Cluster

TeskaLabs SeaCat PKI can be deployed as a single instance or as a cluster. The cluster can be geographically distributed to provide high availability and disaster recovery.

Cluster Architecture

The architecture diagram illustrates the deployment options of TeskaLabs SeaCat PKI in containers, highlighting the components involved in both single-instance and clustered configurations:

1. Single Instance (Left side of the diagram):

   • Components:
     • NGINX: Acts as a reverse proxy to handle incoming requests and route them to the appropriate services.
     • Web UI: Provides an interface for managing the PKI.
     • SeaCat PKI: The core PKI microservice that issues and manages certificates.
     • HSM (Hardware Security Module): Optional integration for secure key storage.
     • MongoDB: Serves as the database backend for storing certificate data and configurations.
   • All components are containerized within a single Docker/Podman instance, providing simplicity in deployment and maintenance.

2. Clustered Configuration (Right side of the diagram):

   • Cluster Characteristics:
     • Components are identical to the single-instance setup but are distributed across multiple nodes.
     • Multiple instances of SeaCat PKI and MongoDB ensure redundancy and high availability.
   • Geographical Distribution:
     • Nodes in the cluster can be deployed in different geographical locations, enabling disaster recovery and improving fault tolerance.
   • Synchronization:
     • The MongoDB instances synchronize across the cluster to maintain data consistency.
     • The content of HSM must be synchronized across the cluster using HSM management tools.

Both configurations allow flexible deployment to meet different scalability, reliability, and performance requirements.