Connectors¶
What Is a Connector?¶
A Connector is a purpose-built integration component that extends the Zaita platform's certificate discovery and provisioning capabilities into specialised infrastructure systems. Where Bridges provide general-purpose connectivity between your on-premises environment and the Zaita SaaS control plane, Connectors are designed to integrate deeply with specific technologies — interacting with their native APIs, protocols, and management interfaces.
Connectors do not communicate directly with the Zaita SaaS control plane. All communication between a Connector and the platform is routed through a Bridge. This is a mandatory architectural requirement — the Bridge serves as the sole controlled egress point for all platform communication, maintaining the platform's security model of no inbound connections and encrypted, authenticated outbound-only traffic.
How Connectors Work¶
A Connector operates as a local service within your network, positioned in proximity to the infrastructure it integrates with. It receives work from the Zaita platform via a Bridge, executes operations against the target system using native protocols, and reports results back through the same Bridge.
The general communication flow is:
- The Zaita SaaS control plane dispatches a job to the Bridge
- The Bridge delivers the encrypted job payload to the Connector
- The Connector executes the operation against the target infrastructure using native APIs or protocols
- The Connector returns the result to the Bridge
- The Bridge reports the outcome to the SaaS control plane
This model preserves the platform's end-to-end encryption and trust boundaries. Job payloads — including any credentials or sensitive parameters — are encrypted by the back control plane and only decrypted within your network boundary at the point of use.
Connectors vs Bridges¶
Connectors and Bridges are complementary components. They are not interchangeable.
| Bridge | Connector | |
|---|---|---|
| Purpose | General-purpose platform agent and communication gateway | Deep integration with a specific infrastructure technology |
| Scope | Certificate deployment, discovery, key generation, Courier proxy | Technology-specific discovery and provisioning via native APIs |
| Communication | Communicates directly with the Zaita SaaS control plane | Communicates exclusively through a Bridge |
| Deployment | One or more per network zone | One or more per target infrastructure system |
| Prerequisite | None — standalone component | Requires a Bridge in the same network |
A Bridge is always required. A Connector extends the capabilities of the platform into systems that require specialised integration beyond what a Bridge alone can provide.
High Availability¶
Connectors support multi-instance deployment for high availability and resilience. Multiple instances of a Connector can be deployed against the same target infrastructure, ensuring that discovery and provisioning operations continue uninterrupted if a single instance becomes unavailable. Each instance operates independently, and the platform distributes work accordingly.
Available Connectors¶
| Connector | Target System | Capabilities | Documentation |
|---|---|---|---|
| Zaita ADCS Connector | Microsoft Active Directory Certificate Services | Certificate discovery, certificate provisioning | ADCS Connector |