Fides Architecture Overview
The Fides platform is released as Docker images designed to be deployed as services to any modern container orchestration platform. This guide provides an overview of the Fides architecture, its components, and external dependencies for production deployments.
The architecture shows how different users interact with Fides components: Admins access the Fides webservers (fides.example.com) for configuration and data subject request management, while Users interact with the Privacy Center (privacy.example.com) to submit privacy requests or manage consent preferences. End users also interact with FidesJS embedded on business websites (example.com) for consent management and privacy controls. All public access flows through a CDN and load balancer for performance and security. Behind the scenes, horizontally scalable Fides Workers process privacy requests and consent workflows using managed PostgreSQL and Redis services, with object storage handling downloadable reports and attachments.
Fides Services
The core Fides application consists of stateless, horizontally scalable services:
| Service | Docker Image | Purpose | Network Requirements |
|---|---|---|---|
| Webservers | ethyca/fidesplus | Core API and administrative UI services | Inbound internet access for API and UI, outbound internet access to integrate with 3rd party APIs |
| Workers | ethyca/fidesplus | Background job processing from job queues | No inbound internet access, outbound internet access to integrate with 3rd party APIs |
| Privacy Center | ethyca/fides-privacy-center | Public-facing privacy portal | Inbound internet access for consumer-facing UI, outbound internet access to connect to Webservers API and 3rd party APIs |
All images use version tags (e.g., ethyca/fidesplus:2.68.0, ethyca/fides-privacy-center:2.68.0). For deployment-specific configuration, see Kubernetes, Terraform, or Docker guides.
External Dependencies
For production deployments, we recommend externally managed services for databases, load balancing, caching, etc.
| Service | Purpose | Examples |
|---|---|---|
| PostgreSQL | Primary database for application state | AWS RDS, Google Cloud SQL |
| Redis/Valkey | Caching and message broker for job queues | AWS ElastiCache, Google Cloud Memorystore |
| Object Storage | Downloadable reports and file storage | AWS S3, Google Cloud Storage |
| Load Balancer | Load balancing and TLS termination | AWS ALB/NLB, GCP Load Balancing, Nginx, HAProxy |
| CDN | Static asset caching and global distribution | AWS CloudFront, Cloudflare |