Skip to content

Hybrid Deployments

Overview

AnkaSecure offers a Hybrid Deployment Model that combines the best of SaaS (Cloud) and On-Premise environments. This model allows organizations to leverage cloud scalability while maintaining on-premise security and compliance for sensitive cryptographic operations.

Key Benefits

Scalability & Flexibility – Utilize cloud-based infrastructure while keeping critical operations on-prem.
Enhanced Security – Store private keys and sensitive data in your own environment.
Optimized Performance – Reduce latency by processing cryptographic operations locally while using the cloud for global access.
Regulatory Compliance – Ensure that encryption keys and sensitive transactions remain under enterprise control.

Architecture Overview

In a hybrid deployment, the AnkaSecure API Server can be hosted both on-premise and in the cloud, allowing organizations to decide where to process encryption, signing, and key management requests.

flowchart TD
 subgraph A["Customer Infrastructure (On-Prem)"]
        B["AnkaSecure API Server"]
        C["On-Prem Key Store"]
 end
 subgraph D["AnkaSecure Cloud (SaaS)"]
        E["AnkaSecure Cloud API"]
        F["Cloud Key Store"]
 end

    B -- Handles sensitive requests --> C
    E -- Provides additional crypto services --> F

    G["SDK"] -- Local Requests --> B
    G -- Cloud Requests --> E

    H["CLI"] -- Local Requests --> B
    H -- Cloud Requests --> E

    I["Customer Application"] -->|Invokes SDK| G
    I -->|Direct call to Cloud API| E
    I -->|Invokes CLI| H

Components:

  1. AnkaSecure API Server (On-Premise)

    • Processes cryptographic operations that must remain within the enterprise environment.

    • Stores encryption keys in an on-premise key store.

  2. AnkaSecure Cloud API

    • Provides additional cryptographic services when needed.

    • Can store non-sensitive keys in a cloud-based key store for global access.

  3. SDK & CLI

    • Automatically route requests between on-prem and cloud environments based on policies.

Deployment Scenarios

Organizations can customize their hybrid deployment model based on security, compliance, and performance requirements.

1️⃣ On-Prem Primary with Cloud Backup

  • All critical cryptographic operations occur on-premise.

  • The cloud environment serves as a backup for disaster recovery.

  • Example Use Case: Banking institutions requiring local key control with cloud redundancy.

2️⃣ Cloud Primary with On-Prem Secure Operations

  • Most encryption/signing operations occur in the cloud for scalability.

  • Highly sensitive operations (e.g., private key storage) are handled on-premise.

  • Example Use Case: Enterprises leveraging SaaS while protecting critical data on-site.

3️⃣ Dynamic Load Balancing

  • Requests are routed dynamically between on-prem and cloud environments.

  • Load balancing ensures optimal performance and redundancy.

  • Example Use Case: Global enterprises needing low-latency cryptographic services.

Hybrid Deployment Considerations

Consideration On-Prem Solution Cloud Solution
Latency & Performance Lower latency for local ops Scalable but may have latency
Security & Compliance Full control, local storage Requires compliance evaluation
Scalability Limited by infrastructure Highly scalable
Disaster Recovery Manual backup & recovery Cloud-based failover options
Cost Hardware & maintenance costs Pay-as-you-go pricing

Installation & Configuration

Step 1: Deploy AnkaSecure API Server On-Prem

Download and install the on-premise server:

sh

CopiarEditar

wget https://enterprise.ankatech.co/download/ankasecure-server.tar.gz tar -xvzf ankasecure-server.tar.gz -C /opt/ankasecure cd /opt/ankasecure

Modify config.yaml to enable hybrid mode:

yaml

CopiarEditar

hybrid: enable: true cloud_fallback: true preferred_region: "us-east-1"

Start the API server:

sh

CopiarEditar

./ankasecure-server start

Step 2: Connect to the Cloud API

Ensure your cloud API credentials are set in cli.properties:

properties

CopiarEditar

clientId=myAppId clientSecret=myAppSecret openapi.scheme=https openapi.host=cloud.ankatech.co openapi.port=443

Step 3: Verify Hybrid Functionality

Test whether encryption requests route correctly:

sh

CopiarEditar

java -jar AnkaSecureCLI.jar encrypt --kid hybridKey --input message.txt --output encrypted.dat

Monitor logs to confirm whether requests were processed locally or routed to the cloud.

Summary

  • AnkaSecure Hybrid Deployments provide the flexibility of both on-premise and cloud cryptographic operations.

  • Organizations can balance security, performance, and compliance based on their needs.

  • Supports multiple deployment strategies, including on-prem-first, cloud-first, or load-balanced models.

For further details, see the Hybrid Deployment Guide here.