diff --git a/services/tunnelbroker/build.rs b/services/tunnelbroker/build.rs
--- a/services/tunnelbroker/build.rs
+++ b/services/tunnelbroker/build.rs
@@ -51,7 +51,15 @@
   println!("cargo:rerun-if-changed=src/libcpp/Tunnelbroker.h");
   println!("cargo:rerun-if-changed=src/libcpp/Tunnelbroker.cpp");
 
-  println!("cargo:rerun-if-changed=../../shared/protos/tunnelbroker.proto");
-  tonic_build::compile_protos("../../shared/protos/tunnelbroker.proto")
+  println!(
+    "cargo:rerun-if-changed=../../shared/protos/identity_tunnelbroker.proto"
+  );
+  tonic_build::configure()
+    .build_server(true)
+    .build_client(false)
+    .compile(
+      &["../../shared/protos/identity_tunnelbroker.proto"],
+      &["../../shared/protos/"],
+    )
     .expect("Failed to compile protobuf file");
 }
diff --git a/services/tunnelbroker/src/identity_server/mod.rs b/services/tunnelbroker/src/identity_server/mod.rs
new file mode 100644
--- /dev/null
+++ b/services/tunnelbroker/src/identity_server/mod.rs
@@ -0,0 +1,39 @@
+mod proto {
+  tonic::include_proto!("identity.tunnelbroker");
+}
+
+use proto::identity_tunnelbroker_service_server::{
+  IdentityTunnelbrokerService, IdentityTunnelbrokerServiceServer,
+};
+use tonic::transport::Server;
+
+use crate::constants;
+
+#[derive(Debug, Default)]
+struct IdentityService {}
+
+#[tonic::async_trait]
+impl IdentityTunnelbrokerService for IdentityService {
+  async fn refresh_device_keys(
+    &self,
+    _request: tonic::Request<proto::RefreshDeviceKeysRequest>,
+  ) -> Result<tonic::Response<proto::Empty>, tonic::Status> {
+    unimplemented!()
+  }
+}
+
+pub async fn run_identity_server() -> Result<(), tonic::transport::Error> {
+  let addr = format!("[::1]:{}", constants::GRPC_SERVER_PORT)
+    .parse()
+    .expect("Unable to parse identity address");
+
+  tracing::info!("Websocket server listening on {}", &addr);
+  Server::builder()
+    .http2_keepalive_interval(Some(constants::GRPC_KEEP_ALIVE_PING_INTERVAL))
+    .http2_keepalive_timeout(Some(constants::GRPC_KEEP_ALIVE_PING_TIMEOUT))
+    .add_service(IdentityTunnelbrokerServiceServer::new(
+      IdentityService::default(),
+    ))
+    .serve(addr)
+    .await
+}
diff --git a/services/tunnelbroker/src/main.rs b/services/tunnelbroker/src/main.rs
--- a/services/tunnelbroker/src/main.rs
+++ b/services/tunnelbroker/src/main.rs
@@ -1,9 +1,7 @@
 pub mod constants;
-pub mod cxx_bridge;
-pub mod notifications;
-pub mod server;
+pub mod identity_server;
 pub mod websockets;
-use std::io;
+use std::io::{self, Error, ErrorKind};
 use tracing;
 
 #[tokio::main]
@@ -12,6 +10,15 @@
   tracing::subscriber::set_global_default(subscriber)
     .expect("Unable to configure tracing");
 
-  cxx_bridge::ffi::initialize();
-  websockets::create_server().await
+  let identity_server = identity_server::run_identity_server();
+  let websocket_server = websockets::create_server();
+
+  tokio::select! {
+    Ok(_) = identity_server => { Ok(()) },
+    Ok(_) = websocket_server => { Ok(()) },
+    else => {
+      tracing::error!("A grpc or websocket server crashed.");
+      Err(Error::new(ErrorKind::Other, "A grpc or websocket server crashed."))
+    }
+  }
 }