System Architecture
Explore the internal architecture of each deployment edition.
How MaestroHub Is Built
MaestroHub is made up of 16 modules — authentication, pipeline engine, scheduler, connectors, unified namespace, and more. These modules handle everything from connecting to a PLC to rendering a live dashboard.
What makes MaestroHub unique is that the same modules can run in two very different ways:
Lite Edition
All 16 modules run inside a single process. The database (SQLite), message broker (in-memory channels), and MQTT server (Mochi) are all embedded. You download one file, run it, and everything works. No infrastructure to set up. This is how most teams start.
Enterprise Edition
Each module becomes its own independently deployable microservice on Kubernetes. Services communicate through NATS (request/reply, event streaming, leader election). Data is stored in external managed systems like PostgreSQL, TimescaleDB, and EMQX that can be scaled, replicated, and backed up independently.
Everything you build in one mode works in the other. Pipelines, dashboards, connections, and configurations are fully portable. Start on your laptop, deploy to Kubernetes later — no rework.
Edge Manager — Fleet Control
A standalone service that manages all your MaestroHub instances from a single dashboard.
When you run multiple MaestroHub instances across factories, offices, or regions, you need a way to manage them without logging into each one. Edge Manager solves this.
Every MaestroHub instance — whether Lite or Enterprise — sends periodic heartbeats to the Edge Manager. These heartbeats carry health status, resource usage (CPU, memory, disk), and per-organization execution metrics (pipeline runs, success rates, throughput). Critically, communication is one-way: instances push to Edge Manager, not the other way around. Edge Manager never initiates connections to your instances, which means no inbound ports need to be opened on your factory network — a deliberate security decision.
From a single dashboard, you can:
- Distribute licenses — One master license key is automatically split into per-instance entitlements. No manual activation per factory.
- Push configuration — SSO settings (OIDC, SAML, LDAP) and system-level config are pushed centrally. Change it once, every instance picks it up.
- Monitor fleet health — See which instances are healthy, degraded, or offline. Drill into per-organization metrics across your entire fleet.
- Count seats by organization — Every organization on every instance counts as one seat. If Berlin has 3 orgs, Munich has 2, and HQ has 5, that is 10 seats total — counted by organizations, not by instances.