Hybrid Deployment

The hybrid deployment model for emCA integrates cloud infrastructure with on-premises Hardware Security Modules (HSMs) to balance operational efficiency with stringent cryptographic security.

Key Components

• Cloud-Hosted emCA Services emCA application servers, OCSP responders, TSA, and database run in a cloud environment (for example, AWS, Azure, GCP).

• On-Premises HSMs Private keys and sensitive cryptographic material reside in local HSMs deployed in the data center or secure colocation.

• Secure Connectivity VPN or dedicated private link encrypts all API calls between cloud components and on-premises HSMs.

• Cloud Network Control

  • Load balancer distributes traffic across cloud instances.

  • Web application firewall (WAF) filters HTTP threats.

  • Threat monitoring service (for example, GuardDuty) detects suspicious activity.