Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Overview

This page specifies the requirements, and steps for clustered deployment of Ubisecure SSO. The scope of the document includes the overall deployment architecture, installation of reverse proxy, Installation of Unisecure applications and LDAP.

Goals

The pursued goals affect the choice of clustering algorithms and deployment architecture. The possible goals, and recommended solutions for clustering each component of the Ubisecure SSO are the following:

  • High Availability
    The system remains available despite a failing node. Improved availability is achieved using supported active/passive, High Availability clustering.

  • High Performance, High Availability
    The system remains available despite a failing node, and is able to serve more clients in a time unit. Improved performance is achieved using active/active clustering and Redis in-memory database cluster in addition to normal HA-cluster.

Prerequisites

Competence in the following technologies is required for deploying a Ubisecure SSO cluster:

  • Application server clustering (included Tomcat Server)
  • Directory server clustering and replication (OpenLDAP, AD LDS)
  • Reverse proxy (Environment specific, not provided by Ubisecure)
  • Redis, in-memory data structure store (Not provided by Ubisecure)


High Level Architecture Overview, Recommended Clustering Setups

SSO High availability cluster

Diagram below describes the basic SSO high Avalability cluster.

High availability is achieved by installing two SSO instances so that there is one active SSO, and another, passive, as high availability option if another SSO is not available.

Note that LDAP is replicated between SSO instances, but both SSO's use their own LDAP. (LDAP's can be installed also into their own nodes)

Reverse proxy is configured to use primarily SSO1, and SSO2 only when SSO1 is not available. 



SSO High availability, high performance cluster

Diagram below describes the basic SSO high availability, high performance setup.

High availability and performance is achieved by installing two, or more SSO instances, each with their own LDAP instances (replicated), and a Redis cluster that is used to store session related data, to improve performance. Reverse proxy is configured to even the load on the SSO instances. 




Components

Reverse Proxy

Reverse proxy is used to take care of high availability and load balancing (in high performance setup only). Installed into separate server node. 

Ubisecure SSO server

SSO server instance, configured to use local LDAP installation. and running on tomcat.

Ubisecure LDAP

Stores the configurations, user and session data (SSO can be configured to use Redis backed session storage to improve performance.

Redis

Redis is a open source in-memory database project that is hosted: https://redis.io/

SSO can be configured to use Redis backed session storage to improve performance. 

Cluster Installation

Overview

An overview of deploying Ubisecure SSO cluster is described in the following steps:

  1. Install ldap (AD LDS or openLDAP) in both nodes
  2. Configure LDAP Replication
  3. Configure all the Ubisecure SSO applications on the first node.
    1. Install everything as instructed in the single node installation instrucstion, but do not run the last step (do not start SSO/tomcat)
  4. Copy the Ubisecure SSO configurations from the first node to the other node.
  5. Install and configure the reverse proxy
  6. Optional, for high performance setups: Install and configure Redis cluster, configure SSO to use REDIS backed session storage)
  7. Start SSO in both nodes
  8. Start reverse proxy

Cluster can be installed into windows or linux platforms (link to supported versions)

Installation steps




  • No labels