Skip to main content
Version: Develop

Secure Communication with TLS

A distinction must be made between the following use cases when it comes to secured communication with TLS:

a9s Data Service Framework Components

The various internal components which are providing basic functionality, such as managing Service Instances or finding services, normally interact both as a server and as a client. The communication partners are usually other internal components. This is why there is no need that the used server and client certificates are signed by public Certificate Authorities (CA) so private CAs are used instead.

a9s Data Service Framework Components Co-located On Service Instances

On each node of a Service Instance some special internal components are co-located to provide some common functionality, such as backups, restores, and metrics. Depending on the internal component, it either acts as server and/or client, wherefore, it either needs a server and/or one or more client certificates. All these certificates are managed by the corresponding a9s SPI.

TLS Service Plans for the a9s Data Services

Usually the different a9s Data Services provide templates to create TLS Service Plans. For this type of Service Plans the vendored Data Service offers TLS connections to the respective Data Service clients for a secured communication. The server certificate used for these connections are managed by the corresponding a9s SPI.