On-Premise Hosting

Overview

MineTrust is a modular data management platform purpose-built for structured file operations, metadata enrichment, and client-driven data workflows. It features a robust backend powered by modern .NET services, a browser-based frontend, client-side integration, and support for scalable storage and relational database systems.

The platform is optimized for modern infrastructure and supports secure, efficient, and automated data operations across a variety of enterprise environments.

Architecture Diagram

solution architecture

Components

Database Backend

MineTrust supports:

The MineTrust Server interacts with the database using Entity Framework Core, managing structured metadata, configuration, and versioning information.

Application Server

The application tier consists of two core .NET services, both targeting .NET 8.0 (with optional preview builds against .NET 10.0, not intended for production):

MineTrust Server

An ASP.NET Core Web API that provides:

  • File management operations
  • Metadata enrichment and tagging
  • File version control capabilities

MineTrust Provisioner

A .NET-based background service offering:

  • A lightweight automation platform
  • Responsible for entity provisioning, data pre-processing, and scheduled tasks

Both services use shared File Storage to read and write binary data and payloads.

File Storage

A centralized file store used for:

  • Persistent storage of data files and packages
  • Shared access by MineTrust Server and MineTrust Provisioner
  • Version tracking and large data management

Storage capacity should be scaled according to use, with a typical minimum allocation of 100 GB.

Web Server

MineTrust Online

A Blazor-based web frontend, hosted as part of the Web Server tier, allowing users to:

  • Search, upload, and manage data assets
  • Review package metadata
  • Interact with version-controlled datasets

Client Machine

MineTrust Connector

A Windows Service that:

  • Monitors local directories for JSON manifest files produced by client apps
  • Resolves these manifests into structured packages (i.e., a folder of files + metadata)
  • Syncs the packages securely with MineTrust Server

See MineTrust Connector for more information.

Client Applications

  • Examples include Studio RM and Studio Mapper
  • Responsible for authoring data and publishing manifests to the local MineTrust Connector

Communication Model

  • HTTPS is the backbone for service interactions. All traffic to MineTrust Server is handled over secure endpoints.
  • MineTrust Server uses Entity Framework Core to interface with the chosen Database Backend.
  • MineTrust Provisioner, MineTrust Online, and MineTrust Connector operate asynchronously and communicate with MineTrust Server over HTTPS.
  • Client-side JSON manifests are parsed by the MineTrust Connector, which compiles complete packages and uploads them to the MineTrust Server.

Security Model

Transport Layer

All HTTP communication is protected via HTTPS with TLS certificates. This ensures encryption in transit and protection against MITM attacks.

Authentication

  • OAuth 2.0 Bearer tokens are used for endpoint authentication.
  • Default support is provided for Azure AD B2C directory services.
  • The platform is extensible, supporting pluggable authentication schemes to integrate with other identity providers.

Authorization & Access Control

  • Role-based access enforcement at the API level
  • Package-level permissions can be configured based on user roles and ownership

Integrity Checks

  • Packages are built and validated by the MineTrust Connector prior to upload
  • MineTrust Server performs integrity verification upon receipt

Version Targets

Component Version
.NET Runtime .NET 8.0 (with preview .NET 10.0 builds)
SQL Server 2022 (v16.x)
PostgreSQL 17

Hardware Requirements

Component Requirements
Database Backend 2 vCPU, 8 GB RAM, 16 GB storage (minimum)
Application Server Windows 10 or higher, 2 vCPU, 8 GB RAM
Web Server Windows 10 or higher, 2 vCPU, 8 GB RAM
File Storage At least 100 GB, scalable depending on usage
Client Machine Windows 10 x64 (minimum), suitable for MineTrust Connector

Implementation

  • MineTrust Server Delivered as a signed .exe installer bundle that includes a guided installation process.

  • MineTrust Provisioner Delivered as a signed .exe installer bundle that includes a guided installation process.

  • MineTrust Online Delivered as a signed .exe installer bundle that includes a guided installation process.

  • Database Backend Database schema and objects are initialized using provided setup scripts, compatible with both MSSQL and PostgreSQL targets.

  • MineTrust Connector Delivered either as signed .exe installer bundle or as a sub-component of a Studio installation. Endpoint registration can be performed:

    • Interactively, via the product's built-in configuration UI
    • Or, via system notification prompts from the MineTrust Connector service