Enterprise Architecture
Three planes.
One protocol.
CH VPN deploys as a federated hub-and-spoke with mesh bridges. The unit of administration is the tenant. The unit of trust is the certificate. The unit of operation is the plane: hub for peer sessions, mesh for inter-clinic bridges, corporate for anycast egress.
Hub Plane
Where peers terminate.
Each tenant runs one or more clinic hubs (or shares a regional hub for very small tenants). Hubs accept up to 8,000 active peers per process, 64,000 per clinic server via horizontal fan-out. They route PHI to the clinic EHR, lab connectors, and tenant-local services.
Mesh Plane
Bridges between clinics.
Clinics with clinical co-management, emergency overflow, or shared specialist pools establish permanent site-to-site bridges. Each bridge is authenticated peer-to-peer under CH Authority-issued certificates, configured by policy at the Authority, and audited centrally.
Corporate Plane
Anycast egress.
Every clinic maintains one or more uplinks to the CH corporate gateway mesh. Corporate handles aggregate telemetry, audit egress, authority traffic, cloud backup, and the reinsurance/claims pipeline. Gateways operate in an anycast-ready cluster so clinics never re-provision when regional load shifts.
Six Peer Roles
Six rotation cadences.
Every peer is one of six canonical roles. Each has its own provisioning, rotation cadence, plane membership, and telemetry shape.