Deployment Options
Deployment without Application Servers |
![]() |
Deployment with Application Servers |
![]() |
Deployment with Separate Application, Database and BI Servers |
High Availability (HA)Native, built-in high availability can be fine tuned and adapted for different scenarios |
i
|
Please check out the High Availability (HA) article for more information. |
Communications Protocol & Cypher |
|
1
|
Web interface uses HTTPS over port 443 by default. Port can be changed in settings if needed. TLSv1.2 Ciphers:
|
2
|
Agents connect to master node over HTTPS (443 by default). Same encryption settings as in #1. Also agents connect using proprietary protocol on port 10000 (if no Application Servers deployed). Encryption information for port 10000: TLSv1.2 Ciphers:
|
3
|
Master communicates with Miner nodes over multiple ports with different encryption settings. All communication between nodes should happen over private secure network. Only Master (and Application Server nodes if any) should be exposed to public. Ports Used for Miners:
|
4
|
Same ports as in #3, with addition of Elasticsearch on port 9200 (HTTPS). |
5
|
Miners communicate with Mining DB node only over 9200 port (Elasticsearch, HTTPS), access control is IP-based, i.e., Mining DB Node servers request only from Master Node or Miner Nodes. |
6
|
Application servers communicate with Master Node using the following ports: Ports Used for Application Servers:
|
7
|
Application servers receive agent connection on even ports in range 10000 - 11000, same encryption settings as in #2 for port 10000. |
Agent ↔ Server
|
Master ↔ Child Node
|
|
|
Default Encryption
End-to-End Encryption
Key Management |
|
|
|
Endpoint |
|
Server |
insert into encryption_kek(pub_datafile, priv_datafile, priv_encrypted)
NOTE: In multi-node deployments, PEM files should be distributed across all nodes. |
OCR |
Currently OCR functionality is not supported if end-to-end encryption is used. However, support might be added using the following procedure: *Support for storing and searching of encrypted textual data is on our roadmap and will be available soon. |