Xiid Geoclusters
Xiid Geoclusters are the backbone of Xiid's platform. They are the magic that allows for high-availability and lightning-fast network connections from anywhere in the world. The Connector architecture has been greatly enhanced through the addition of the Geonode Service to provide a significant number of new features and stronger security to the entire platform.
Geocluster Purpose
Geoclusters define which Connectors are available within the Xiid platform.
Xiid's platform can be self-hosted or hosted by Xiid. For example, Xiid's Software-as-a-Service (SaaS) offering includes multiple clusters of Connector nodes deployed across a wide range of geographic locations.
The Geonode Service provides the communication between Connector nodes and ensures that all of their databases stay in sync with one another. Since the Geonode Service acts as the Data Access Layer (DAL) for the Connector Service, all read and write operations can be federated out to other Geocluster nodes in the environment, ensuring that all nodes have up-to-date information regardless of which node the STLinks, Commanders and Connector Portals are connected to.
Masterless Nodes and Databases
Xiid Geoclusters are designed to be resilient with no downtime in the event that a Geocluster node goes down. To accomplish this task, a masterless distributed compute paradigm is necessary to eliminate the downtime of elections.
Xiid designed a custom protocol, based on W-Paxos, to eliminate master nodes and allow for fast, distributed updates across the Geocluster nodes.
Smart Geographic Routing
When the Xiid STLink software first starts up, it sends requests to every Connector node in the Geocluster to determine which Connector has the fastest response time. The STLink then asks the Connector nodes how many STLinks are connected to them.
Based on this information, the STLink will establish its connections with the fastest Connector. This means that two STLinks, which may need to establish SealedTunnels between each other must be able to communicate across Connectors. Xiid Connectors establish connections between one another in order to exchange the STLink's connection data back and forth.
Therefore, SealedTunnel connections are guaranteed to use the fastest - and geographically closest - connection path.
Xiid SSL Certificates
Xiid hosts its own Certificate Authority under the CA/Browser Forum Baseline Requirements (BRs) standards.
Xiid's Certificate Authority provides its own signed SSL Certificates called an Xiid Certificate.
These certificates have additional data embedded within the certificate which is used by all of the Connector and Geonode Services. The additional data includes public keys for the other Connector and Geonode Services in the Geocluster, which is used in an additional layer of encryption for security.
Xiid generally hosts the Certificate Authority and requests for new Connector Certificates must go through Xiid, however in future releases, the Certificate Authority may be self-hosted as well in special circumstances.
The CA/Browser Forum is a voluntary consortium of Certificate Authorities and major browser vendors that create and maintain the Baseline Requirements. These requirements define technical, operational, and auditing rules that every CA must follow to have their certificates trusted by the members' root stores. While Xiid follows the same strict rules set by the CA/Browser Forum, we are not part of the official CA/Browser Forum consortium. Although the consortium requires that Certificate Authorities issue public certificates, Xiid will only ever issue certificates for Xiid components. Regardless, Xiid has elected to follow the CA/Browser Forum's Baseline Requirements to ensure the highest levels of security and safety.