# Single Instance

In a Single Instance deployment, the emCA application server, OCSP server, TSA server, and DB server are installed on individual servers within a secure zone. The Hardware Security Module (HSM) is isolated in a highly trusted zone to safeguard cryptographic keys.

<figure><img src="/files/c64HiR9Z6gOaovXqMaYH" alt=""><figcaption></figcaption></figure>

**Key Components**

* **emCA CA Application Server** **–** Generates and issues certificates, manages the CA’s certificate pool, and handles certificate lifecycle events.
* **Timestamping Authority (TSA) Server** **–** Issues trusted timestamps for digital signatures, maintaining long-term certificate validity and integrity.
* **OCSP Application Server –** Responds to Online Certificate Status Protocol requests to confirm certificate revocation status.
* **Database Server –** Stores CA certificate records, user data, device details, and related metadata.
* **Hardware Security Module (HSM) –** Secure, tamper-resistant storage for private keys and sensitive cryptographic material.
* **Offline emCA –** Provides certificate generation capability when the primary CA server is unavailable.
* **Network Access –** Accessible via internet or intranet for authorized certificate requests and management.

**Deployment**

All components are hosted on individual servers for each function within the secure zone. Network protection is enforced using routers and firewalls.

**Advantages**

* Simplified deployment and management.
* Lower infrastructure cost compared to distributed models.
* Suitable for organizations with moderate certificate issuance needs.

**Limitations**

* Limited scalability for high-volume environments.
* Single point of failure risk if a server is compromised or fails.

Requires strict configuration control and continuous security monitoring.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://emca.emudhra.com/getting-started/deployment-models/single-instance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.