# Hideez Server Architecture

## 1. Basic Server Architecture&#x20;

The basic server configuration is the minimum necessary set of components for the full functioning of the authentication server. This configuration does not involve the use of a load balancer and a standby server, and the database server is installed on the same physical server as the web application. The authentication server can be installed on a Windows or Linux server (physical or virtual). The Reverse Proxy Server accepts incoming HTTPS requests, decrypts them, and passes them to the Kestrel Web Server, which hosts the HES web application.&#x20;

<figure><img src="/files/cs8bf5tr9o4NTBXcfE94" alt="" width="563"><figcaption></figcaption></figure>

As a Reverse Proxy, you can use Nginx or Apache on a Linux server and IIS on a Windows server. This server must contain a domain certificate. To launch the HES web application, the AppSettings.json configuration file is used, which contains the database access settings and the SMTP mail server access settings. The remaining parameters are contained in the database.

MySQL or MS SQL server can be used as a database. Critical data in the database can be encrypted using the Data Protection mechanism. HES server contains a number of connectors and integrations with other servers:&#x20;

* Microsoft Active Directory - integration is performed using the LDAPS protocol.&#x20;
* Azure Active Directory - integration is done using the Graph API.&#x20;
* Mail server - access to the server is performed via the SMTP protocol.&#x20;
* Splunk or SIEM server - integration is based on the server's REST Web API.&#x20;
* Service providers - SAML 2.0 or OpenID Connect integration protocols.

## 2. Hideez Full Server Architecture

A full server configuration includes two separate servers for the HES web application, as well as a separate server for the database. Reverse Proxy server with load balancer function is also installed on a separate physical server.&#x20;

The two HES servers operate on a Primary-Standby basis. In the event of a failure on the primary server, the entire load is switched to the backup server. Servers cannot process requests at the same time, because one of the functions of HES is to route traffic between the Hideez Client desktop applications and the Hideez Authenticator mobile applications.&#x20;

Any server compatible with MySQL or MSSQL can be used as a database server, such as MySQL Cluster, Amazon Aurora, MS SQL Datacenter, etc. The server must be configured with full data redundancy.

<figure><img src="/files/tY31DROAVfh2UGWwCi2t" alt="" width="563"><figcaption></figcaption></figure>

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://enterprise.hideez.com/hideez-enterprise-server/hideez-server-architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.