Synadia Platform


Synadia Control Plane Architecture


  • Synadia Control Plane
    • HTTP(S) Server - Control Plane API and UI
    • Control Plane NATS Server - used for Synadia Private Link connections and to stream events to Web Users
  • Databases
    • PostgreSQL - stores all Control Plane application data, secrets are encrypted using KMS key
    • Prometheus - stores all time-series monitoring data for NATS Systems
    • Both PostgreSQL and Prometheus will run embedded by default in Single Replica Mode, but must be externally hosted and managed in HA Mode
  • Optional Components
    • HTTP(s) Load Balancer - used to load balance between Control Plane replicas (required for HA Mode)
    • SSO Provider - used to authenticate users, supports all OIDC providers including Okta, Google, and Microsoft AAD
    • KMS Service - used to encrypt secrets stored in Control Plane, supports AWS KMS, Azure KeyVault, Google KMS, and HashiCorp Vault
    • Synadia Private Link - connects NATS Servers behind a firewall to Control Plane


Production deployments should configure a TLS Certificate on the User-Facing HTTPS Server.

Internal components and databases communicate using in-process connections or application-managed managed mutual TLS certificates that are rotated automatically every 30 days.

Ports and Interfaces

HTTP ServerAll8080HTTPSession, Bearer Token, NATS JWTRedirects to port 8443 if TLS is enabled
HTTPS ServerAll8443HTTPSSession, Bearer Token, NATS JWTRequires TLS configuration
Control Plane NATSAll6222NATS+TLSApp-managed mTLSUsed for clustering with other Control Plane replicas
Control Plane NATSlocalhost4222NATS+TLSApp-managed mTLSOnly used internally
Control Plane NATSlocalhost8082HTTPSApp-managed mTLSOnly used internally
Internal Auth Serverlocalhost8081HTTPSApp-managed mTLSOnly used internally
Internal Metrics Serverlocalhost7777HTTPSApp-managed mTLSOnly used internally
Internal PostgreSQLlocalhost5432Postgres+TLSApp-managed mTLSOnly used internally
Internal Prometheuslocalhost9090HTTPSApp-managed mTLSOnly used internally

Backup / Restore Procedures

Single Replica Mode


  1. Stop Synadia Control Plane to get a consistent snapshot
  2. Copy the data_dir to an external location
  3. Start Synadia Control Plane


  1. Stop Synadia Control Plane
  2. Restore the data_dir from the desired backup
  3. Start Synadia Control Plane

HA Mode uses the same Docker Image as Single Replica mode, but requires some common configuration and external components to achieve high availability:

  1. All instances must be configured to use the same KMS Key
  2. External HTTP(S) Load Balancer
  3. External PostgreSQL Database
  4. External Prometheus Server

Highly Available (HA) Mode


  1. Ensure that you have stored a copy of your KMS Key in a safe location
  2. Backup the external PostgreSQL Database
  3. Backup the external Prometheus Database


  1. Stop all Synadia Control Plane Replicas
  2. Ensure that the KMS Key configured matches the one used at the time of your backup
  3. Restore the external PostgreSQL Database from the desired backup
  4. Restore the external Prometheus Database from the desired backup
  5. Start all Synadia Control Plane Replicas
Control Plane