Architecture

Architecture

Component Diagram
The Trust1Connector Distribution Service platform (T1C-DS) is composed of the following components
    Distribution Service (DS): A secure backend which provides the following functionality:
      Manage versions, generating a registration API key necessary for new installations.
      Registration of new device installations, storing the device installation's certificate during registration in order to be able to communicate securely with device installations.
      Managing organisations, creating application labels and generating API keys.
      Provides a dashboard, which gives an overview of devices per context (organisation, label, ...) and a management GUI.
      Exchange API keys for temporary access tokens (JWT)
    The DS has dependency on the Kong gateway (see below) because it dynamically creates API keys when creating new versions and organisation labels. It also depends on PostgreSQL to store device metadata such as certificates, user agents and usage.
    Keycloak (IDP): An open source Identity and Access Management software with SSO capabilities. It is only used to grant access to the DS management GUI and dashboard, and as such is a non-critical component to the platform operational flows. It provides various mechanisms to integrate with already existing identity providers out of the box, such as SSO through OpenID Connect/SAML2 or user federation with Active Directory or LDAP. It has a dependency on PostgreSQL to store it's operational data.
    Kong Gateway (GTW): An open source API gateway that handles every incoming request to the Distribution Service. The gateway secures access to the DS endpoints, validating API keys and user access tokens obtained from the IDP, preventing unauthorised access to the DS. Furthermore, if desired, the gateway can be configured to transform requests/responses, or provide rate-limiting capabilities. It has a dependency on PostgreSQL to store its operational data, but can continue operations temporarily should the database become unavailable. The gateway can be bootstrapped by the DS, creating the necessary configuration for operation using a set of default values. If the default values do not suit your needs, e.g. you already have an existing Kong gateway with defined services/routes, a customisable Postman collection is available with the necessary requests to setup the gateway.
    PostgreSQL (DB): An open source relational database management system, used by all 3 previous components. The T1C-DS requires 3 databases in order to function:
      t1c-ds: Used by the DS
      kong: Used by the gateway
      keycloak: Used by the IDP
    We recommend running PostgreSQL in a clustered, high-availability mode to prevent data loss and ensure operational capabilities.

Requirements

Trust1Team has a cloud-centric approach for infrastructure, and the T1C-DS has been primarily developed to be run in high-availability (HA) mode in container-based environments in general and Kubernetes (K8S) more particularly. The minimum requirements below are for single instances of the components.

Minimum

Size
Version
CPU
RAM
Disk (Free)
Typical Cloud Instance Sizes
Additional Requirements
DS
3.1.0
1 core
>600 MB
1Gb**
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
Java 14 JRE
GTW
2.0.4
1-2 cores
2-4 GB
1Gb
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
Does not run on Windows
IDP
10.0.2
1 core
>512 Mb
>1Gb
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
Java 8 SDK
DB
12
1 core
>2Gb
>512Mb***
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
Size
Version
CPU
RAM
Disk (Free)
Typical Cloud Instance Sizes
Additional Requirements
DS
3.1.0
1 core
1Gb
1Gb**
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
Java 14 JRE
GTW
2.0.4
1-2 cores
2-4 GB
1Gb
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
Does not run on Windows
IDP
10.0.2
1 core
1Gb
>1Gb
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
Java 8 SDK
DB
12
1 core
>2Gb
>2Gb***
AWS: t3.medium GCP: n1-standard-1 Azure: Standard A1 v2
** The required disk space for the DS depends on whether or not the installer packages are hosted on the server's file system.
*** The disk space required for the PostgreSQL depends on the number of device installations you anticipate.
These requirements can change depending on the expected load, which is highly dependent on the number of Trust1Connector installations you anticipate. For a production environment, we recommend deploying multiple load-balanced replica's of the DS, GTW and DB as these are critical components.
Last modified 1yr ago