High Availability
In a High Availability deployment, emCA components are clustered across multiple nodes to ensure uninterrupted service. A load balancer directs traffic to healthy servers and reroutes requests if a node fails. Two HSMs are deployed in a trusted zone for redundancy.

Key Components
Load Balancer Distributes client requests, monitors server health, and redirects traffic on failure.
Clustered CA Servers Multiple emCA nodes handle certificate issuance, lifecycle events, and certificate pool management.
Redundant TSA Servers Provide timestamping services with failover capability.
Clustered OCSP Servers Host OCSP responders for real-time revocation status checks.
Database Cluster Multiple database instances store certificates, user data, and audit records with data replication.
HSM Cluster Two or more FIPS-compliant modules store private keys and sensitive material, ensuring key availability.
Multi-Tenancy Support
emCA natively isolates multiple tenants within one CA infrastructure:
Tenant Isolation Separate namespaces for certificates, CRLs, audit logs, and keys.
Dedicated Policies Tenant-specific certificate profiles, templates, and workflows.
Scoped RBAC Administrative roles confined to each tenant’s domain.
Horizontal Scaling Onboard additional tenants without impacting performance.
Tenant-Level Auditing Exportable logs for compliance reporting.
Last updated