High Availability

In a High Availability deployment, emCA components are clustered across multiple nodes to ensure uninterrupted service. A load balancer directs traffic to healthy servers and reroutes requests if a node fails. Two HSMs are deployed in a trusted zone for redundancy.

Key Components

  • Load Balancer Distributes client requests, monitors server health, and redirects traffic on failure.

  • Clustered CA Servers Multiple emCA nodes handle certificate issuance, lifecycle events, and certificate pool management.

  • Redundant TSA Servers Provide timestamping services with failover capability.

  • Clustered OCSP Servers Host OCSP responders for real-time revocation status checks.

  • Database Cluster Multiple database instances store certificates, user data, and audit records with data replication.

  • HSM Cluster Two or more FIPS-compliant modules store private keys and sensitive material, ensuring key availability.

Multi-Tenancy Support

emCA natively isolates multiple tenants within one CA infrastructure:

  • Tenant Isolation Separate namespaces for certificates, CRLs, audit logs, and keys.

  • Dedicated Policies Tenant-specific certificate profiles, templates, and workflows.

  • Scoped RBAC Administrative roles confined to each tenant’s domain.

  • Horizontal Scaling Onboard additional tenants without impacting performance.

  • Tenant-Level Auditing Exportable logs for compliance reporting.

Last updated