Merce Broadside is internally designed as a collection of interacting processes. These processes interact as a whole with the outside world through the internal (enterprise) network interfaces for input, the external (Internet-connected) network interfaces for exchange of messages with the outside world, and the administrative console.

The pre-processor processes data submitted to the Merce Broadside system and generates emails which can be processed and dispached. For instance, the pre-processor may accept a collection of PDF files, a CSV file containing a list of email messages and corresponding recipients, and tie the two together before handing over ready-formatted emails to the dispatcher.

The dispatcher enforces all the policies and rules of the Merce Broadside system, logs low-level data per message, performs some security checks, re-write some envelope and header data, and then hands each message for onward transmission to the transmitters.

The transmitters do not modify the outgoing message at all. Their job is to transmit messages over the Internet to the final recipient with the maximum performance and security. The transmitters are the only comonents of a Merce Broadside system which communicate directly with the Internet.

The administrative console provides the management interface to manage users, manage outgoing transmission, perform real-time monitoring, start and stop queues, and view reports.

Merce Broadside was designed with a few key goals in mind.

High throughput. This is the raison d'etre of Merce Broadside. At the lower end, using a single off-the-shelf Intel server, Merce Broadside must be able to deliver one million emails per day, sustained, each with a modest binary attachment payload.

Scalability. The second most important requirement was to be able to scale up volumes by adding more hardware and Internet bandwidth, reliably and securely. The scale-up must not compromise the simplicity of the administration and management interface.

A shared resource. A Merce Broadside system should be easy to share among independent groups or departments, without the actions of one group affecting others. Only if a large Merce Broadside system is sharable securely will the investment in such a system be justified. In many organisations or government departments, the different mass messaging applications have independent calendars and usually require these services in short and very intense bursts, thus making a single shared resource the most practical. Access rights should be assignable to different groups to allow them high freedom to manage their own applications without being able to destabilise the overall system or gain control of other applications.

Security at all levels. A mass messaging system has unusual, multi-tiered security requirements. A Merce Broadside system needs to be secure in the same way in which any device connected to the Internet needs to be secure. In addition, a mass messaging system needs to support security measures and policy enforcement to ensure that inadvertent or malicious use of the system does not impacts its ability to function as a source of large volumes of legitimate emails. Today, any source of large volumes of email on the Internet is scrutinised closely by recipients, and even accidents may dramatically reduce the credibility of a Merce Broadside system. Therefore, preventing such accidents is an important design goal. In some senses this multi-tiered security challenge for a mass messaging system is akin to the security threats of an armoury or ammunition storage magazine --- security must protect against intruders as well as accidental explosions.

Auditability. Email communication has come under scrutiny from a variety of angles today as part of tightening standards of corporate governance. Therefore, any system designed to send out millions of emails per day must have unambiguous and detailed logs and archives to allow post facto audit of all activities and data flow.

Self-healing design. A Merce Broadside system is expected to be kept in operation 24x7 by its larger customers when a batch of messages is in transit. During such periods, any instability due to internal or external reasons must be detected automatically by the system and reported to administrators. The defective component must be bypassed automatically or even corrected automatically wherever possible. A lot of innovative design decisions have contributed to this goal.

The current architecture has succeeded in addressing these ambitious design goals to a great extent. Merce Technologies is committed to fine-tuning the design and implementation to deliver continuous improvements in these areas, in its quest to make its products the gold standards of their respective areas.

A Merce Broadside system can installed on a single server or on an array of servers, controlled from a single administrative console.

An entry-level Merce Broadside installation can run on a single server with two processors and local hard disks. Merce Broadside partitions this physical server into multiple virtual machines, each working independently. This allows high performance pre-processing and transmission of messages in dozens of parallel streams from a single physical server, and also provides excellent isolation of the components from each other, enhancing overall stability. Such entry-level installations have been measured to saturate 4-Mbits/sec Internet links, sustained, and can easily transmit more than 1 million emails per day, each with a PDF attachment payload.

A large Merce Broadside installation can extend over dozens of physical servers, connected using a Gigabit Ethernet backplane or core switch for inter-process communication and data flow. Such an installation can have a set of transmitter processes on each physical server, thus running hundreds of transmitter processes on dozens of physical servers in parallel, saturating a 100-Mbits/sec Internet link, sustained. Such installations will have multiple parallel dispatcher and pre-processor processes, each running on their own hardware. All these diverse components can be controlled, monitored, and started or stopped from one central administrative console. All data from all these components is logged into one central database with one message log.

Designed for scalability. Inter-process communication among the different processes in Merce Broadside is over TCP/IP, thus allowing scaling up of a system to a cluster of servers. Shared disk files and network file systems are not used in any of the high-speed data paths, thus eliminating some bottlenecks for scalability. The dispatcher(s) and transmitters do not require large local disks, therefore are easy to operate as a scalable array. As per our best practices guidelines, even small bulk-mail applications use at least five separate transmitter processes to ensure that a few slow or unreliable remote servers do not slow down the overall mail flow. The management and monitoring of even the largest Merce Broadside systems can be done with just one administrator sitting at the administration console.

Licensed for scalability. Merce Broadside is licensed per pair of CPU sockets. A smaller installation can use one dual-socket Intel server with local disks, and pay the minimum licence fees for Merce Broadside. Large instalations can have a rack of servers or a blade chassis with 12-16 blades booting off a shared SAN back-end and working in concert to deliver global-outreach throughput levels, for a higher licence fee. And a customer's investment in a smaller Merce Broadside licence fee is fully protected when scaling up to additional servers -- only the difference in licence fees is payable.