48d94db4ab
* utimaco initial * doc on simulator * doc on simulator * doc: using port forwarding * more doc * test utimaco lib * utimaco works - before refacto * strated refacto * Refacto and doc of base_hsm * refactored utimaco in base hsm * documentation * support file * proteccio drivers * remove aider * removed aider * documentation * documentation * debugging * fixed dangling pointers issues * test refactoring * working on documentation * more doc rework * database * configuration * doc more fixes * more doc fixes * aes encrypt hsm fixing * syn encryption fix * HSM doc fixes * done with Proteccio * enabled utimaco * fixed utimaco * more doc * fmt * changelog * fixed sym encrypt enum serialization * crates updates * documentation * chore: PR review * cleanup * fix: reuse cargo deps from root --------- Co-authored-by: Manuthor <manu.coste@gmail.com>
797 B
797 B
This mode offers high availability through redundancy and load-balancing.
The KMS servers are stateless, so they can simply be scaled horizontally by connecting them to the same database and fronting them with a load balancer.
Configuring the load balancer
Since the KMS servers are stateless, any load-balancing strategy may be selected, such as a simple round-robin.
When the Cosmian KMS servers are configured to export an HTTPS port (as is the case when running inside a confidential VM):
- all the Cosmian KMS servers should expose the same server certificate on their HTTPS port
- and the load balancer should be configured as an SSL load balancer (HAProxy is a good example of a high-performance SSL load balancer)