Appearance
Core Concepts
This section explains the foundational architecture and operational model of the ACRA platform. It introduces the components that define how workloads are isolated, how access is controlled, how applications are deployed, and how the platform is operated.
ACRA is built around a small set of architectural primitives. These concepts define how the system enforces isolation, manages lifecycle operations, and governs trust boundaries between infrastructure, platform services, and application workloads.
Documentation Context
These pages explain the structural model of the platform. They describe the architecture used to enforce isolation, lifecycle governance, and trust boundaries across ACRA deployments.
Platform Model
| Layer | Role |
|---|---|
| Control Plane | Manages enclave lifecycle, permissions, configuration, and deployment state |
| Enclaves | Execute application workloads under enforced isolation |
| Platform Services | Provide identity, logging, monitoring, and operational services |
| System and Infrastructure | Provide compute, networking, and storage |
Applications execute inside enclaves and inherit platform-enforced controls including identity enforcement, encryption, and network policy.
Concepts Covered in This Section
ACRA Enclaves
Defines the secure execution environments where applications run.
This page explains enclave isolation boundaries, threat model assumptions, and how ingress, egress, and communication are controlled.
ACRA Roles & Access Management
Explains how users and operators interact with the platform.
This includes role definitions, access boundaries, and how permissions are enforced across the platform and within enclaves.
Lifecycle & Ops
Describes how enclaves and applications are created, configured, updated, and deleted.
This page also clarifies operational responsibility boundaries between platform maintainers, enclave members, developers, and infrastructure operators.
ACRA Platform Layers
Explains the layered architecture of ACRA and how responsibilities are separated between the control plane, enclave runtime environments, underlying infrastructure, and applications.
Custom Applications in ACRA
Defines what constitutes an application in ACRA, how application identity is assigned, how trust boundaries are enforced, and how applications are registered and deployed within enclaves.
Summary
Together, these concepts define the structural model of the platform and provide the context required to understand how ACRA enforces security, isolation, and operational control across deployments.