Unifyia Platform Multiserver Deployment
Unifyia platform can be deployed as a self-managed solution in either a cloud or on-premises environment using a multiserver deployment approach. In this deployment model, the Unifyia platform requires four servers, one each for database, authentication, certificate authentication, and application, to be deployed for its identity and access management operations. The servers form the foundation that ensures the platform functions seamlessly. A multiserver deployment involves distributing various components of the application across multiple servers to optimize resource utilization and improve reliability. This ensures high availability, scalability, and flexibility while allowing organizations to maintain full control over infrastructure, security, and compliance.
This page provides you a brief understanding of the multiserver deployment on cloud and on-premises to enable you to choose a deployment approach suitable for your organization. For more information, contact our team.
Refer to the Unifyia platform Cloud and On-premises architecture diagrams to get a brief understanding of how the various servers and microservices are integrated as a comprehensive solution for future-proof, agile identity and access management solution.
List of Servers
The following are the list of servers that are to be deployed as a apart of the cloud or on-premises, multiserver deployment approach.
- Database Server: A centralized database used to store user, device, and credentials information. It also allows users and applications to centrally access the data across the network.
- Authentication Server: A server used for authentication and verification of users and their issued identities.
- Certificate Authentication Server: A server used for the authentication of certificates to enable certificate-based login.
- Application Server: A server to host the various microservices as listed in the table below.
| Microservice | Description |
|---|---|
| CMS | The Credential Management Service manages the identities/credentials issued to the users. |
| API Gateway Service | This service allows third-party or client applications to integrate with the platform. For example, Unifyia ID Wallet interfaces with the platform for the issuance and management of digital identities using the API gateway service. |
| Certificate Authority Service | This service allows interfacing with the certificate authorities. |
| Gateway Service | This service allows interfacing with all the other microservices in the application server. |
| Notification Service | Manages the notification services - emails and SMS. |
| Reports Management Service | Manages the predefined report templates. Allows customized report generation. |
| User Management Service | Manages the users and various configurations required for the identity and access management orchestration. |
| Consul Service | This is a registry for service name to IP mapping. The service-to-service requests are managed by the consul service. |
Key Deployment Features
- Multiserver Architecture – Separates application components across multiple servers for improved performance and fault tolerance.
- Flexible Hosting – Supports deployment on cloud providers (AWS) or on-premises data centers.
- Scalability & Load Balancing – Designed to handle increasing workloads with horizontal scaling and traffic distribution.
- Security & Compliance – Enables organizations to implement their own security policies, network segmentation, and access controls.
- Automation & CI/CD Support – Compatible with modern DevOps workflows and containerization (Docker, Kubernetes).
Unifyia Platform Architecture
Cloud Architecture
On-Premises Architecture
Cloud Deployment Specifications
The following are the prerequisites for the cloud deployment:
- Install the required softwares.
- Create EC2 instances for the required servers with proper firewall (security groups) inbound rules to open the required ports internally in the network for the services to communicate with each other.
- Add the required DNS records in Route 53 or your domain.
- A full certificate chain and private key certificates are required to establish a chain of trust.
EC2 Instances
EC2 instances are virtual servers in the cloud environment. To complete the Unifyia platform deployment, you need to create EC2 instances, one for each of the below-listed servers. The required specifications for the servers is listed in the
- Open VPN
- DB Server (PostgreSQL)
- Authentication Server
- Certificate Authentication Server
- Application Server
- Nginx Server
Server Specifications
The required server specifications are listed in the below table:
| Server Name | Instance Type | Subnet | Configure Storage |
|---|---|---|---|
|
Open VPN |
t2.micro |
Public |
8 GiB |
|
DB Server (PostgreSQL) |
t2.large |
Private |
50 GiB |
|
Authentication Server |
t2.large |
Public |
50 GiB |
|
Certificate Authentication Server |
t2.large |
Public |
50 GiB |
|
Application Server |
t2.2xlarge |
Private |
100 GiB |
|
Nginx Server |
t2.micro |
Public |
8 GiB |
On-Premises Deployment
The following are the prerequisites for the on-premises deployment:
- Install the required softwares.
- Require four servers one each for database, authentication, certificate authentication, and application.
- Required ports to be available internally in the network for the servers and services to communicate with each other.
- Add the required DNS records of your servers in your local Windows machine host file.
- A full certificate chain and private key certificates are required to establish a chain of trust.
Server Specifications
The required servers - database, authentication, certificate authentication, and application server are to be deployed on four virtual machines. The minimum and Unifyia-recommended hardware specifications are provided in the below table.
| Minimum Requirements | Unifyia Recommended Requirements |
|---|---|
|
Database Server: RAM: 8 GB HDD: 50 GB |
Database Server: RAM: 32 GB HDD: 50 GB |
|
Authentication Server: RAM: 8 GB HDD: 30 GB |
Authentication Server: RAM: 16 GB HDD: 50 GB |
|
Certificate Authentication Server: RAM: 8 GB HDD: 30 GB |
Certificate Authentication Server: RAM: 16 GB HDD: 50 GB |
|
Application Server: RAM: 32 GB HDD: 100 GB |
Application Server: RAM: 64 GB HDD: 150 GB |
Softwares
The following table lists the supported operating systems and the software packages required for the deployment:
| Requirement | Software Flavors/Versions |
|---|---|
| Open JDK Java | Version 21 |
| Operating Systems | AWS Linux 2, RHEL v8+, Rocky Linux v8+, Ubuntu v22.04, Ubuntu v24.04, and CentOS Stream |
| Database | PostgreSQL |
| Docker | Latest Version |
| Docker Compose | Latest Version |
| jq | Latest Version |
| cURL packages | Latest Version |