IdP Clustering. You want to prevent service outages. High Availability and Load Balancing. Possible problems: HW failures



Similar documents
Load Balancing and Clustering in EPiServer

Scalability of web applications. CSCI 470: Web Science Keith Vertanen

Multiple Public IPs (virtual service IPs) are supported either to cover multiple network segments or to increase network performance.

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

High Availability Solutions for the MariaDB and MySQL Database

Jive and High-Availability

Load Balancing and Clustering in EPiServer

ArcGIS for Server Reference Implementations. An ArcGIS Server s architecture tour

short introduction to linux high availability description of problem and solution possibilities linux tools

Robert Honeyman Honeyman IT Consulting.

Tushar Joshi Turtle Networks Ltd

Deployment Topologies

How To Balance A Load Balancer On A Server On A Linux (Or Ipa) (Or Ahem) (For Ahem/Netnet) (On A Linux) (Permanent) (Netnet/Netlan) (Un

Siemens PLM Connection. Mark Ludwig

High Availability CAS

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

High Availability and Disaster Recovery for Exchange Servers Through a Mailbox Replication Approach

High Availability Solutions for MySQL. Lenz Grimmer DrupalCon 2008, Szeged, Hungary

VMware vcloud Automation Center 6.1

Load Balancing and Clustering in EPiDesk

High Availability Storage

Best Practices for Implementing High Availability for SAS 9.4

Click Studios. Passwordstate. High Availability Installation Instructions

VMware vrealize Automation

ArcGIS for Server Deployment Scenarios An ArcGIS Server s architecture tour

Oracle BI Publisher Enterprise Cluster Deployment. An Oracle White Paper August 2007

High Availability of the Polarion Server

Oracle Collaboration Suite

Peter Ruissen Marju Jalloh

Exam F F5 BIG-IP V9.4 LTM Essentials Version: 5.0 [ Total Questions: 100 ]

Active/Active HA Clustering on Shared Storage with Samba

Ecomm Enterprise High Availability Solution. Ecomm Enterprise High Availability Solution (EEHAS) Page 1 of 7

Jive and High-Availability

VERITAS Cluster Server Traffic Director Option. Product Overview

Common Server Setups For Your Web Application - Part II

Authentication and Single Sign On

Click Studios. Passwordstate. High Availability Installation Instructions

VMware vrealize Automation

High Availability and Backup Strategies for the Lustre MDS Server

Cisco Application Networking for BEA WebLogic

EXECUTIVE SUMMARY CONTENTS. 1. Summary 2. Objectives 3. Methodology and Approach 4. Results 5. Next Steps 6. Glossary 7. Appendix. 1.

Cisco Application Networking for IBM WebSphere

BASICS OF SCALING: LOAD BALANCERS

CLUSTERING CAS for High Availability. Eric Pierce, University of South Florida

Step-by-Step Guide. to configure Open-E DSS V7 Active-Active iscsi Failover on Intel Server Systems R2224GZ4GC4. Software Version: DSS ver. 7.

LinuxWorld Conference & Expo Server Farms and XML Web Services

Load Balancing for Microsoft Office Communication Server 2007 Release 2

NetIQ Access Manager 4.1

Load-Balancing Introduction (with examples...)

Informatica MDM High Availability Solution

Module 14: Scalability and High Availability

Availability Digest. Redundant Load Balancing for High Availability July 2013

High Availability & Disaster Recovery Development Project. Concepts, Design and Implementation

High Availability Low Dollar Clustered Storage

Active-Active and High Availability

Integrating the F5 BigIP with Blackboard

HA Configuration Approach

The Promise of Virtualization for Availability, High Availability, and Disaster Recovery - Myth or Reality?

Active-Active ImageNow Server

Architectures Haute-Dispo Joffrey MICHAÏE Consultant MySQL

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

CS 188/219. Scalable Internet Services Andrew Mutz October 8, 2015

Setting Up B2B Data Exchange for High Availability in an Active/Active Configuration

Open Source High Availability on Linux

How To Manage An Orgs Server 10G (Operating System)

ORACLE DATABASE HIGH AVAILABILITY STRATEGY, ARCHITECTURE AND SOLUTIONS

Managing your Domino Clusters

Apache Tomcat. Tomcat Clustering: Part 2 Load balancing. Mark Thomas, 15 April Pivotal Software, Inc. All rights reserved.

Large-Scale Web Applications

Practical Load Balancing

Intro to Load-Balancing Tomcat with httpd and mod_jk

<Insert Picture Here> WebLogic High Availability Infrastructure WebLogic Server 11gR1 Labs

IBM Cloud Manager with OpenStack

Session Clustering in PHP

IBM AIX MANAGED SERVICES:

bla bla OPEN-XCHANGE Open-Xchange Hardware Needs

High Availability HTTP/S. R.P. (Adi) Aditya Senior Network Architect

Eliminate SQL Server Downtime Even for maintenance

INUVIKA TECHNICAL GUIDE

ZingMe Practice For Building Scalable PHP Website. By Chau Nguyen Nhat Thanh ZingMe Technical Manager Web Technical - VNG

This document will list the ManageEngine Applications Manager best practices

Code:1Z Titre: Oracle WebLogic. Version: Demo. Server 12c Essentials.

