When installing the Canary system, it is important to determine where the Identity service will be located as other Canary services must connect to it when authenticating and authorizing users. At least one Identity service is needed per system, but more can be added if multiple networks exist within the system architecture.

Single Historian System

In a single Historian system, only one Identity service is needed. Remote Canary Collector servers do not require a local Identity service. They will be pointed to the remote Identity service during the installation process.

Multi-Historian System

If a system contains multiple Historians within the same network, still only one Identity service is needed. The remote Historian servers will be pointed to the remote Identity service during the installation process along with any Canary Collector servers.

Multi-Tiered Network

In a multi-tiered network, an Identity service is needed at each level where users must authenticate to consume data. Assuming that Level 3 cannot communicate with Level 4, an Identity service is needed for each.

If Level 3 does not contain a Canary Historian, an Identity service is not needed. Data will flow up through the network until it reaches Level 4 where users can connect to query the Historian.