Workload-optimized tiers

Certificate Authority Service offers two workload-optimized operation tiers for certificate authority (CA) pools.

• DevOps: Focused on high volume, short-lived certificate issuance which is found in microservice-based applications.
• Enterprise: Focused on lower volume, long-lived certificate issuance which is normally found in devices and user identity, where lifecycle management is important.

Both tiers can be used with any kind of application and both tiers support all user-specified certificate timelines. Microservice-based applications might benefit from the higher QPS quota for DevOps CA pools, which can support environments with higher rates of workload startup and allow certificates to be rotated more frequently. DevOps tier might also be more suited for shorter-lived certificates because it lacks certificate lifecycle management.

Some differences between the DevOps and the Enterprise tier are mentioned in the following table:

* QPS quota refers to the maximum number of certificates that can be issued per second by a given CA. A CA pool can reach a higher total effective QPS with multiple CAs. For more information about achieving a higher QPS using a CA pool, see Achieving a higher QPS using a CA pool.

Choosing a tier

When creating a new CA pool, you can specify the tier that best matches how you are using CA Service.

gcloud privateca pools create POOL_ID \
    --tier TIER

What's next

• Learn about CA pools.
• Learn how to create CA pools.
• Learn about quotas and limits.