How To Make Biztalk Highly Available

University of Southern California Shibboleth High Availability with Terracotta

High Availability Technical Notice

A SURVEY OF POPULAR CLUSTERING TECHNOLOGIES

Technical White Paper: Clustering QlikView Servers

BlackBerry Enterprise Server Version: 5.0. Upgrade Planning Guide

Bricks Cluster Technical Whitepaper

Mediasite for the enterprise. Technical planner: TP-05

Monitoring Microsoft Exchange to Improve Performance and Availability

High Availability Implementation for JD Edwards EnterpriseOne

Transcription:

Clustering High Availability and Load Balancing SWITCHaai Team aai@switch.ch You want to prevent service outages Possible problems: HW failures Server component failure power failure. Network failure Software failures Service overload Downtimes due to maintenance (major upgrades) 2

What you usually do Take one box Harden it through redundant components (power, network, disk, memory, CPU s, backplane (?)) Or take another box Organize failover (cold standby) Or take a couple of boxes Organize load balancing... 3 Challenges with the The setup of the and the whole environment is more complex than with a single-server. Special configuration of the is required. Load balancing requires special hardware or software. s in SWITCHaai store some data in a database. Therefore, clustered s need some kind of clustered database or some replication mechanism. 4

Stateful or not? For stateless systems, building a cluster "is easy". But: The is stateful, in general. Conversational state: Short-term session during login process Managed outside of the software Requires sticky sessions on load balancer At present, there is no solution provided to replicate this data Non-conversational state: Data the stores Managed by the software Examples: Persistent ID, User consent data, User Session The v3 provides flexible mechanisms to store such data, e.g. in the client or in a common database, so that the data is available to all nodes. 5 Recommendations Entity Recommended Scope Persistent ID Common Database Cluster User consent Common Database Cluster User Session Client Per Client Transient ID Common Database Cluster SAML artifact Common Database Cluster Conversation Session Memory Per Node Message replay cache Memory Per Node Remarks: "Common Database" means some central/clustered database or a database replicated between nodes. SAML artifact: Irrelevant if SAML 2.0 artifacts are not used/required at all Alternatives for Message replay cache: Common Database or memcached (depending on security requirements) 6

Secret key management for cookie encryption The User Session is stored in an encrypted cookie in the browser. The key to encrypt/decrypt this cookie should regularly be rotated. In a clustered setup, all nodes need to share the same key. It's recommended that one node generates a new key and copies it to the other nodes. Setup: Decide for a node that is responsible for generating the secret keys and copying them to the other nodes. Install an appropriate cronjob. Our guide "Shibboleth Identity Provider Clustering" describes the details and shows an example cronjob script: https://www.switch.ch/aai/guides/idp/clustering/ 7 Examples Who Network Processing Persistent storage Uni Bern (v3) Uni Genève (v2) Uni Lausanne (v2) NGINX (active-active) HTTP Loadbalancer F5 BIG-IP Loadbalancer (sticky) HW load balancer (active-passive) 2 s Use of central MSSQLcluster 2 s (activepassive) MySQL DB Cluster external MySQL-DB (also : Heartbeat + DRBD) Uni Zürich (v2) 3 s external MySQL database HES-SO Fr (v2) 2 s activeactive Uni Marburg (v2) NGINX Loadbalancer 2 s, memcached, SWITCH (v2) Anycast address 2 s activepassive 1 external PostgresDB server Local MySQL-DB, replicated by cron 8

Example Environment Full-featured setup: Persistent Centralized Database Load Balancer Clients User Directory Nodes Cluster User Directory (AD, LDAP) 9 Example Environment Basic setup: Active Persistent User Directory DB Replication Clients User Directory User Directory (AD, LDAP) Standby Persistent 10

Considerations for planning an cluster You need to think about Which type of setup do you need? What kind of database do you need? Which additional hardware or software is required? Which further considerations are relevant for your organisation? There are many mechanisms and options available to setup a suitable environment. The setup to choose depends on the requirements and the possibilities of your organisation. 11 References Documentation from SWITCH: Shibboleth Clustering https://www.switch.ch/aai/guides/idp/clustering/ Documentation from the Shibboleth Consortium: Clustering https://wiki.shibboleth.net/confluence/display/idp30/clustering https://wiki.shibboleth.net/confluence/display/idp30/ Secret Key Management https://wiki.shibboleth.net/confluence/display/idp30/secretkeymanagement 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information