+++ title = "Architecture" description = "OpenCloud is built as a peer-to-peer, fully decentralized cloud fabric. " +++ Each OpenCloud instance is both: - a **sovereign controller** of its own infrastructure and resources, and - a **peer node** in a broader distributed network of partners. There is **no central authority**, no single registry, and no single point of failure. --- ## Core Architectural Principles - **Sovereignty by Design** Each instance maintains full control over its resources, policies, and trust relationships. - **Decentralization** The system is architected as a **mesh of peers** instead of a hub-and-spoke model. - **Pluggable Workflows & Services** Workflows and services are defined on top of a common fabric of cataloged resources. - **Observability & Accounting** All resource usage is tracked to enable transparent **peer-to-peer billing** and accountability. --- ## General Architecture

## Authentication and Identity Each OpenCloud instance includes an **OpenID-based distributed authentication system**. This allows: - Federated authentication across multiple organizations - Integration with existing identity providers - Consistent user identity across peers and collaborative areas Access control is enforced at multiple levels: **resources, workspaces, workflows, collaborative areas, peers, and groups**. --- ## Execution Fabric The execution layer orchestrates **distributed workflows** across multiple peers. Key characteristics: - Workflows may span **several independent infrastructures** - Execution strategies can be tuned per instance for **sovereignty**, **performance**, or **cost** - Workloads can run on **datacenters**, **edge nodes**, or **public cloud** instances running OpenCloud --- ## Runtime Footprint The core OpenCloud services are implemented in **Go**, delivering: - **Native code** for efficient CPU and memory usage - Lightweight **scratch containers** for deployment This enables: - High-density deployments in datacenters - Efficient execution on resource-constrained edge devices (e.g., ARM-based single-board computers) The user interfaces are built with **Flutter** and rendered as **HTML/JS**, reducing client requirements to a standard web browser. --- ## Accounting and Billing OpenCloud provides **transaction tracking** mechanisms that: - Record distributed resource usage - Provide a basis for **peer-to-peer billing** - Increase transparency and trust among partners This makes it possible to build **economic models** (sharing, selling, renting resources) on top of the technical platform. --- ## Hybrid Deployment Scenarios OpenCloud can be deployed: - On-premises, within one or multiple datacenters - At the edge, close to data sources or sensors - On public cloud providers for scalable, non-sensitive workloads These instances can all be **peers in the same OpenCloud fabric**, enabling a **hybrid and multi-cloud** architecture under a consistent sovereignty framework.