Hi
From the early days of our deployment I was adamant we had to have resiliency in our Shib roll out and the plan has always been to have two parallel servers linked via HAShib. Now that I'm at the stage of deploying it I'm beginning to think about what this will actually give us.
I would still have the two servers (one would be virtual) both running as idp.dundee.ac.uk, in the (unlikely ?) event of a failure on the real node the Cisco content switching would switch to the virtual node. If I don't deploy the HAShib extension what will I loose? Is it just that someone who has already authenticated will be asked to authenticate again if they open a different resource or will something more sinister happen?
I'm finding my (albeit fairly under used so far) Shib IdP very reliable and so failovers will hopefully be very rare, if its just for the sake of having to authenticate again if it happens I'm wondering whether HAShib is needed?
Any thoughts?
Andy
--
*********
Andy Swiffin
Senior Network Specialist, Corporate Information systems
Information & Communications Services (ICS)
University of Dundee, Computing Centre, Park Place, Dundee, DD1 4HN
Direct: 01382 388000 (Service Desk)
Visit our website at: www.dundee.ac.uk/ics
*********
The University of Dundee is a registered Scottish charity, No: SC015096
|