Overview

EVERTRUST Cloud is a fully-managed platform designed to remove the burden of deploying and operating EVERTRUST products, by offering them to customers as a service.

Concepts

EVERTRUST Cloud orchestration relies on the EVERTRUST Control Plane, which holds logic regarding organizations, workspaces and instances:

an Organization uniquely identifies you as a customer, manages some resources such as backup encryption keys and multiple Workspaces
a Workspace is a group of Instances that is linked to an Environment. A typical deployment would be comprised of a staging and a production workspace, but there’s not limit on how many workspaces can be created for an organization.
an Instance is a product deployed in a Workspace. It has a logical role such as a PKI or a CLM and can communicate with other instances in the same Workspace.
an Environment is a group of cloud resources, such as a cloud provider and a region, where instances can be deployed. An environment can be shared among multiple customers, or for performance/compliance reasons, be dedicated to a single customer.

Technical overview

EVERTRUST Cloud is built upon battle-tested technologies to deliver outstanding reliability and performance. A component-based approach allows us to scale and improve the service continuously while limiting responsibility of each component to its minimum.

Figure 1. EVERTRUST Cloud components

Control plane

The control plane orchestrates operations and enables cloud-agnostic operations, as it centralizes deployment and configuration on every supported cloud provider. However, as mentioned in Reliability, in case of control plane unavailability, instances can still operate independently, reducing the probability of a large-scale outage.

The following cloud providers are currently supported :

AWS
Google Cloud
Scaleway

All supported cloud providers support high availability.

Secret manager

The Secret manager handles all secret generation, rotation and injection operations. Its secure storage is backed by an HSM, to ensure secret confidentiality.

It manages:

The reliability of the Secret manager is key to the overall platform stability and disaster recovery is described here.

Database

For performance and reliability reasons, EVERTRUST Cloud offloads database management to a third-party provider. The provider depends on the cloud provider where the instance is deployed to:

for instances deployed on AWS or Google Cloud: the database is managed by MongoDB Atlas;
for instances deployed on Scaleway: the database is managed by Scaleway Managed MongoDB.

The database is a critical component as it stores all stateful customer data and configuration. Database backups are managed by the Backup operator.

Backup operator

The backup operator handles database backups from managed databases. It introduces encryption and distribution across multiple cloud providers, and performs backups according to the backup policy.

A unique encryption key is generated by the secret manager for any given organization, to ensure encrypted backups can only be read by entitled organization members or service accounts. It will be used when backing up and restoring data for each organization.

Additionally, backup data will be replicated amongst multiple cloud providers to ensure maximum durability.