Bare‑metal with NVMe for Kafka/Flink state, 25/100 GbE spine‑leaf, S3-compatible clusters, optional GPU for inference.

2) Batch Lakehouse (ETL/ELT at scale)

Ingest: batch loaders (Airbyte/Fivetran), change data capture (Debezium).
Process: Spark on k8s/YARN; Airflow/Argo for orchestration.
Storage: Object store as the source of truth; catalogs (Glue/Hive) and table formats (Iceberg/Delta).
Serve: Trino/Presto/Impala; BI tools via JDBC.
Unihost fit: Dense CPU nodes, disaggregated storage, per-tenant VLANs, managed snapshots.

3) IoT/Telemetry (edge → core)

Edge: lightweight collectors (MQTT), local buffering.
Stream: Kafka with tiered storage; Flink windows/CEP.
Time Series: TimescaleDB/ClickHouse for rollups; cold data in object storage.
Unihost fit: Edge colocation, regional POPs, private transport to core DCs.

4) ML Feature Store (offline/online)

Offline: Spark on lakehouse to build features; catalog with lineage.
Online: low‑latency store (Redis/Cassandra/Scylla); model serving (Triton/TF Serving).
Sync: materialization jobs to keep offline/online parity.
Unihost fit: GPU pools, fast NVMe, segregated networks for training/serving.

5) Regulated Data (PII/PHI/PCI)

Zoning: landing/raw/curated/trusted; tokenization at ingress.
Controls: row/column‑level security, KMS/HSM, audit immutability (WORM).
Unihost fit: Dedicated cages, data‑residency pinning, encrypted backups, compliance attestations on request.

Decision Trees

Storage layer

HDFS when: on‑prem heavy batch, high sequential throughput, stable cluster size, cheap local disks.
S3‑compatible object storage when: elastic growth, multi‑tenant, lakehouse (Iceberg/Delta/Hudi), cross‑AZ replication, cost transparency.
Hybrid: HDFS for hot shuffle + object store for durable truth.

File formats

Parquet/ORC for analytics (columnar, predicate pushdown, vectorization).
Avro/JSON for interchange/streams; keep schemas in registry.

Table formats

Iceberg for long‑running tables with schema evolution, hidden partitioning, and time travel.
Delta Lake for Spark‑centric stacks and simple upserts/ACID.
Hudi for streaming upserts and incremental pulls.

Orchestration

Airflow for heterogeneous estates and human workflows.
Argo/Kubeflow for k8s‑native CI/ML pipelines.
Unihost can provision both; pick the one your team will actually operate.

Network & SLO

Targets

Intra‑rack: sub‑5 µs; cross‑leaf: p95 < 150 µs; north–south to object store: p95 < 2 ms.
Shuffle‑heavy Spark: sustain 30–60 Gbps per node without drops during merges.

Design

Spine‑leaf with 25/100 GbE, ECMP, jumbo frames (9000), DCB where needed.
Separate planes: data, management, replication. Private VLANs per team/product.
Broker adjacency: place Kafka/Flink close to compute and NVMe.

Unihost angle

We deliver non‑blocking fabrics, NIC bonding, QoS, and cross‑DC private links; architects get measured p95/p99 dashboards during PoC.

Security by Design

Zoning & least privilege: landing/raw/curated/trusted with separate IAM roles.
Encryption: TLS everywhere; at‑rest via server‑side keys (SSE‑KMS) or client‑side; envelope encryption for PII.
Secrets/KMS: central KMS/HSM, auto‑rotation; never store keys in notebooks/ETL repos.
Row/column controls: Ranger/Lake Formation/Iceberg row‑filters; tokenization for sensitive attributes.
Audit & lineage: immutable logs (WORM), OpenLineage/Marquez integration.
Unihost: dedicated HSM-backed KMS options, signed boot, disk wipe policies, compliance support (GDPR/HIPAA‑ready footprints).

Sizing & Economics

Right‑sizing rules of thumb

Storage: raw→columnar compaction (~3–6× reduction with Parquet+ZSTD). Plan 30–50% headroom.
Compute: aim for 50–70% sustained CPU on batch nodes, 40–60% on stream to keep latency SLOs.
Memory: Spark executors 6–8× over core count (GB) for IO‑heavy joins; prefer fewer, larger files (512 MB–1 GB).

Cost levers

Choose object storage for durability; keep hot shuffle on NVMe; auto‑compact small files nightly.
Spot/preemptible nodes for non‑critical batch; reserved pools for steady jobs.
Tiering: hot (NVMe) → warm (object) → cold (archive). TTL policies per table/namespace.

Unihost value

Transparent pricing per TB and per Gbps, reserved bundles, and advisory reviews that map workload metrics to node types before you commit.

Operations

IaC: Terraform + Ansible/ArgoCD; environments as code with change windows.
Deploy patterns: blue‑green/rolling for catalogs and query engines; canary Spark/Flink versions.
Backups/DR: table‑format snapshots + object‑store versioning; periodic restore drills.
Patching: monthly for OS/JVM; urgent for CVEs. Maintenance windows aligned to job calendars.
Unihost: runbooks, 24/7 NOC, and optional managed SRE for clusters we host or colocate.

Observability & KPIs

SLOs: query p95 latency, stream end‑to‑end lag, job success rate, data freshness, schema drift rate.
Infra: CPU/mem/IOPS per node, network p95/p99, GC pauses.
Data quality: null/dup rates, constraint violations, anomaly scores.
Cost: $/TB‑month (by tier), $/query, $/successful job; alert on cost anomalies.
Unihost provides per‑tenant dashboards and export to your SIEM/BI.

Migration & Pitfalls

Lift‑and‑shift to object storage; refactor ETL to ELT gradually.
Dual‑write during cutover; validate with data‑diff tools (Deequ/Great Expectations).
Avoid small‑file storms; add compaction from day 1.
Don’t over‑optimize JVM flags before fixing format/partition issues.
Unihost solution architects run PoCs with synthetic and real workloads to validate KPIs before scale‑out.

Checklists

Readiness

Defined SLOs, data zones, IAM model, table formats, naming conventions, retention.
Network validated (p95/p99), jumbo frames, QoS classes.

Go‑Live

Backups enabled and tested, lineage catalog online, dashboards green for 7 days.
Capacity headroom ≥ 30%, autoscaling policies set, runbooks approved.

RPO/RTO documented; restore tested this quarter; cross‑region replication verified.

Conclusion

Big Data success is architectural. Make format and storage choices that keep your options open, design the network to your SLOs, bake in security, and treat cost as a first‑class metric. With Unihost’s high‑bandwidth fabrics, NVMe‑dense nodes, S3‑compatible storage and hands‑on architecture support, you can move from whiteboard to production with confidence – and scale as your data universe expands.

Appendix

KPI set: query p95/p99, freshness SLA, cost per successful job, failure MTTR, schema‑drift incidents per week.
FAQ: HDFS vs S3? Use S3‑compatible for durability/elasticity; keep HDFS for hot shuffle. Delta vs Iceberg? Pick Iceberg for multi‑engine, Delta for Spark‑heavy shops. Do I need GPUs? Only for training/inference or accelerated SQL (e.g., HeavyAI). How many brokers? Start with 3; scale with partitions and throughput.
Unihost note: we run sizing workshops, share anonymized benchmarks, and co‑design PoCs before production.

Scaling the Data Universe: Big Data Hosting – Architectural Playbook for CTOs