Skip to main content

System architecture

Understanding the system architecture of Device Trust Manager will help you effectively set up and manage your devices.

TrustEdge agent, powered by DigiCert​​®​​ TrustCore SDK, provides your device the necessary tools to communicate with Device Trust Manager Rendezvous Service (RZ) over MQTT 5.0 and TLS 1.3. To better understand the system architecture, review the diagram below.TrustCore SDK

Figure 1. Device Trust Manager system architecture
[en] Device Trust Manager system architecture

  • TrustEdge agent: Powered by DigiCert​​®​​ TrustCore SDK, handles critical device management functions such as registration, authentication, and software updates. It communicates securely with Device Trust Manager via the Rendezvous Service (RZ) using MQTT 5.0 and TLS 1.3. All device-related communications between TrustEdge agent and the RZ are conducted over MQTT, ensuring secure and reliable exchanges.TrustCore SDK

  • Rendezvous Service (RZ): A scalable MQTT endpoint that manages communication between IoT devices and Device Trust Manager's backend. The RZ is designed to handle millions of devices across distributed networks, facilitating registration, authentication, and updates.

  • Certificate management protocols: Supports industry-standard certificate management protocols such as EST, SCEP, ACME, and CMPv2 for issuing and renewing certificates.

  • Platform integration: Integrates with third-party services such as EJBCA, SIEM tools, and IoT platforms such as AWS and Azure. Also connects seamlessly with DigiCert​​®​​ products such as private DigiCert® CA Manager and DigiCert​​®​​ Software Trust Manager for broader certificate and software management capabilities.

  • REST API: Enables OEMs to manage device provisioning, updates, and security directly via API integration. This allows for automation and full control over device management, ensuring secure and compliant IoT environments across diverse infrastructures.