Andy Swiffin wrote:
> Hi
>
>> From the early days of our deployment I was adamant we had to have
>> resiliency in our Shib roll out and the plan has always been to
>> have two parallel servers linked via HAShib. Now that I'm at the
>> stage of deploying it I'm beginning to think about what this will
>> actually give us.
>
> I would still have the two servers (one would be virtual) both
> running as idp.dundee.ac.uk, in the (unlikely ?) event of a failure
> on the real node the Cisco content switching would switch to the
> virtual node. If I don't deploy the HAShib extension what will I
> loose? Is it just that someone who has already authenticated will be
> asked to authenticate again if they open a different resource or will
> something more sinister happen?
>
> I'm finding my (albeit fairly under used so far) Shib IdP very
> reliable and so failovers will hopefully be very rare, if its just
> for the sake of having to authenticate again if it happens I'm
> wondering whether HAShib is needed?
>
> Any thoughts?
>
> Andy
>
We use HAShib at UCL because we have two machine rooms, so have an
Identity Provider in each. From time to time there is a need to shut
down one or the other of the machines rooms over a weekend in order to
perform electrical work.
--
Adrian Barker
Internet Technology Section
Information Systems
University College London, Gower Street, London WC1E 6BT
External phone: +44 20 7679 5140, Fax (+44) 20 7388 5406
Internal phone: x 25140
Email: [log in to unmask]
|