Newcastle university is in the process of testing a HA shib cluster for
deployment as it's new idp infrastructure.
We did have some apparent problems with the cluster software where shib
would fail complaining of failed replication.
Solved this by upping the time outs in the HA shib connector and upping
the session lifetime in the connector. That seems to have fixed the
behaviour. I have a suspicion you can get into nasty issues if the SP
has a longer session lifetime than the lifetime in the HA replication
cache but have not managed to collect any real evidence of this.
We load balance using round-robinned DNS, in the event of server failure
we transfer the active ip from the dead server to the live server so it
is serving both ip addresses for the service. Apache is configured to
serve on both ip addresses so can handle the traffic. The transfer of
ip addresses is manual at present but we are looking at automated
failover with LVS. The main issue being that we need to get a mentod of
detecting server and/or application death/hanging that is reliable in
order to do auto failover, this is non trivial. Our technique provides
very basic load balancing that is mainly concerned with providing
redundancy rather than managing traffic levels. We have no problems with
load at present.
>From: Discussion list for Shibboleth developments [mailto:JISC-
>[log in to unmask]] On Behalf Of Andy Swiffin
>Sent: 18 September 2007 09:25
>To: [log in to unmask]
>I'd be interested to know
>a) Who in the UK has deployed HASHIB (High availability Shibboleth)?
>b) Any problems?
>c) What have you used in front of the IdPs to switch the traffic
>them and why did you use that?
>TIA for any info.