Architecture
Last updated
Last updated
The Trust1Connector Distribution Service platform (T1C-DS
) is composed of the following components
Distribution Service (DS
): A secure backend which provides the following functionality:
Manage versions, generating a registration API key necessary for new installations.
Registration of new device installations, storing the device installation's certificate during registration in order to be able to communicate securely with device installations.
Managing organisations, creating application labels and generating API keys.
Provides a dashboard, which gives an overview of devices per context (organisation, label, ...) and a management GUI.
Exchange API keys for temporary access tokens (JWT)
The DS has dependency on the Kong gateway (see below) because it dynamically creates API keys when creating new versions and organisation labels. It also depends on PostgreSQL to store device metadata such as certificates, user agents and usage.
Keycloak (IDP
): An open source Identity and Access Management software with SSO capabilities. It is only used to grant access to the DS management GUI and dashboard, and as such is a non-critical component to the platform operational flows. It provides various mechanisms to integrate with already existing identity providers out of the box, such as SSO through OpenID Connect/SAML2 or user federation with Active Directory or LDAP. It has a dependency on PostgreSQL to store it's operational data.
Kong Gateway (GTW
): An open source API gateway that handles every incoming request to the Distribution Service. The gateway secures access to the DS endpoints, validating API keys and user access tokens obtained from the IDP, preventing unauthorised access to the DS. Furthermore, if desired, the gateway can be configured to transform requests/responses, or provide rate-limiting capabilities. It has a dependency on PostgreSQL to store its operational data, but can continue operations temporarily should the database become unavailable.
The gateway can be bootstrapped by the DS, creating the necessary configuration for operation using a set of default values. If the default values do not suit your needs, e.g. you already have an existing Kong gateway with defined services/routes, a customisable Postman collection is available with the necessary requests to setup the gateway.
PostgreSQL (DB
): An open source relational database management system, used by all 3 previous components. The T1C-DS requires 3 databases in order to function:
t1c-ds
: Used by the DS
kong
: Used by the gateway
keycloak
: Used by the IDP
We recommend running PostgreSQL in a clustered, high-availability mode to prevent data loss and ensure operational capabilities.
Trust1Team has a cloud-centric approach for infrastructure, and the T1C-DS has been primarily developed to be run in high-availability (HA
) mode in container-based environments in general and Kubernetes (K8S
) more particularly. The minimum requirements below are for single instances of the components.
Size | Version | CPU | RAM | Disk (Free) | Typical Cloud Instance Sizes | Additional Requirements |
DS | 3.1.0 | 1 core | >600 MB | 1Gb** | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 | Java 14 JRE |
GTW | 2.0.4 | 1-2 cores | 2-4 GB | 1Gb | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 | Does not run on Windows |
IDP | 10.0.2 | 1 core | >512 Mb | >1Gb | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 | Java 8 SDK |
DB | 12 | 1 core | >2Gb | >512Mb*** | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 |
Size | Version | CPU | RAM | Disk (Free) | Typical Cloud Instance Sizes | Additional Requirements |
DS | 3.1.0 | 1 core | 1Gb | 1Gb** | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 | Java 14 JRE |
GTW | 2.0.4 | 1-2 cores | 2-4 GB | 1Gb | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 | Does not run on Windows |
IDP | 10.0.2 | 1 core | 1Gb | >1Gb | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 | Java 8 SDK |
DB | 12 | 1 core | >2Gb | >2Gb*** | AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2 |
|
** The required disk space for the DS depends on whether or not the installer packages are hosted on the server's file system.
*** The disk space required for the PostgreSQL depends on the number of device installations you anticipate.
These requirements can change depending on the expected load, which is highly dependent on the number of Trust1Connector installations you anticipate. For a production environment, we recommend deploying multiple load-balanced replica's of the DS, GTW and DB as these are critical components.