# High Availability

In a High Availability deployment, emCA components are clustered across multiple nodes to ensure uninterrupted service. A load balancer directs traffic to healthy servers and reroutes requests if a node fails. Two HSMs are deployed in a trusted zone for redundancy.

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FKyOo2T2eYz888S6R9V9u%2Fimage.png?alt=media&#x26;token=6deaec78-d03d-4105-bfc4-aa52816fe2bc" alt=""><figcaption></figcaption></figure>

**Key Components**

* **Load Balancer**\
  Distributes client requests, monitors server health, and redirects traffic on failure.
* **Clustered CA Servers**\
  Multiple emCA nodes handle certificate issuance, lifecycle events, and certificate pool management.
* **Redundant TSA Servers**\
  Provide timestamping services with failover capability.
* **Clustered OCSP Servers**\
  Host OCSP responders for real-time revocation status checks.
* **Database Cluster**\
  Multiple database instances store certificates, user data, and audit records with data replication.
* **HSM Cluster**\
  Two or more FIPS-compliant modules store private keys and sensitive material, ensuring key availability.

#### **Multi-Tenancy Support**

emCA natively isolates multiple tenants within one CA infrastructure:

* **Tenant Isolation**\
  Separate namespaces for certificates, CRLs, audit logs, and keys.
* **Dedicated Policies**\
  Tenant-specific certificate profiles, templates, and workflows.
* **Scoped RBAC**\
  Administrative roles confined to each tenant’s domain.
* **Horizontal Scaling**\
  Onboard additional tenants without impacting performance.
* **Tenant-Level Auditing**\
  Exportable logs for compliance reporting.