Clustering the SP

Martin Haase Martin.Haase at DAASI.de
Tue Jan 21 07:54:35 EST 2014 

Hi list,

I'd like your thoughts regarding SP clustering. We have a Web Server
fleet with a well clustered application, we're on Ubuntu 64bit 12.04
LTS, using latest SP 2.5.x from the repositoy provided by the SWITCH
folks. I know Ubuntu is not an officially supported platform, but these
were the prerequisites. We _do_ SLO, front channel, IdP 2.3.8-initiated.
This is why we considered clustering in the first place. We considered
the following options:

* A) ODBC/MySQL clustering. Fails under high load:
https://issues.shibboleth.net/jira/browse/SSPCPP-602

* B) Memcached session sharing: good news: it's included in the SWITCH
repository, so no compilation necessary. Bad news: occasional errors
(not under load yet) from xmltooling "shib_handler:
Memcache::addMemcache Problems: A TIMEOUT OCCURRED". However, evidence
from other applications is that the relevant network part is stable.
What do people do about this? Did you set some non-default flags? Any
flags besides what is documented in the NativeSPStorageService Wiki topic?

* C) Shared shibd. Problem: single point of failure. What about
inserting a proxy before the TCPListener, did anybody implement a
failover shibd with active-passive, and how?

* D) Our SLO is front-channel. What about forgetting the SP session and
relying on session stickyness by the LB?

Happy to hear from you,
Martin



-- 
Dr. Martin Haase, Solutions Engineer

DAASI International GmbH        
Europaplatz 3                   
D-72072 Tübingen                
Germany                    

phone: +49 7071 407109-6
fax:   +49 7071 407109-9  
email: martin.haase at daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2345 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shibboleth.net/pipermail/users/attachments/20140121/75a33805/attachment.bin

More information about the users mailing list