Andy Swiffin wrote: > Hi > >> From the early days of our deployment I was adamant we had to have >> resiliency in our Shib roll out and the plan has always been to >> have two parallel servers linked via HAShib. Now that I'm at the >> stage of deploying it I'm beginning to think about what this will >> actually give us. > > I would still have the two servers (one would be virtual) both > running as idp.dundee.ac.uk, in the (unlikely ?) event of a failure > on the real node the Cisco content switching would switch to the > virtual node. If I don't deploy the HAShib extension what will I > loose? Is it just that someone who has already authenticated will be > asked to authenticate again if they open a different resource or will > something more sinister happen? > > I'm finding my (albeit fairly under used so far) Shib IdP very > reliable and so failovers will hopefully be very rare, if its just > for the sake of having to authenticate again if it happens I'm > wondering whether HAShib is needed? > > Any thoughts? > > Andy > We use HAShib at UCL because we have two machine rooms, so have an Identity Provider in each. From time to time there is a need to shut down one or the other of the machines rooms over a weekend in order to perform electrical work. -- Adrian Barker Internet Technology Section Information Systems University College London, Gower Street, London WC1E 6BT External phone: +44 20 7679 5140, Fax (+44) 20 7388 5406 Internal phone: x 25140 Email: [log in to unmask]