Synadia Control Plane

Architecture

Single Replica Mode

Single Replica Mode is the easiest way to get started with Synadia Control Plane. It includes all of the dependencies needed to get running.

Single Replica Mode Architecture

Components

  • User-Facing HTTP(S) Server
    • Auth API Server - performs Session Authentication for Web Users
    • API Server - REST API, requires Session or Access Token authentication
    • Control Plane NATS WebSocket - passes WebSocket connections to Control Plane NATS server, which requires NATS JWT authentication
  • Internal Components
    • Admin Auth API Server - used to validate Web User sessions manage users from the API Server
    • Control Plane NATS - used for Synadia Server Agent connections and to stream events to Web Users
  • Internal Databases
    • PostgreSQL - stores all Control Plane application data, secrets are encrypted using KMS key
    • Prometheus - stores all time-series monitoring data for NATS Systems

Security

Production deployments should configure a TLS Certificate on the User-Facing HTTPS Server.

Internal components and databases communicate using in-process connections or application-managed managed mutual TLS certificates that are rotated automatically every 30 days.

Ports and Interfaces

ServerInterfacePortProtocolAuthenticationDescription
User-Facing HTTP ServerAll8080HTTPSession, Bearer Token, NATS JWTRedirects to port 8443 if TLS is enabled
User-Facing HTTPS ServerAll8443HTTPSSession, Bearer Token, NATS JWTRequires TLS configuration
Control Plane NATSAll6222NATS+TLSApp-managed mTLSUsed for clustering with other Control Plane replicas
Control Plane NATSlocalhost4222NATS+TLSApp-managed mTLSOnly used internally
Control Plane NATSlocalhost8082HTTPSApp-managed mTLSOnly used internally
Admin Auth API Serverlocalhost8081HTTPSApp-managed mTLSOnly used internally
Metrics Serverlocalhost7777HTTPSApp-managed mTLSOnly used internally
Internal PostgreSQLlocalhost5432Postgres+TLSApp-managed mTLSOnly used internally
Internal Prometheuslocalhost9090HTTPSApp-managed mTLSOnly used internally

Backup / Restore Procedures

Backup

  1. Stop Synadia Control Plane to get a consistent snapshot
  2. Copy the data_dir to an external location
  3. Start Synadia Control Plane

Restore

  1. Stop Synadia Control Plane
  2. Restore the data_dir from the desired backup
  3. Start Synadia Control Plane

Highly Available (HA) Mode

HA Mode uses the same Docker Image as Single Replica mode, but requires some common configuration and external components to achieve high availability:

  1. All instances must be configured to use the same KMS Key
  2. External HTTP(S) Load Balancer
  3. External PostgreSQL Database
  4. External Prometheus Server

HA Mode Architecture

Components

Same components as Single Replica Mode with the following differences:

  • External HTTP(S) Load Balancer - load balances between Control Plane replicas
  • External Databases
    • PostgreSQL - stores all Control Plane application data, secrets are encrypted using KMS key
    • Prometheus - stores all time-series monitoring data for NATS Systems
  • Internal Databases
    • PostgreSQL - disabled, since External PostgreSQL Database is used
    • Prometheus - only buffers data long enough to remote write to the External Prometheus Database

Security

Same security model as Single Replica Mode with the following additional considerations:

Production deployments should configure TLS on all External Components

Ports and interfaces are the same as Single Replica Mode, except internal PostgreSQL is disabled

Backup / Restore Procedures

Backup

  1. Ensure that you have stored a copy of your KMS Key in a safe location
  2. Backup the external PostgreSQL Database
  3. Backup the external Prometheus Database

Restore

  1. Stop all Synadia Control Plane Replicas
  2. Ensure that the KMS Key configured matches the one used at the time of your backup
  3. Restore the external PostgreSQL Database from the desired backup
  4. Restore the external Prometheus Database from the desired backup
  5. Start all Synadia Control Plane Replicas
Previous
Overview