On Thu, 4 Oct 2012, Andy Swiffin wrote:
> So, I'd be interested to hear from anyone who is doing hot standby with
> their Shibboleth IdP (i.e. if IdP1 is responding always use it, if it
> fails the test switch to IdP2) and what type of hardware loadbalancer
> you're using at the front to do this.
Were running such a hot standby configuration. Tomcat (running the Shib
IdP) and Apache (because I still have an Apache in front of Tomcat) run
all the time on both servers. A 'floating' service address is managed by
high availability software on the underlying Linux boxes. It's currently
Heartbeat but, at least in the SLES Linux distribution we use that's
obsolete and a future implementation will use Pacemaker/Corosync.
For other services we get Heartbeat to also start/stop the deamons on
service transition, but given the age Tomcat takes to get started this
leads to an unacceptable service outage on each transition. We trigger
manual transitions for our own convenience to do things like patch
servers.
We know that a transition will loose state. Since we're using RemoteUser
authentication with our own cookie-based external authentication scheme we
don't loose SSO login state. Loss of the rest we've chosen to live with at
least for the time being.
It's recently occurred to me that if all you need to migrate is an IP
address (no daemons to stop or start, no databases to reconfigure) then a
alternative approach can be to use a network level protocol such as VRRP
(really for routers, but clients can play too). I've never tried this.
Jon.
--
Jon Warbrick
Information Systems Development, Computing Service, University of Cambridge
|