Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2
Info

Last reviewed: 2017-08-30

Overview

This page specifies the requirements, and steps for clustered deployment of Ubisecure SSO. The scope of the document includes the overall deployment architecture, installation of reverse proxy, Installation of Unisecure Ubisecure applications and LDAP.

Goals

The pursued goals affect the choice of clustering algorithms and deployment architecture. The possible goals, and recommended solutions for clustering each component of the Ubisecure SSO are the following:

  • High Availability
    The system remains available despite a failing node. Improved availability is achieved using supported active/passive, High Availability clustering.

  • Scalability and High Performance, High Availability
    The system remains available despite a failing node, and is able can be scaled to serve more clients in a time unit. Improved performance is achieved using active/active clustering for SSO Server and Redis Cluster in-memory database cluster in addition to normal HA-clusterfor storing session data.

Prerequisites

Competence in the following technologies is required for deploying a Ubisecure SSO cluster:

  • Application server clustering (included Tomcat Server)
  • Directory server clustering and replication (OpenLDAP , AD LDSfor Linux / ADLDS for Windows)
  • Reverse proxy (Environment specific, not provided by Ubisecure)
  • Redis, in-memory data structure store (Not provided by Ubisecure)

High Level Architecture Overview, Recommended Clustering Setups

SSO High availability cluster

Diagram below describes the basic SSO high Avalability avalability cluster.

High availability is achieved by installing two SSO instances in active/passive cluster, so that there is one active SSO node, and another , passive , as high availability option if another SSO is not availableSSO node.

Note that LDAP Ubilogin Directory is replicated between SSO two LDAP instances, but both SSO's use their own LDAP. (LDAP's Ubilogin Directory. Optionally Ubilogin Directory services can be installed also into their own nodes).

Reverse proxy is configured to use primarily SSO1, and SSO2 only when SSO1 is not available. 

Gliffy
size600
nameSSO HA

SSO Scalability and High availability

, high performance

cluster

Diagram below describes the basic SSO scalability and high availability , high performance setup.

High Scalability and high availability and performance is achieved by installing two , or more SSO instances, each with their own LDAP instances (replicated)a Ubilogin Directory instances, and a Redis cluster that is used to store session related data, to improve performance. Reverse proxy is configured to even the load on the SSO instances. 

If only two SSO instances are installed, the Ubilogin Directory instances can be installed in SSO nodes. If more than two SSO instances are installed, it's recommended to install a separate Ubilogin Directory cluster with two nodes.

Gliffy
size600
nameSSO HA HP

Components

Reverse Proxy

Reverse proxy is used to take care of high availability and load balancing (in high performance scalability setup only). Installed into a separate server node. 

Ubisecure SSO server

SSO server instance , configured to use local LDAP installation. and running on tomcatTomcat.

Ubisecure LDAP

Ubilogin Directory

Stores the configurations, user and session data (SSO can be configured to use Redis backed session storage to improve performance.

Redis

Redis is a open source in-memory database project that is hosted: . https://redis.io/

SSO can be configured to use Redis backed session storage to improve performance. 

Cluster Installation

Overview

An overview of deploying Ubisecure SSO cluster is described in the following steps:

  1. Install ldap Ubilogin Directory (AD LDS ADLDS or openLDAPOpenLDAP) in both nodes
  2. Configure LDAP ReplicationUbilogin Directory replication
  3. Configure all the Ubisecure SSO applications on the first node.
    1. Install everything as instructed in the single node installation instrucstion instructions, but do not run the last step (do not start SSO/tomcatTomcat)
  4. Copy the Ubisecure SSO configurations from the first node to the other node.
  5. Install and configure the reverse proxy
  6. Optional, for high performance setupsOnly on scalability setup: Install and configure Redis cluster, configure SSO to use REDIS Redis backed session storage)
  7. Start SSO in both nodes
  8. Start reverse proxy

Cluster can be installed into windows or linux platforms (link to supported versions)

Installation steps


Child pages (Children Display)
alltrue