On Tue, 2007-09-18 at 09:24 +0100, Andy Swiffin wrote:
> Hi
>
> I'd be interested to know
>
> a) Who in the UK has deployed HASHIB (High availability Shibboleth)?
>
> b) Any problems?
>
> c) What have you used in front of the IdPs to switch the traffic between them and why did you use that?
We do at Cardiff.
Two physical idp servers, one virtual server idp server in our VMWare
ESX environment, hashib used on them for clustering.
No problems at all. Works like a charm with the default configuration
(only changed things like IP addresses in the config). Has been working
incident free for 2 years for us in total, one year of that of being a
test service for selected people and one year as a production service
for the whole institution.
We use Netscaler (Citrix) hardware load balancers in front.
idp.cardiff.ac.uk is actually the netscaler, which in turns passes
requests to the real servers sitting behind the scenes. They test for
[idpserver]/shibboleth-idp/Status to return "AVAILABLE", if a server
doesn't return that it marks that server as down and stops sending it
things.
We use the Netscalers purely because we already have them sat in our
server rooms doing other things - they're big beasts and probably total
overkill, but we might as well use them since we have them! Otherwise,
i'd probably do linux-HA/heartbeat kind of load balancing, since it's
free and (relatively) easy to do.
R.
--
----------------------------------------------------------------------
Rhys Smith e: [log in to unmask]
Engineering Consultant: Identity & Access Management (GPG:0xDE2F024C)
Information Services,
Cardiff University, t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff, f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom. m: +44 (0) 7968 087 821
----------------------------------------------------------------------
|