Deployment Options
certdog can be deployed on
-
Windows Server 2016
- Windows Server 2019
-
Windows 10
-
Mac OS
- Linux (including RedHat, Debian and Ubuntu)
However, the ADCS agent (the interface to the Microsoft CA) can only be deployed on the Windows Server platforms
Single Server Installation
There are several options available when deploying certdog, the simplest is to install all components on the same Windows server:
This is the default installation and if the host is in the same domain as your Microsoft CA, then the ADCS Agent will be able to access it. Other CAs (e.g. PrimeKey EJBCA) will also be accessible as long as network rules allow
Single Server - Multiple ADCS Instances
The host does not need to be in the same domain (or any domain), nor on the same operating system as the Microsoft CA. It can access CAs in other and multiple Microsoft domains, as shown below:
In this example, the host could be a Linux machine. Domains 1 and 2 would be two separate active directory domains, that may or may not have a trust relationship
For each domain, an ADCS agent would be deployed onto a server that is in the same domain as the CA i.e. Server 1 and Server 2 in this example
Outgoing ports (by default these are 27017,27018 and 27019) from the servers (Server 1 and Server 2) would need to be opened to the Linux host
Multi Server Load Balanced
The main components can all easily be split across several servers for load-balancing and redundancy
The API can be placed in several different locations - as long as it can access the database (or an instance in the cluster)
In the example above, there is a dedicated server hosting the API (Server 2). You may wish to do this if you were to dedicate that instance to integration API calls e.g. from your own applications or scripts
The database can be clustered and hosted across multiple servers…or in the cloud
Cloud and On Premises
The examples given above can be applied to cloud as well as on-premises and other hosted services, for example:
In this example you have the database located in AWS. Mongo offer the Atlas service, which allows for clustering, monitoring and access controls
You could run other services in AWS including the API or UI or, as shown above, in Azure
This could connect back to your on-premises CAs, via the ADCS agent and you could use other hosted services such as those offered by PrimeKey for EJBCA
Summary
Deployment of certdog is flexible in order to fit in with any environment, options are not limited to those mentioned above
If you wish to discuss your requirements with us, drop us a line at