Web Browser

HTTPS / WSS

API Gateway

Nginx / Traefik

TLS Termination, Routing, Rate Limiting, Load Balancing

Microservices

Individually scalable

Auth Service

JWT, SSO, OIDC, SAML, LDAP

Authz Service

RBAC via Casbin, Fine-grained ACL

Organizations Service

Multi-tenancy, Settings & Branding

License Service

Feature Gating, Trial Management

Pipeline Engine Service

Workflow Execution, Node Registry, JS Runtime

Scheduler Service

Cron, Webhook, MQTT, OPC UA/DA, Ignition,...

Connectors Service

20+ Protocols, Runtime Supervisor

UNS Service

Unified Namespace, MQTT Data Fabric, ISA-95

Dependencies Service

DAG Tracking, Impact Analysis

Logs Service

Structured Logging, FTSS Search

Email Service

SMTP Provider, Templates

WebSocket Service

Real-time Events, Subscriptions, Presence

Audit Service

Action Trail, Compliance

Phonehome Service

Anonymous Telemetry

Universal Search

Elasticsearch-powered entity search

NATS Messaging Layer

NATS Core

Request/Reply, Service Discovery, SDK Communication

NATS JetStream

Persistent EventBus, Work Queues, At-Least-Once

NATS KV

Leader Election, Distributed Coordination

External Managed Infrastructure

PostgreSQL

Application Database, HA with Replication

TimescaleDB

Time-Series, Continuous Aggregation, Compression

EMQX

Enterprise MQTT, Clustering, 100M+ Connections

Elasticsearch

Full-Text Search, Log Storage, Analytics

Prometheus

Metrics Collection, Alerting, Monitoring

Fluent Bit

Log Collection, Parsing & Routing

Services are independently deployable and scalable. Connected through NATS, backed by managed infrastructure.

Edge Manager — Fleet Control

A standalone service that manages all your MaestroHub instances from a single dashboard.

When you run multiple MaestroHub instances across factories, offices, or regions, you need a way to manage them without logging into each one. Edge Manager solves this.

Every MaestroHub instance — whether Lite or Enterprise — sends periodic heartbeats to the Edge Manager. These heartbeats carry health status, resource usage (CPU, memory, disk), and per-organization execution metrics (pipeline runs, success rates, throughput). Critically, communication is one-way: instances push to Edge Manager, not the other way around. Edge Manager never initiates connections to your instances, which means no inbound ports need to be opened on your factory network — a deliberate security decision.

From a single dashboard, you can:

• Distribute licenses — One master license key is automatically split into per-instance entitlements. No manual activation per factory.
• Push configuration — SSO settings (OIDC, SAML, LDAP) and system-level config are pushed centrally. Change it once, every instance picks it up.
• Monitor fleet health — See which instances are healthy, degraded, or offline. Drill into per-organization metrics across your entire fleet.
• Count seats by organization — Every organization on every instance counts as one seat. If Berlin has 3 orgs, Munich has 2, and HQ has 5, that is 10 seats total — counted by organizations, not by instances.

Edge Manager

Central management plane

Fleet Dashboard

Monitor health, versions, and status across all instances

3 instances

Heartbeat

Heartbeat

Heartbeat

MaestroHub Instances

Instances push heartbeats — Edge Manager never pulls

Berlin Factory

MaestroHub Instance

Healthyv2.8.13 orgs

Munich Factory

MaestroHub Instance

Healthyv2.8.02 orgs

HQ Office

MaestroHub Instance

Healthyv2.8.15 orgs