diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
index ed316075..4f1d4f2b 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -38,10 +38,6 @@ spec:
           image: "{{ .Values.images.ucentralgw.repository }}:{{ .Values.images.ucentralgw.tag }}"
           imagePullPolicy: {{ .Values.images.ucentralgw.pullPolicy }}
 
-          command:
-            - /ucentral/ucentralgw
-            - --file=/ucentral-data/ucentral.properties
-
           env:
             - name: KUBERNETES_DEPLOYED
               value: "{{ now }}"
diff --git a/helm/templates/pvc.yaml b/helm/templates/pvc.yaml
index 73947fc1..c0945be3 100644
--- a/helm/templates/pvc.yaml
+++ b/helm/templates/pvc.yaml
@@ -21,5 +21,7 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClassName  }}
   storageClassName: {{ .Values.persistence.storageClassName }}
 {{- end }}
+{{- end }}
diff --git a/helm/templates/secret-config.yaml b/helm/templates/secret-config.yaml
index 80e013de..5f0672ec 100644
--- a/helm/templates/secret-config.yaml
+++ b/helm/templates/secret-config.yaml
@@ -10,4 +10,4 @@ metadata:
 kind: Secret
 type: Opaque
 data:
-  ucentral.properties: {{ include "ucentralgw.config" . | b64enc }}
+  ucentralgw.properties: {{ include "ucentralgw.config" . | b64enc }}
diff --git a/helm/values.yaml b/helm/values.yaml
index edadd914..3fc6ab87 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -23,10 +23,13 @@ services:
         servicePort: 15002
         targetPort: 15002
         protocol: TCP
-    ports:
       restapi:
-        servicePort: 16001
-        targetPort: 16001
+        servicePort: 16002
+        targetPort: 16002
+        protocol: TCP
+      restapiinternal:
+        servicePort: 17002
+        targetPort: 17002
         protocol: TCP
       fileuploader:
         servicePort: 16003
@@ -38,11 +41,11 @@ checks:
     liveness:
       httpGet:
         path: /
-        port: 15015
+        port: 16102
     readiness:
       httpGet:
         path: /
-        port: 15015
+        port: 16102
 
 ingresses:
   restapi:
@@ -71,25 +74,25 @@ ingresses:
 volumes:
   ucentralgw:
     - name: config
-      mountPath: /ucentral-data/ucentral.properties
-      subPath: ucentral.properties
+      mountPath: /ucentralgw-data/ucentralgw.properties
+      subPath: ucentralgw.properties
       # Template below will be rendered in template
       volumeDefinition: |
         secret:
           secretName: {{ include "ucentralgw.fullname" . }}-config
     - name: certs
-      mountPath: /ucentral-data/certs
+      mountPath: /ucentralgw-data/certs
       volumeDefinition: |
         secret:
           secretName: {{ include "ucentralgw.fullname" . }}-certs
     - name: certs-cas
-      mountPath: /ucentral-data/certs/cas
+      mountPath: /ucentralgw-data/certs/cas
       volumeDefinition: |
         secret:
           secretName: {{ include "ucentralgw.fullname" . }}-certs-cas
     # Change this if you want to use another volume type
     - name: persist
-      mountPath: /ucentral-data/persist
+      mountPath: /ucentralgw-data/persist
       volumeDefinition: |
         persistentVolumeClaim:
           claimName: {{ template "ucentralgw.fullname" . }}-pvc
@@ -114,7 +117,7 @@ affinity: {}
 
 persistence:
   enabled: true
-  storageClassName: gp2
+  # storageClassName: "-"
   accessModes:
     - ReadWriteOnce
   size: 10Gi
@@ -122,8 +125,8 @@ persistence:
 
 # Application
 public_env_variables:
-  UCENTRAL_ROOT: /ucentral-data
-  UCENTRAL_CONFIG: /ucentral-data
+  UCENTRALGW_ROOT: /ucentralgw-data
+  UCENTRALGW_CONFIG: /ucentralgw-data
 
