Regions

What are Regions?

A region in Vidos represents a fundamental organizational unit that combines geographical location with complete operational independence. Think of a region as a self-contained environment with its own set of services, management capabilities, and data boundaries.

Each region operates as an independent entity within the Vidos system, maintaining strict isolation from other regions while sharing a common identity management framework. This isolation ensures that regions can maintain their own operational integrity, data sovereignty, and compliance requirements.

Key Characteristics

Independence

• Each region operates independently of other regions
• Regions maintain separate infrastructure and resources
• Service failures in one region do not affect other regions
• No automatic data transfer or replication between regions

Data Sovereignty

• Data remains within the geographical boundaries of its designated region
• Helps organizations comply with data residency requirements
• Enables adherence to local regulatory frameworks
• Cross-region data transfer only occurs through explicit customer actions

Fault Tolerance

• Regions are designed to be fault-tolerant
• Each region contains multiple availability zones
• Services within a region can maintain operations even if some components fail
• Independent infrastructure ensures regional isolation of issues

Global Services

While most Vidos services are region-specific, some services operate globally:

Identity and Access Management (IAM)

• IAM is a global service that spans all regions
• Credentials and permissions are valid across all regions
• Policy management is centralized
• User identities are consistent throughout the system

Working with Regions

Data Processing

• All data processing occurs within the region where data is stored
• Cross-region processing requires explicit configuration
• Services maintain data locality unless otherwise specified

Service Management

Each region has its own instances of core services:

• Authorizer
• Resolver
• Verifier
• Validator

Management Control Planes

• Each service’s management control plane exists in the same region as the service itself
• Management operations are performed locally within each region
• No cross-region management dependencies
• Configuration and control remain within regional boundaries
• Ensures management operations comply with regional data sovereignty requirements

Each region where a service is present contains its own management control plane for that service. This ensures that service management operations are performed within the same region as the service itself.

Region Boundaries and Relationships

Regional Scope

• Regions define the geographical and logical boundaries for:
  • Service deployment and execution
  • Data storage and processing
  • Management control planes
  • Regulatory compliance domains

Cross-Region Interaction Model

• Regions maintain strict boundaries
• Cross-region communication follows explicit pathways
• Data sovereignty principles govern inter-region interactions
• Service management remains within regional boundaries

Conceptual Relationships

Core Service Components

• Service Management: Regional control planes managing local service instances
• Data Sovereignty: Regional boundaries enforcing data location and processing rules
• Identity and Access Management: Global service providing consistent authentication across regions
• Service Architecture: Regional deployment and execution model for Vidos services

Understanding these relationships helps form a complete picture of how regions function as independent but interconnected units within the Vidos system.