This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
PankajRana
Beginner
Beginner
‎2020-08-18 02:34 AM

Application high availability

Jump to solution

Hi All,

 

I have requirement to setup high availability of the RSA IGL application. 

here is the environment setup:

I have 2 application server wildfly installed as standalone (pointing to 1 single DB)

I have 1 DB configured with both application server

 

Question : Can we have load balancer in front of application server which send request to application server (to maintain the load and send request to another if one of them goes down). Is this supported and will work ?

 

 

One more thing what we can achieve with wildfly clustering which can not be done with front facing load balancing

 

Thanks,

Pankaj

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
IanStaines
Moderator Moderator
Moderator
In response to PankajRana
‎2020-08-20 11:38 AM

Jump to solution

A load balancer of course is required as part of the configuration for multiple nodes in a cluster.  That is the point of a load balancer. 

 

Clustering is an application server deployment configuration option.  Clustering does not necessarily provide high availability or load balancing.   No such claims are made. 

View solution in original post

0 Likes
Reply
10 Replies
CristySy
Employee
Employee
‎2020-08-18 03:15 AM

Jump to solution

Please refer to below guidelines:

https://community.rsa.com/docs/DOC-112418 

Reply
PankajRana
Beginner
Beginner
In response to CristySy
‎2020-08-18 04:02 AM

Jump to solution

I have gone through the document.

what I need to know if I use hardware/software load balancer in front of application server (2 standalone server pointing to same Db).

is this scenario supported for RSA IG&L or not ?

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to PankajRana
‎2020-08-18 10:40 AM

Jump to solution

Only what is specifically specified in that document is supported.   

0 Likes
Reply
MostafaHelmy
Moderator Moderator
Moderator
‎2020-08-19 11:50 AM

Jump to solution

Actually IGL's HA does not provide load balancing functionality between the nodes. You must setup and configure your own front-facing load balancer. There is not restriction on the software/hardware of your load balancer as long as it is configured correctly with sticky sessions.

Reply
IanStaines
Moderator Moderator
Moderator
In response to MostafaHelmy
‎2020-08-19 12:27 PM

Jump to solution

Also note that Load Balancing (across nodes) does not necessarily provide High Availability.   For instance WorkPoint is always installed only on the SON node.  So for practicable purposes this does not provide HA. 

Reply
CristySy
Employee
Employee
In response to MostafaHelmy
‎2020-08-19 09:14 PM

Jump to solution

Customer has additional question ...

 

Environment : if Primary DB (DC site) and secondary DB (DR site) is in replication, being primary as (write/active mode) and secondary in standby(read only/passive mode)

"Can we install RSA IGL application pointing to DR DB ? if not, how we can have DR setup then?"

0 Likes
Reply
PankajRana
Beginner
Beginner
In response to MostafaHelmy
‎2020-08-20 12:08 AM

Jump to solution

That means, there is not point to have load balancer before Application server if all the request goes to domain controller(SON) in case of wildfly clustering.

 

what if SON goes down ?

0 Likes
Reply
MostafaHelmy
Moderator Moderator
Moderator
In response to PankajRana
‎2020-08-20 04:10 AM

Jump to solution

Some actions - like reviews, access requests, violation remediation - can be performed on any node. However some other tasks - like collections, rule runs, review generations … etc - will only run on the SON. Adding to this, you can trigger a collection from any node however that node will not actually run the collection. The SON will run it instead.

 

The end users will not know or see this as it happens in the backend while processing. You still need a load balancer to balance end-user traffic between nodes so that no one node has more load than the others.

 

If the SON goes down, then the tasks that only the SON can perform will not work anymore (e.g.: collections, rule processing … etc). However end users will still be able to do many tasks like submit new requests, perform reviews, violation remediation, check dashboards … etc.

Reply
MostafaHelmy
Moderator Moderator
Moderator
In response to CristySy
‎2020-08-20 04:13 AM

Jump to solution

This is a completely different topic. What we are discussing here is clustering and HA on the application level, while this question is more on the database side. I would suggest splitting this question in a separate thread.

 

To answer your question, you cannot point an instance of IGL to a read-only database. There is a big difference between DR and HA. Usually customers setup DR environments as a completely separate instance of IGL (Application and Database), where regular backups are taken from PROD and restored in DR to keep it updated.

Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.