Basic Architecture

Trustgrid's technology is best understood as in integration of six major components that produce 5 major use cases of the system. The major components are:

Components

Cloud

  • Portal: The cloud management UI 
  • Gatekeeper: The authorization system that enables nodes to communicate after authentication and manages updates.
  • PKI: The PKI responsible for issuing and managing keys and certificates
  • API: The management API that exposes 100% of UI elements to automation
  • Repo: The APT repository that stores all firmware, OS, and Node updates. 

Edge

  • Node: The software that provides core functionality in the edge including networking, security, compute, and management features. Edge Nodes build outbound connections to Gateway Nodes.

Use Cases

  • Software Defined Networking: Create a mesh network that connects cloud applications to edge data with load balancing, clustering, and failover managed through a portal or API.
  • Edge Compute: Deploy applications to the edge to access datasets not appropriate for replication to the cloud due to security or compliance concerns, latency, or cost.
  • Device Management: Manage thousands of nodes with advanced tools to reduce the burden of operations at enterprise scale.
  • Edge API: Integrate thousands of edge datasets with a single API interface and ETL functions executing at the edge.
  • Security: Leverage Trustgrid's advanced security to protect against a wide range of threats.


Basic Architecture Diagrams


The most simple deployment of Trustgrid is represented in the image below. It demonstrates a gateway node deployed in a datacenter or cloud environment and an edge node deployed adjacent to a database. Trustgrid's cloud management systems manage both nodes. A TLS tunnel is built from the edge node to the gateway node. Data only traverses this tunnel, it never touches Trustgrid's cloud. 

Trustgrid Simple Architecture


The next diagram increases the complexity of the architecture by adding clustered gateway nodes and clustered edge nodes. In this configuration traffic is load balanced between the gateway nodes and the edge nodes on a per session basis. A Management API (see Swagger here) enables automation of everything from node provisioning to routing changes. 

The next diagram shows two deployment methods for edge nodes. In the first Trustgrid is deployed behind a firewall. In the second a hardware appliance with two ethernet ports is used to connect to WAN and LAN interfaces. This drawing also shows the differentation of the control plane from the data plane. The control plane is used exclusively for management of the nodes such as logging, configuration, authentication, etc. The data plane connects the edge datasets to the application. Trustgrid supports using a customers PKI for encryption of the data plane to provide an additional layer of privacy.