Simplified setup: Valid and invalid configurations

Considerable flexibility and a few restrictions govern the registering of key clients with tenants.

Single cluster, single key server

With a single cluster and a single key server, the following rules apply:
  • A single key client can register with more than one tenant.
  • However, two or more key clients cannot register with the same tenant.
The following figure illustrates these rules:
  • Key client c1Client1 can register with tenants devG1, devG2, and devG3.
  • But key client c1Client2 cannot register with devG1 (or devG2 or devG3) because c1Client1 is already registered there.
  • Tenant devG4 is added so that key client c1Client2 can register with a tenant.
Figure 1. Single cluster, single key server
A single cluster with two key clients; each points to a different tenant.

Multiple clusters, single key server

With multiple clusters and a single key server, more than one key client can register with a tenant if the key clients are in different clusters.

The following figure illustrates these rules:
  • With key clients c1Client1 in Cluster1 and c2Client1 in Cluster2:
    • c1Client1 is registered with tenants devG1, devG2, and devG3.
    • c2Client1 can also register with devG1, devG2, and devG3, because it is in a different cluster.
  • Similarly, with c1Client2 in Cluster1 and c2Client1 in Cluster2:
    • c1Client2 is registered with tenant devG4.
    • c2Client1 can also register with devG4, because c2Client1 is in a different cluster.
Figure 2. Multiple clusters, single key server
Two clusters; one key server. Two key clients can point to the same tenant, if the key clients are in separate clusters.

Single cluster, multiple key servers

With a single cluster and multiple key servers, the following rules apply:
  • Different key clients in the same cluster can register with different tenants in the same key server.
  • But a single key client cannot register with tenants in different key servers.
The following figure illustrates these rules:
  • With key clients c1Client1 and c1Client2, both in Cluster1, it is the same situation as in Figure 1.
    • c1Client1 is registered with tenants devG1, devG2, and devG3 in keyserver01.
    • c1Client2 can register with tenant devG4 in (but not with devG1, devG2, or devG3).
  • With key client c1Client2 in Cluster1:
    • c1Client2 can register with a tenant (devG4 in this example) in.
    • But c1Client2 cannot also register with a tenant (devG3) in keyserver02.
  • c1Client3 was created in Cluster1 to register with tenants devG1 and devG2 in keyserver02.
Figure 3. Single cluster, multiple key servers
Two key servers; one cluster. A client cannot point to tenants on different key servers.