PlainID Deployment Architecture

Deployment options and component definitions

Deployment Options

Standalone Deployment with local Redis
Deployment with Managed Redis
Kubernetes Deployment

Deployment Architecture Diagram

Definitions

Policy Administration Point (PAP)

Central management console where authorization policies are created, edited, and managed. Provides the interface for administrators to define access control rules.

Policy Authorization Agent (PAA)

Local agent deployed in customer environment that communicates with PlainID SaaS platform and enforces authorization decisions.

Policy Enforcement Point (PEP)

Applications and authorizers that intercept access requests and enforce authorization decisions based on policies.

Policy Decision Point (PDP)

Engine that evaluates authorization requests against defined policies and returns access decisions.

Policy Information Point (PIP Operator)

Retrieves additional attribute information needed for policy evaluation from external sources.

PlainID Store

Redis-based data store maintaining policy data, session information, and caching for high-performance operations.

Communication Tunnel

Secure, encrypted connection between PlainID SaaS Platform and customer environments. Operates over Socket 443 (HTTPS) for secure, bidirectional communication through firewalls.

Horizontal Pod Autoscaler (HPA)

Kubernetes component that automatically scales pods based on observed metrics.

Namespace

Kubernetes virtual cluster providing isolation and organization for resources.

Pod

Smallest deployable unit in Kubernetes containing one or more containers.

Deployment

Kubernetes resource managing desired state of application pods, handling updates and scaling.

Service

Kubernetes abstraction defining a logical set of pods with stable network endpoints.

Ingress

Manages external access to services, providing load balancing and SSL termination.

Load Balancer

Distributes incoming traffic across multiple PAA instances for high availability.

Managed Redis

Cloud-provided Redis service offering managed PlainID Store with built-in high availability.

Agent Server

Core PAA component handling policy evaluation requests and managing platform connections.