 secret_env_variables: {}
 
@@ -131,12 +134,12 @@ configProperties:
   # -> Public part
   # Websocket
   ucentral.websocket.host.0.backlog: 500
-  ucentral.websocket.host.0.rootca: $UCENTRAL_ROOT/certs/root.pem
-  ucentral.websocket.host.0.issuer: $UCENTRAL_ROOT/certs/issuer.pem
-  ucentral.websocket.host.0.cert: $UCENTRAL_ROOT/certs/websocket-cert.pem
-  ucentral.websocket.host.0.key: $UCENTRAL_ROOT/certs/websocket-key.pem
-  ucentral.websocket.host.0.clientcas: $UCENTRAL_ROOT/certs/clientcas.pem
-  ucentral.websocket.host.0.cas: $UCENTRAL_ROOT/certs/cas
+  ucentral.websocket.host.0.rootca: $UCENTRALGW_ROOT/certs/root.pem
+  ucentral.websocket.host.0.issuer: $UCENTRALGW_ROOT/certs/issuer.pem
+  ucentral.websocket.host.0.cert: $UCENTRALGW_ROOT/certs/websocket-cert.pem
+  ucentral.websocket.host.0.key: $UCENTRALGW_ROOT/certs/websocket-key.pem
+  ucentral.websocket.host.0.clientcas: $UCENTRALGW_ROOT/certs/clientcas.pem
+  ucentral.websocket.host.0.cas: $UCENTRALGW_ROOT/certs/cas
   ucentral.websocket.host.0.address: "*"
   ucentral.websocket.host.0.port: 15002
   ucentral.websocket.host.0.security: strict
@@ -144,28 +147,36 @@ configProperties:
   # REST API
   ucentral.restapi.host.0.backlog: 100
   ucentral.restapi.host.0.security: relaxed
-  ucentral.restapi.host.0.rootca: $UCENTRAL_ROOT/certs/restapi-ca.pem
+  ucentral.restapi.host.0.rootca: $UCENTRALGW_ROOT/certs/restapi-ca.pem
   ucentral.restapi.host.0.address: "*"
-  ucentral.restapi.host.0.port: 16001
-  ucentral.restapi.host.0.cert: $UCENTRAL_ROOT/certs/restapi-cert.pem
-  ucentral.restapi.host.0.key: $UCENTRAL_ROOT/certs/restapi-key.pem
+  ucentral.restapi.host.0.port: 16002
+  ucentral.restapi.host.0.cert: $UCENTRALGW_ROOT/certs/restapi-cert.pem
+  ucentral.restapi.host.0.key: $UCENTRALGW_ROOT/certs/restapi-key.pem
+  ucentral.internal.restapi.host.0.backlog: 100
+  ucentral.internal.restapi.host.0.security: relaxed
+  ucentral.internal.restapi.host.0.rootca: $UCENTRALGW_ROOT/certs/restapi-ca.pem
+  ucentral.internal.restapi.host.0.address: "*"
+  ucentral.internal.restapi.host.0.port: 17002
+  ucentral.internal.restapi.host.0.cert: $UCENTRALGW_ROOT/certs/restapi-cert.pem
+  ucentral.internal.restapi.host.0.key: $UCENTRALGW_ROOT/certs/restapi-key.pem
   # File uploader
   ucentral.fileuploader.host.0.backlog: 100
-  ucentral.fileuploader.host.0.rootca: $UCENTRAL_ROOT/certs/restapi-ca.pem
+  ucentral.fileuploader.host.0.rootca: $UCENTRALGW_ROOT/certs/restapi-ca.pem
   ucentral.fileuploader.host.0.security: relaxed
   ucentral.fileuploader.host.0.address: "*"
   ucentral.fileuploader.host.0.name: localhost
   ucentral.fileuploader.host.0.port: 16003
-  ucentral.fileuploader.host.0.cert: $UCENTRAL_ROOT/certs/restapi-cert.pem
-  ucentral.fileuploader.host.0.key: $UCENTRAL_ROOT/certs/restapi-key.pem
-  ucentral.fileuploader.path: $UCENTRAL_ROOT/uploads
+  ucentral.fileuploader.host.0.cert: $UCENTRALGW_ROOT/certs/restapi-cert.pem
+  ucentral.fileuploader.host.0.key: $UCENTRALGW_ROOT/certs/restapi-key.pem
+  ucentral.fileuploader.path: $UCENTRALGW_ROOT/uploads
   ucentral.fileuploader.maxsize: 10000
   # Auto provisioning
   ucentral.autoprovisioning: "true"
-  ucentral.service.key: $UCENTRAL_ROOT/certs/restapi-key.pem
   ucentral.devicetypes.0: AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi
   ucentral.devicetypes.1: SWITCH:edgecore_ecs4100-12ph
   ucentral.devicetypes.2: IOT:esp32
+  oui.download.uri: https://linuxnet.ca/ieee/oui.txt
+  firmware.autoupdate.policy.default: auto
   # Callback
   ucentral.callback.enable: "false"
   ucentral.callback.0.local: localhost:16001
@@ -179,10 +190,11 @@ configProperties:
   rtty.viewport: 5913
   # ALB
   alb.enable: "true"
-  alb.port: 15015
+  alb.port: 16102
   # Kafka
   ucentral.kafka.enable: "false"
-  ucentral.kafka.group.id: 1
+  ucentral.kafka.group.id: gateway
+  ucentral.kafka.client.id: gateway1
   ucentral.kafka.brokerlist: localhost:9092
   ucentral.kafka.auto.commit: false
   ucentral.kafka.queue.buffering.max.ms: 50
@@ -206,19 +218,13 @@ configProperties:
   storage.type.mysql.database: ucentral
   storage.type.mysql.port: 3306
   storage.type.mysql.connectiontimeout: 60
-  # Authentication
-  authentication.enabled: "true"
-  authentication.default.access: master
-  authentication.service.type: internal
-  # Firmware
-  firmware.autoupdate.policy.default: auto
   # System
-  ucentral.system.data: $UCENTRAL_ROOT/data
+  ucentral.service.key: $UCENTRALGW_ROOT/certs/restapi-key.pem
+  ucentral.system.data: $UCENTRALGW_ROOT/persist
   ucentral.system.debug: "true"
-  ucentral.system.uri.private: https://localhost:16001
-  ucentral.system.uri.public: https://localhost:16001
+  ucentral.system.uri.private: https://localhost:17002
+  ucentral.system.uri.public: https://localhost:16002
   ucentral.system.commandchannel: /tmp/app_ucentralgw
-  oui.download.uri: https://linuxnet.ca/ieee/oui.txt
   # Logging
   logging.formatters.f1.class: PatternFormatter
   logging.formatters.f1.pattern: "%s: [%p] %t"
@@ -242,6 +248,7 @@ configProperties:
   ucentral.websocket.host.0.key.password: mypassword
   # REST API
   ucentral.restapi.host.0.key.password: mypassword
+  ucentral.internal.restapi.host.0.key.password: mypassword
   # File uploader
   ucentral.fileuploader.host.0.key.password: mypassword
   # Callback
@@ -257,9 +264,6 @@ configProperties:
   ## MySQL
   storage.type.mysql.username: stephb
   storage.type.mysql.password: snoopy99
-  # Authentication
-  authentication.default.username: tip@ucentral.com
-  authentication.default.password: 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
 
 certs:
   clientcas.pem: |