For the latest version, please use Certificate Lifecycle Manager 6.8.1!

On-Premises HA - Single Location Hot-Standby

Overview

This page describes a single-location, high-availability (HA) architecture for a Public Key Infrastructure (PKI) platform. The architecture provides redundancy within a single site through a hot-standby, active/passive failover configuration.

1400
Overview Diagram: Single-Location Setup

Architecture Components

This architecture is designed for a single-location deployment and includes following core components:

  1. Two CARA VMs, configured in an active/passive failover setup.

  2. Two HSMs, clustered and connected via PKCS#11.

  3. Two CLM VMs, configured in an active/passive failover setup.

  4. Three MariaDB Nodes forming an active/active Galera Cluster.

The design also supports network segmentation, to isolate different components such as CLM (RA), CARA (CA), and the Database.

CARA VMs

The CARA VMs consist of the following core components:

  • Keepalived with a VRRP → Manages a floating IP for high-availability and failover.

  • Webserver / Reverse Proxy → Listens on the floating IP, performs TLS termination and forwards traffic to the local CARA services.

  • CARA Services → Run locally behind the reverse proxy.

HSMs

The HSMs are running clustered and are connected to both CARA VMs via PKCS#11. The specifics of the cluster configuration and replication are vendor-dependent and are not covered in this page.

CLM VMs

The core components of the CLM VMs are the following:

  • Keepalived with a VRRP –> Manages a floating IP for high-availability and failover.

  • Webserver / Reverse Proxy → Listens on the floating IP, performs TLS termination and forwards traffic to the local CLM services.

  • CLM Services → Run locally behind the reverse proxy.

MariaDB Nodes

Three MariaDB nodes form an active/active Galera Cluster, hosting the databases for both CLM and CARA applications across the four connected VMs. There is also the option to deploy two separate 3-node Galera clusters, to further isolate CLM and CARA application data, if so desired.

Data Flow

Clients and administrators connect to the CLM and CARA instances via their respective floating IPs. Both CARA and CLM VMs connect directly to all three nodes of the MariaDB backend cluster.

The CARA VMs connect directly to both HSMs, to perform cryptographic operations. The CLM VMs connect to the CARA VMs, to use them as their certificate provider.

The CLM VMs always connect to the CARA service via the CARA floating IP. This ensures uninterrupted functionality during failover events, as the floating IP is automatically reassigned to the active CARA node.

Conclusion

This architecture provides a robust high-availability design for a PKI platform within a single location. By combining active/passive application failover, clustered HSMs and an active/active database backend, the design minimizes service downtime while maintaining database integrity and secure cryptographic operations.

Floating IPs combined with stateless backend services ensure predictable traffic flows and continuous failover behavior. The architecture also supports clear separation of responsibilities and network segmentation between CLM, CARA and database components.