Introduction
The tiCrypt server consists of two major components: the tiCrypt backend and the tiCrypt VM Controller service.
The backend is installed via the Ansible playbook. See the Installation Guide for deployment instructions. This section covers post-deployment configuration only.
Backend Services
The backend uses a modular architecture of 10 independent services. Each service communicates with other services via TCP connections (Akka framework), allowing distribution across multiple servers if needed.
| Service | Description |
|---|---|
ticrypt-auth | Authentication, authorization, and user management. Supervises all other services. |
ticrypt-rest | HTTP REST API gateway. Handles client requests and validates JSON payloads. |
ticrypt-file-manager | Encrypted file and directory operations with chunked storage. |
ticrypt-storage | Low-level storage backend for the on-disk file storage directory. |
ticrypt-vm | VM lifecycle management, scheduling, cost functions, and realm coordination. |
ticrypt-proxy | Secure connection proxy between clients and running VMs. |
ticrypt-logger | Centralized logging with file and TCP output drivers. |
ticrypt-stats | System statistics and usage metrics collection. |
ticrypt-notifications | User and system notification delivery. |
ticrypt-maintenance | Automated maintenance tasks including inactive account locking. |
All service configuration files use HOCON format and are located in /etc/ticrypt/. Each service has its own file (e.g., ticrypt-auth.conf, ticrypt-vm.conf). See Service Configuration for shared sections that apply to all services.
Two services have extensive options and are documented on their own pages:
- Auth Service (ticrypt-auth): User management, sessions, MFA, key escrow, and split credentials
- VM Service (ticrypt-vm): Realms, cost functions, hardware profiles, and VM scheduling
For token-based programmatic access to the backend, see the REST API reference.
VM Controller Service
The VM Controller is a signed code delivery service implemented using Nginx. It serves flat files to running VMs and operates independently of the backend services listed above.