I have requirement to setup high availability of the RSA IGL application.
here is the environment setup:
I have 2 application server wildfly installed as standalone (pointing to 1 single DB)
I have 1 DB configured with both application server
Question : Can we have load balancer in front of application server which send request to application server (to maintain the load and send request to another if one of them goes down). Is this supported and will work ?
One more thing what we can achieve with wildfly clustering which can not be done with front facing load balancing
- Community Thread
- Forum Thread
- Identity G&L
- Identity Governance & Lifecycle
- Installation & Upgrade
- RSA Identity
- RSA Identity G&L
- RSA Identity Governance & Lifecycle
- RSA Identity Governance and Lifecycle
- RSA IGL
A load balancer of course is required as part of the configuration for multiple nodes in a cluster. That is the point of a load balancer.
Clustering is an application server deployment configuration option. Clustering does not necessarily provide high availability or load balancing. No such claims are made.
I have gone through the document.
what I need to know if I use hardware/software load balancer in front of application server (2 standalone server pointing to same Db).
is this scenario supported for RSA IG&L or not ?
Actually IGL's HA does not provide load balancing functionality between the nodes. You must setup and configure your own front-facing load balancer. There is not restriction on the software/hardware of your load balancer as long as it is configured correctly with sticky sessions.
Also note that Load Balancing (across nodes) does not necessarily provide High Availability. For instance WorkPoint is always installed only on the SON node. So for practicable purposes this does not provide HA.
Customer has additional question ...
Environment : if Primary DB (DC site) and secondary DB (DR site) is in replication, being primary as (write/active mode) and secondary in standby(read only/passive mode)
"Can we install RSA IGL application pointing to DR DB ? if not, how we can have DR setup then?"
That means, there is not point to have load balancer before Application server if all the request goes to domain controller(SON) in case of wildfly clustering.
what if SON goes down ?
Some actions - like reviews, access requests, violation remediation - can be performed on any node. However some other tasks - like collections, rule runs, review generations … etc - will only run on the SON. Adding to this, you can trigger a collection from any node however that node will not actually run the collection. The SON will run it instead.
The end users will not know or see this as it happens in the backend while processing. You still need a load balancer to balance end-user traffic between nodes so that no one node has more load than the others.
If the SON goes down, then the tasks that only the SON can perform will not work anymore (e.g.: collections, rule processing … etc). However end users will still be able to do many tasks like submit new requests, perform reviews, violation remediation, check dashboards … etc.
This is a completely different topic. What we are discussing here is clustering and HA on the application level, while this question is more on the database side. I would suggest splitting this question in a separate thread.
To answer your question, you cannot point an instance of IGL to a read-only database. There is a big difference between DR and HA. Usually customers setup DR environments as a completely separate instance of IGL (Application and Database), where regular backups are taken from PROD and restored in DR to keep it updated.