High Level Platform Architecture

This page explains ACRA’s deployment model and how responsibilities are split across platform layers.

Platform layers and boundaries

ACRA is described as four layers. Each layer has a clear job and a clear boundary.

• ACRA control plane: The services that create and manage enclaves and deployments. This includes permissions, secrets, updates, version visibility, and status reporting.
• ACRA enclaves: Isolated runtime environments for secure applications. Enclaves enforce ingress/egress controls, resource limits, networking policies and authentication and authorization.
• ACRA system and infrastructure: The virtual infrastructure layer that enclaves run on. ACRA manages networking, storage, secret and key management, workload scheduling, vulnerability scanning, and policy enforcement. This layer provides hardening, baseline monitoring, and resilience for platform-managed components.
• Applications inside enclaves: The workloads running inside an enclave. These workloads implement business logic and emit logs, metrics, and audit data.

Enclave lifecycle (control‑plane managed)

The control plane manages the enclave lifecycle and exposes it to operators:

• Declaration: Define users/roles, the apps and services to run, and enclave options. Keep declarations easy to view and copy so you can create similar enclaves reliably.
• Delete: Hard delete is not assumed by default. Only delete when there is a clear business and policy requirement.
• Launch: Provision and start an enclave from its declaration.
• Update: Change app versions, add or remove services, and update users/roles (subject to permissions).

Operational Visibility and Validation

ACRA is designed so operators can verify system health and roll out changes safely without accessing enclave workloads or data.

• Deployment Validation: Each deployment is automatically validated after rollout. Checks are executed, results are recorded as pass or fail, and any failures are linked directly to relevant logs and signals.
• Environment Health: Operators are provided with real-time visibility into system health, including status indicators and alerts. Core metrics such as resource usage, error rates, and request failures are continuously monitored.
• Issue Reporting and Severity: Operational issues are captured with contextual information and supporting logs. A shared severity model is used to clearly communicate impact, urgency, and operational risk.
• System Behaviour Checks: Key workflows and performance indicators are continuously evaluated. Deviations from expected behaviour trigger alerts, allowing operators to detect regressions or emerging issues early.
• Update Readiness: Pre-deployment tests are run through ArgoCD before updates are applied. If required checks fail, updates are automatically blocked to prevent unsafe changes from reaching production environments.

Platform Management Architecture (Maintainer View)

This section describes how platform maintainers operate and manage an ACRA deployment without accessing enclave workloads or data.

Infrastructure Services

Infrastructure services provide the hardened foundation that the ACRA platform runs on. These services handle core system concerns including identity, networking, storage, observability, and system health.

ACRA uses established, production-grade components, including:

• Kubernetes for orchestration
• Ceph for encrypted data and object storage
• Cillium controls and observes L4 network connections using IPs, ports, and protocols
• Istio controls and observes L7 application traffic (TLS), and identity management
• OpenBao provides secret and key management services for credential handling
• Trivy is used for vulnerability scanning
• Prometheus, Loki and Opentelemetry enables observability
• ArgoCD for application deployment

These services are shared platform capabilities and are not directly accessible by enclave workloads.

Authentication and Access

Platform maintainers authenticate through a dedicated identity provider boundary before performing any administrative action.

Access is role-based, explicitly granted, and fully audited. Maintainers can manage platform resources without visibility into enclave data or application logic.

Platform Services

Platform services manage the lifecycle and visibility of enclaves and applications on top of the infrastructure layer.