Architecture

The Trust1Connector Distribution Service platform (T1C-DS) is composed of the following components

Distribution Service (DS): A secure backend which provides the following functionality:
- Manage versions, generating a registration API key necessary for new installations.
- Registration of new device installations, storing the device installation's certificate during registration in order to be able to communicate securely with device installations.
- Managing organisations, creating application labels and generating API keys.
- Provides a dashboard, which gives an overview of devices per context (organisation, label, ...) and a management GUI.
- Exchange API keys for temporary access tokens (JWT)
The DS has dependency on the Kong gateway (see below) because it dynamically creates API keys when creating new versions and organisation labels. It also depends on PostgreSQL to store device metadata such as certificates, user agents and usage.
Keycloak (IDP): An open source Identity and Access Management software with SSO capabilities. It is only used to grant access to the DS management GUI and dashboard, and as such is a non-critical component to the platform operational flows. It provides various mechanisms to integrate with already existing identity providers out of the box, such as SSO through OpenID Connect/SAML2 or user federation with Active Directory or LDAP. It has a dependency on PostgreSQL to store it's operational data.
Kong Gateway (GTW): An open source API gateway that handles every incoming request to the Distribution Service. The gateway secures access to the DS endpoints, validating API keys and user access tokens obtained from the IDP, preventing unauthorised access to the DS. Furthermore, if desired, the gateway can be configured to transform requests/responses, or provide rate-limiting capabilities. It has a dependency on PostgreSQL to store its operational data, but can continue operations temporarily should the database become unavailable. The gateway can be bootstrapped by the DS, creating the necessary configuration for operation using a set of default values. If the default values do not suit your needs, e.g. you already have an existing Kong gateway with defined services/routes, a customisable Postman collection is available with the necessary requests to setup the gateway.
PostgreSQL (DB): An open source relational database management system, used by all 3 previous components. The T1C-DS requires 3 databases in order to function:
- t1c-ds: Used by the DS
- kong: Used by the gateway
- keycloak: Used by the IDP
We recommend running PostgreSQL in a clustered, high-availability mode to prevent data loss and ensure operational capabilities.

Requirements

Trust1Team has a cloud-centric approach for infrastructure, and the T1C-DS has been primarily developed to be run in high-availability (HA) mode in container-based environments in general and Kubernetes (K8S) more particularly. The minimum requirements below are for single instances of the components.

Minimum

Size

Version

CPU

RAM

Disk (Free)

Typical Cloud Instance Sizes

Additional Requirements

3.1.0

1 core

>600 MB

1Gb**

AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2

Java 14 JRE

GTW

2.0.4

1-2 cores

2-4 GB

1Gb

AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2

Does not run on Windows

IDP

10.0.2

1 core

>512 Mb

>1Gb

AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2

Java 8 SDK

1 core

>2Gb

>512Mb***

AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2

T1C-Distribution-Service v3 Guide

Architecture

Architecture

Requirements

Minimum

Recommended