Portal Community
Octopus — Edge

Satellite Nodes

Satellite nodes are server group members deployed at the network edge — in remote offices, factory floors, retail locations, or IoT gateways. They execute locally, reducing latency and network dependency, while reporting status and results back to the central BizFirstGO server group.

What Is a Satellite Node?

A satellite node is a server node that runs in a location physically or logically remote from the central BizFirstGO deployment. It joins the same server group as cloud nodes but is tagged with location metadata so the server group can route calls to the nearest or most appropriate node.

// Satellite node self-registration at startup
await registry.RegisterAsync(new ServerNodeRegistration
{
    GroupName = "document-processor",
    Name      = "satellite-london-office-01",
    BaseUrl   = "https://satellite-london-01.internal:8080",
    HealthUrl = "https://satellite-london-01.internal:8080/health",
    Weight    = 1,
    Metadata  = new Dictionary<string, string>
    {
        ["region"]   = "europe",
        ["location"] = "london-office",
        ["tier"]     = "satellite"
    }
});

Topology Diagram

         Central Data Centre
    ┌────────────────────────────┐
    │   BizFirstGO Host           │
    │   Server Group Controller  │
    │   "document-processor"     │
    │     ├── cloud-node-01      │
    │     └── cloud-node-02      │
    └────────────┬───────────────┘
                 │  HTTPS (outbound from satellite)
         ┌───────┴────────┐
         │                │
  London Office     Frankfurt Office
  satellite-lon-01  satellite-fra-01
  (local network)   (local network)

Routing to Satellite Nodes

Use metadata-based routing to direct calls to the geographically appropriate satellite. The server group client accepts a routing hint that filters available nodes by metadata tags before applying the load balancing strategy.

// Call the nearest satellite for a tenant in the EU
var result = await _serverGroupClient.PostAsync<ProcessResult>(
    groupName:   "document-processor",
    endpoint:    "/process",
    body:        new { documentId = 12345, tenantId = "tenant-eu" },
    routingHint: new { region = "europe" });  // only route to EU nodes

Connectivity Resilience

Satellite nodes operate over potentially unreliable WAN links. Design them for connectivity resilience:

PatternImplementationPurpose
Outbound-only registrationSatellite calls the registry; registry never initiates to satelliteSatellite can be behind NAT/firewall
Heartbeat re-registrationSatellite re-registers every 60 secondsRecover after central controller restart
Local queue bufferingAccept requests locally; process if cloud unreachableOffline operation during WAN outage
Result sync on reconnectUpload buffered results when connectivity restoresNo data loss during disconnection
Graceful degradationServe cached data when upstream unavailablePartial functionality during outage

Offline Operation Pattern

// Satellite document processor with local queue
public class SatelliteDocumentProcessor
{
    private readonly ILocalQueue         _localQueue;
    private readonly ICentralSyncService _sync;
    private readonly IDocumentEngine     _engine;

    public async Task<ProcessResult> ProcessAsync(
        ProcessRequest request, CancellationToken ct)
    {
        // Always process locally — no dependency on central server
        var result = await _engine.ProcessAsync(request.DocumentId, ct);

        // Attempt to sync result to central; queue locally if unavailable
        var synced = await _sync.TrySyncResultAsync(result, ct);
        if (!synced)
        {
            await _localQueue.EnqueueAsync(result, ct);
            // Background service will drain queue when connectivity restores
        }

        return result;
    }
}

// Background sync service
public class LocalQueueSyncService : BackgroundService
{
    protected override async Task ExecuteAsync(CancellationToken ct)
    {
        while (!ct.IsCancellationRequested)
        {
            await Task.Delay(TimeSpan.FromSeconds(30), ct);

            var pending = await _localQueue.GetPendingAsync(batchSize: 50, ct);
            foreach (var item in pending)
            {
                var synced = await _sync.TrySyncResultAsync(item, ct);
                if (synced)
                    await _localQueue.AcknowledgeAsync(item.Id, ct);
            }
        }
    }
}

Security Considerations for Satellite Nodes

RiskMitigation
Satellite node compromised at physical locationEncrypt local queue at rest; use TPM-backed certificate for mTLS
WAN traffic interceptionMutual TLS between satellite and central; certificate pinning
Replay attacks via buffered resultsInclude request timestamp + nonce; central validates within a 5-minute window
Satellite impersonationPer-node certificates issued by internal CA; revoke on decommission
Escalation of privilege via local accessRun satellite service as non-root; separate OS user; no local admin rights
Satellite vs cloud node mix. A server group can contain both satellite nodes (edge) and cloud nodes (central) simultaneously. When a satellite is offline, the server group automatically routes to the healthy cloud nodes — providing transparent failover without any caller-side changes.
← Decision Framework Next: Octopus as a Server Node →