How to determine which node of a WildFly cluster should be designated as the Systems Operation Node (SON) in RSA Identity Governance & Lifecycle

3 years ago

Originally Published: 2020-04-01

Article Number

000064008

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.x, 7.1.x, 7.2.x
Platform/Application Server: WildFly

Issue

A frequently asked question is which node of a WildFly cluster should be designated as the Systems Operation Node (SON). The SON performs administrative activities such as data collections and AFX requests.

Resolution

Any node of a WildFly cluster may be designated as the SON. The recommendation is to make the domain controller the SON and not one of the general nodes. This is because no matter how many nodes in the cluster, none of the nodes can run if the domain controller is down. However, if one or more general nodes fail, and the domain controller is up, then the application will still be available. If one of the nodes that fails is the SON, the application will have limited functionality in that certain activities such as collections and AFX requests can only be running on the SON. By keeping the SON on the domain controller, full functionality can be maintained no matter how many nodes go down in the cluster with the exception of the domain controller.

This is best illustrated with an example. The following example illustrates this concept with a two-node cluster:

Scenario 1: The SON is on the domain controller.

Node 1: Domain controller and SON.
Node 2: General node.

If Node 1 goes down, the entire application becomes unavailable because a cluster cannot operate without a domain controller.
If Node 2 goes down, Node 1 will stay fully functional because it is the SON.

Scenario 2: The SON is on a general node.

Node 1: Domain controller.
Node 2: General node and SON.

If Node 1 goes down, the entire application becomes unavailable because a cluster cannot operate without a domain controller.
If Node 2 goes down, Node 1 will stay functional but with limited functionality since the SON will be gone. No data collections or AFX requests will process.

Don't see what you're looking for?

Scenario 1: The SON is on the domain controller.

Scenario 2: The SON is on a general node.

Related Articles

Trending Articles