Any Thoughts/Recommendations on Load Sharing and Failover?
Christopher Bongaarts
cab at umn.edu
Wed Aug 22 11:59:56 EDT 2012
On 8/16/2012 3:05 PM, Cantor, Scott wrote:
>> OTOH it seems superficially like redundant/load balanced IDPs would work
>> fairly well if they shared keys. Given all the other things that would
>> be shared (like configurations and hence vulnerabilities) I don't see
>> that as much of a problem.
>
> It has performed extremely well in that way for me for about 8 years now.
> I would not see myself ever going back to a shared state model in the IdP,
> but that again comes back to logout (as in not doing it).
This morning we converted from Terracotta-clustered IdP to a "stateless"
one, and it has been performing swimmingly. TC adds a fair amount of
overhead...
But we are still interested in restoring some state, to support some
semblance of single logout (despite the caveats) and to support Artifact
(Scott K.'s wiki images use case). We're planning to revisit it when
IdP 3 is available.
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list