> ## Documentation Index
> Fetch the complete documentation index at: https://docs.powersync.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Securing Your Deployment

> Network architecture and security guidance for self-hosted PowerSync deployments.

<Note>
  This section is a work in progress. Please reach out on [our Discord](https://discord.gg/powersync) if you have specific questions.
</Note>

Below is an architecture diagram of a successful deployment:

<Frame caption="PowerSync Deployment Architecture">
  <img src="https://mintcdn.com/powersync/EcHiTYgJi-xONDwB/images/architecture/powersync-architecture-diagram-self-host.png?fit=max&auto=format&n=EcHiTYgJi-xONDwB&q=85&s=14668588b65e58df1d90eb0b983395a5" width="1340" height="826" data-path="images/architecture/powersync-architecture-diagram-self-host.png" />
</Frame>

Data doesn't always flow in the direction of your firewall rules, so the below table documents which components are making connections to others:

| Request Originator | Request Destination        | Protocol    |
| ------------------ | -------------------------- | ----------- |
| PowerSync Service  | Postgres                   | TCP         |
| PowerSync Service  | MongoDB                    | TCP         |
| PowerSync Service  | OpenTelemetry Collector    | TCP or UDP  |
| PowerSync Service  | JWKS Endpoint              | TCP (HTTPS) |
| App Client         | PowerSync Service (via LB) | TCP (HTTPS) |
| App Client         | App Backend                | TCP (HTTPS) |
| App Backend        | Postgres                   | TCP         |