Deployment Model
How Stratos Vault instances are deployed and operated.
Overview
Stratos Vault uses a serverless edge architecture built on Cloudflare's global network. This provides enterprise-grade reliability without infrastructure management overhead.
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Cloudflare Global Network │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Americas │ │ Europe │ │ Asia │ ... │
│ │ Edge │ │ Edge │ │ Edge │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │
│ └───────────────┴───────────────┘ │
│ │ │
│ ┌────────────────────▼────────────────────┐ │
│ │ Your Stratos Vault Instance │ │
│ │ ┌──────────────┐ ┌──────────────────┐ │ │
│ │ │ Static Assets│ │ Pages Functions │ │ │
│ │ │ (React) │ │ (API Logic) │ │ │
│ │ └──────────────┘ └──────────────────┘ │ │
│ │ ┌──────────────────────────────────────┤ │
│ │ │ D1 Database │ │
│ │ │ (Users, Sessions, Config) │ │
│ │ └──────────────────────────────────────┘ │
│ └─────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘Key Components
Cloudflare Pages
Static assets and API functions deployed to edge:
| Component | Purpose |
|---|---|
| Static Assets | React frontend, CSS, images |
| Pages Functions | API endpoints (auth, wallet, admin) |
| Edge Routing | Request routing and caching |
D1 Database
SQLite-compatible database at the edge:
| Data | Description |
|---|---|
| Users | Accounts, roles, party IDs |
| Credentials | WebAuthn public keys |
| Sessions | Active user sessions |
| Configuration | Assets, RPC endpoints, dock apps |
External Connections
| Service | Purpose |
|---|---|
| Blockchain RPCs | Transaction broadcast, balance queries |
| Canton Participant | Daml contract operations |
| Price APIs | Asset valuations (optional) |
Deployment Benefits
Global Performance
- 300+ edge locations worldwide
- Sub-50ms latency for most users
- Automatic geographic routing to nearest edge
- No cold starts for static assets
Reliability
- 99.99% uptime SLA from Cloudflare
- Automatic failover between edge locations
- DDoS protection included
- No single point of failure
Scalability
- Automatic scaling to any traffic level
- No capacity planning required
- Pay-per-request pricing model
- No infrastructure limits
Security
- HTTPS everywhere by default
- Edge firewall and rate limiting
- No servers to patch or maintain
- SOC 2, ISO 27001 compliant infrastructure
Instance Isolation
Each Stratos Vault deployment is completely isolated:
Data Isolation
┌─────────────────────────────────────────────────────────────────┐
│ Cloudflare Infrastructure │
│ │
│ ┌─────────────────────┐ ┌─────────────────────┐ │
│ │ Instance A │ │ Instance B │ │
│ │ ┌───────────────┐ │ │ ┌───────────────┐ │ │
│ │ │ D1: vault-a │ │ │ │ D1: vault-b │ │ │
│ │ │ - Users A │ │ │ │ - Users B │ │ │
│ │ │ - Config A │ │ │ │ - Config B │ │ │
│ │ └───────────────┘ │ │ └───────────────┘ │ │
│ │ Domain: a.example │ │ Domain: b.example │ │
│ └─────────────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘Configuration Independence
Each instance has independent:
- User database and authentication
- Admin accounts and permissions
- Asset and chain configuration
- RPC endpoint settings
- Canton participant connection
- Dock apps and Daml packages
- Custom branding and domain
Operations
Updates
Updates are deployed via CI/CD:
- Code changes pushed to repository
- Automated build and tests
- Deploy to Cloudflare Pages
- Instant propagation to all edges
Zero-downtime deployments - Old version serves until new is ready.
Monitoring
Built-in observability:
| Metric | Source |
|---|---|
| Request latency | Cloudflare Analytics |
| Error rates | Pages Functions logs |
| Database queries | D1 Analytics |
| Geographic distribution | Cloudflare Dashboard |
Backup and Recovery
- D1 automatic backups - Point-in-time recovery
- Git-based deployments - Full code history
- Infrastructure as code - Reproducible deployments
Multi-Instance Management
Organizations can operate multiple instances:
Use Cases
| Scenario | Configuration |
|---|---|
| Production + Staging | Separate instances for testing |
| Multi-tenant SaaS | Instance per client |
| Geographic separation | Instance per region |
| Brand separation | Instance per product line |
Shared Codebase
All instances share the same codebase with instance-specific configuration:
stratos-vault/
├── src/ # Shared application code
├── functions/ # Shared API logic
├── wrangler.prod.toml # Production config
├── wrangler.staging.toml # Staging config
└── wrangler.client-a.toml # Client A configCanton Network Connectivity
Instances connect to Canton participants:
Connection Models
| Model | Description | Use Case |
|---|---|---|
| Shared Participant | Multiple instances → One participant | Development, small scale |
| Dedicated Participant | One instance → One participant | Production, compliance |
| Multi-Domain | Instance → Multiple domains | Cross-network operations |
Configuration
CANTON_URL = "https://participant.example.com"
CANTON_DOMAIN_ID = "domain::abc123..."
CANTON_LEDGER_ID = "participant1"Getting Started
Deployment is handled by our team:
- Requirements gathering - Chains, Canton, branding
- Instance provisioning - Database, configuration
- Domain setup - Custom domain, SSL
- Admin onboarding - Initial admin accounts
- Go-live - Production deployment
Next Steps
- Platform Overview - Full platform capabilities
- Security Architecture - Security deep-dive
- Canton Integration - Enterprise smart contracts