Overview#
This page describes different DS deployment scenarios supported by PKI.
The tables below describe the contents of each DS instance. The Shared column indicates whether the content is shared among all backends in the same DS instance. The Replicated column indicates whether the contenet is replicated to other DS clones.
Separate DS Instances#
In this scenario multiple PKI subsystems are configured to use separate DS instances. This scenario is used by legacy PKI subsystems and in large PKI deployments where the PKI subsystems are deployed on separate hosts.
CA DS instance#
Content |
DN |
Shared |
Replicated |
|---|---|---|---|
DS schema |
cn=schema |
no |
yes |
DS configuration |
cn=config |
no |
no |
CA backend (e.g. ca): |
|||
CA subtree |
dc= ca,dc=example,dc=com |
no |
yes |
CA indexes |
cn=ca,cn=ldbm database, cn=plugins,cn=config |
no |
no |
KRA DS instance#
Content |
DN |
Shared |
Replicated |
|---|---|---|---|
DS schema |
cn=schema |
no |
yes |
DS configuration |
cn=config |
no |
no |
KRA backend (e.g. kra): |
|||
KRA subtree |
dc=k ra,dc=example,dc=com |
no |
yes |
KRA indexes |
cn=kra,cn=ldbm database, cn=plugins,cn=config |
no |
no |