SmartCMS is implemented as a multi‑tier web application based entirely on open standards, ensuring flexibility, security, performance, and seamless integration into complex enterprise environments.
The system architecture consists of five main components:
Client, Web Server, Application Server, Database Server, and CA Service Gateway.
SmartCMS was designed with two primary goals in mind:
- Simplicity and flexibility of deployment
- High scalability at all architectural levels
The SmartCMS architecture follows a clean separation of concerns between front‑end visualization, business logic, persistence, and cryptographic backend systems. The design offers:
- Strong modularity
- Stateless core application
- DB‑driven session and state persistence
- Transparent scaling of each architectural layer
- Support for multiple CA backends (via gateway)
The five major components are:
- Client (UKC – Universal KeyChain)
- Web Server
- Application Server
- DBMS (Database Server)
- CA Service Gateway
Each is described in depth below.
The SmartCMS client consists of:
- A web application built using modern standards (HTML5, CSS, JavaScript)
- A local desktop component: Universal KeyChain (UKC), developed by Bit4id
The client interacts with the Web Server over HTTPS and supports the following browsers:
- Internet Explorer
- Microsoft Edge
- Mozilla Firefox
- Google Chrome
- Apple Safari
- Reading/writing smart cards and USB tokens
- Interacting with webcams, card readers, biometric devices
- Handling digital signatures and cryptographic operations
- Smart card logon
- Zero‑configuration proxy handling (reads browser/system proxy automatically)
UKC exposes all cryptographic functionalities required by the user and the CMS, replacing the need for multiple vendor‑specific client tools.
SmartCMS uses NGINX, one of the fastest and most robust open‑source web servers.
It is responsible for:
- Accepting HTTPS client requests
- Serving static assets (HTML, CSS, JS, images)
- Routing dynamic requests to the Application Server
- Enabling load balancing and failover mechanisms
- Running lightweight master/worker processes with minimal memory footprint
NGINX supports:
- HTTP/1.1
- SSL/TLS
- SNI
- TLSv1.1 / TLSv1.2
- FastCGI
- Reverse proxying
- Load balancing across multiple Application Server nodes
SmartCMS is platform‑independent and supports NGINX on:
- UNIX
- Linux
- BSD
- macOS
- Solaris
- Windows
The Application Server is built on top of a WSGI‑compliant Python environment and contains all core SmartCMS business logic.
It is fully modular, plug‑in‑based, and abstracted from:
- Databases
- CA backends
- External identity sources
- Hardware components
Stateless architecture
The application retains no in‑memory state; all session/state information is stored in the DBMS. Enables horizontal scaling.DB adapters for full compatibility with:
- PostgreSQL
- MySQL
- Oracle
- MariaDB
and other relational databases
Hot‑swap upgrades without downtime
New versions are deployed to a parallel environment and swapped live.High‑granularity logging with customizable output destinations
Monitoring interfaces for performance and diagnostics
The server uses an Inversion of Control (IoC) container, allowing external modules to be injected without modifying the application code.
The DBMS stores:
- All SmartCMS persistent data
- User session information
- Device lifecycle status
- Certificate metadata
- Organizational hierarchy
- Audit logs (stored in a separate auditing DB)
Supported deployment configurations:
- Clustering
- Replication
- Sharding
- Failover-secondary nodes
- High availability setups
SmartCMS provides a fully automated data migration system:
- Forward and backward migrations
- Transactional safety
- Automatic transformations of data
- Safe schema evolution during module installation/upgrades
This guarantees consistent upgrades in production environments.
The CA Gateway abstracts communication between SmartCMS and Certification Authorities (CAs).
It acts as a broker, enabling SmartCMS to operate with multiple CA backends simultaneously. Supported operations:
- Certificate issuance
- Batch issuance (when supported by the CA)
- Suspension
- Reactivation
- Revocation
- Renewal
Each CA may expose different APIs (SOAP, REST, proprietary), and the Gateway contains specific connectors for each.
This ensures no changes are required in the core system when adding or switching CA providers.
SmartCMS was designed from inception for horizontal scalability, both in the frontend and backend. Key scalability features include:
All user session data is stored in the database.
Any request can be handled by any node, enabling:
- Load balancing
- Infinite horizontal scaling
- Rolling upgrades with zero service interruption
NGINX supports:
- Multi‑worker processing
- Load distribution across multiple App Server nodes
- Graceful degradation
- Failover handling
Using replication, sharding, and clustering strategies, the DBMS can scale in both:
- Read‑heavy workloads
- Write‑intensive workflows (e.g., large‑scale issuance campaigns)
SmartCMS utilizes a modular architecture with:
- Clear API boundaries
- Replaceable modules
- IoC-driven dependency injection
- No need for system-wide recompilation when replacing components
This design supports:
- Custom workflows
- Customer-specific integrations
- Additional identity verification steps
- New device types
- New certificate templates
- Custom data models (extended personal data attributes)
The SmartCMS architecture is:
- Modular
- Scalable
- Secure
- Enterprise-ready
- CA‑agnostic
- Flexible and extensible
It supports deployments ranging from small organizational setups to national-scale digital identity infrastructures.