load balancing 2 shibboleth IdP servers
Ryan Suarez
ryan.suarez at sheridancollege.ca
Wed Aug 5 17:05:03 UTC 2020
On Wed, 2020-08-05 at 16:20 +0000, Cantor, Scott wrote:
> On 8/5/20, 11:54 AM, "users on behalf of Donald Lohr" <
> users-bounces at shibboleth.net on behalf of lohrda at jmu.edu> wrote:
>
> > Those that have more than one Shibboleth IdP server, what kind
> > of
> > practice do you have in place to switch between multiple IdP
> > servers,
> > load balance or etc. If you prefer, feel free to email me
> > separately so
> > as to not publicly disclose your model.
>
> NetScalers of various flavors over the years. We have active/passive
> between two sites via GSLB with 2 servers actively live at the active
> site and 1 at the standby site. DNS only points to one site at a
> time.
We use AWS route53 and HAProxy also active/passive between 2 sites, 2
servers each site. HAProxy sticks the client to each server. If there
is a server failure client is directed to the other server. Session
information is lost (client will have to reauthenticate) but the
tradeoff is a simpler environment to manage.
During upgrades we upgrade the passive site first, evaluate, then make
it active. Makes it easy to switch back to the old environment in case
of any major showstoppers.
More information about the users
mailing list