We are currently researching to connect LoRa nodes to our existing product. For this we are now using the TTN docker containers to setup a private server. In the end the option with the public TTN network with private handlers sounds very promising for most of our customers.
However, some of our customer base require a complete private stack. As far as i see now in the setup with the docker containers the account server is not run private, and also the applications are stored in public TTN. The devices seems to be stored private though. Is this understanding correct?
Furthermore, will a complete private stack be possible in the future? Or will it for example be specified how we can built some parts ourselves and plug them in?
The account server manages users, application IDs and access rights.
The Handler has the keys that are needed for end-to-end encryption in LoRaWAN (AppKey and AppSKey), so when you run a private Handler (which is currently not yet possible, but we’re working on it) you are the only one with the encryption keys. The Handler also stores the configuration of applications.
The Broker and NetworkServer manage network-related functionality of devices and need the LoRaWAN NwkSKey (which is provided to the network by the Handler) for this.
When you want to build a complete private (offline) stack you need to implement your own account server. We will publish the API specification when the API is stable, but it’s basically OAuth2/JWT and some simple token validation.
This is open source, so nothing stops you and your companions/customers to do it yourselves. The original intention of TTN was to make an open and free service. So imho spending time/effort on private backends would not be appropriate spending of “Kickstart” resources.