Anchor Engine
Central control plane for API requests, policy decisions, orchestration, workflow state, and security-relevant evidence.
Architecture
Anchor is organized around five primary components: Anchor Engine, Web UI, Anchor Vault, Anchor Connect, and Anchor Compass. Each component has a clear responsibility, so privileged access governance does not depend on a pile of loosely connected consoles, proxy paths, scripts, and reporting exports.
The architecture goal is simple: keep access decisions, privileged material, sessions, posture review, and evidence in one operating model. Public documentation explains the component boundaries and security posture; registered technical materials and onboarding cover deployment-specific runbooks and deeper implementation detail.
Anchor Component Model
A compact PAM control plane with clear responsibilities.
Web UI Admin and operator workflows
Anchor Engine Policy, orchestration, API
Anchor Vault Privileged material control
Anchor Connect Brokered session access
Anchor Compass Posture and review signals
Component Responsibilities
Section titled “Component Responsibilities”Web UI
Browser-based console for administrators, operators, reviewers, and approved user workflows.
Anchor Vault
Protected privileged-material control layer for retrieval, rotation, verification, and audit-linked use.
Anchor Connect
Brokered session component that keeps access tied to policy, target context, and session evidence.
Anchor Compass
Review and posture layer for drift, stale access, account hygiene, operational risk, and audit readiness.
Security Boundary
Section titled “Security Boundary”Anchor keeps public architecture documentation focused on component responsibilities, security boundaries, and the way teams operate the platform. That gives buyers and security reviewers enough context to understand the model without publishing low-level implementation details that do not belong in open documentation.
Encryption, scoped permissions, policy gates, audit logging, and ledger-backed integrity concepts are cross-cutting platform features. Anchor Ledger is not a separate component; it is part of Anchor’s integrity model for important security-relevant events.
| Security area | High-level Anchor posture |
|---|---|
| Control separation | Web UI, Engine, Vault, Connect, and Compass have distinct responsibilities. |
| Policy enforcement | Sensitive workflows pass through policy and authorization checks. |
| Privileged material | Vault behavior is described by protection goals, not storage internals. |
| Session access | Connect is documented as brokered, policy-gated access without exposing network mechanics. |
| Integrity | Ledger-backed integrity is a platform feature for important operational events. |
| Operational clarity | The public model shows how the pieces work together, while registered technical materials provide customer-specific deployment and operating detail. |