# CI - CD Separation

---

## CI - CD Separation

- Separate JFrog Platform deployments used for different concerns
   1. CI (Continuous Integration): R&D development and release lifecycle management. Building, testing and releasing (ops focus on promotion and cleanup)
   2. CD (Continuous Delivery or Deployment): Operations for distribution and deploying to production (ops focus on compliance and archiving)
- Each site is separately owned and managed by its respective team(s)
- Using Federation to promote only production ready packages from CI to CD JPD
- The CD JPD is the single source of all production environments

### Why?

**Why separate CI servers and sites from CD servers and sites?**

- CI and CD teams often have different workflows and infrastructure needs, so separate sites let each focus on their priorities
- Enforcing separation of concerns improves security by isolating build and deployment stages, reducing risk from changes or breaches
- Compliance and regulatory mandates may require production environments (CD) to be operated with stricter controls than development (CI)
- Geographic, organizational, or departmental boundaries might dictate separate CI and CD locations or ownership
- High-frequency CI workloads can overwhelm a shared site; splitting sites ensures scalability and stability for both environments
- Restricting access to CD sites minimizes the risk of unauthorized or accidental production releases
- Keeping production binaries solely in the CD site improves auditability and simplifies compliance

### Architecture

The following is a schematic high level architecture of such a topology with two organizations having a dedicated CI JPD each, federating production releases to a common CD JPD.

![CI - CD Separation](../../../../images/ci-cd-separation.png)