The Cryptographic Security Platform supports an Active-Active disaster recovery model for the OCSP service in which two or more independent clusters are deployed across separate data centers. Each data center hosts a fully operational cluster with CSP Validation Authority and, if needed, CA Gateway. All data centers simultaneously serve production OCSP traffic through a load balancer or DNS-based traffic distribution.
This architecture applies when the OCSP service provided by CSP Validation Authority obtains certificate status from an Entrust Certificate Authority via CA Gateway, or from third-party CAs via CRL. It does not apply to the OCSP service from the Certificate Authority solution.
This approach maximizes availability by eliminating any single point of failure at the data center level, while each cluster operates independently with its own database, OCSP signing keys, and Hardware Security Module.

See below for details on deploying an OCSP service in this architecture.