I am evaluating Instant On and would like to obtain some more details about the architecture, especially regarding the interaction with the cloud portal and the app. I assume like with the regular instant, there is still some elected master access point which communicates with the cloud portal and also indirectly with the app using an internal API. I also assume the configuration is locally distributed and the system continues to work in case the internet connection is dropped. This "invisible" master access point would also provide all local functionality, such as RADIUS requests for WPA enterprise authentication. What I'd like to know is where passwords only requires locally for like RADIUS servers or network pre-shared keys are stored - locally or also in the cloud. I'd also like to know how communication with the portal is protected and whether it is SSL, DTLS or otherwise. Also, does the mobile app only communicate through the cloud platform or is there any direct communication with like this "imaginary" automatically elected master access point ? Maybe I am a bit too old fashioned by trying understand how stuff works at least to some degree, but maybe someone can point me in the right direction....