Monday, January 14, 2013

OpenAM High-Availability with Security

There are many types of customers. But there is 1 common characteristic in them - save cost! :)

When OpenAM servers are to be deployed in Production, high-availability is required most of the time (in fact, all of the time for my customers). So this implies more machines and thus more money!

And so, usually when High-Availability is concerned, 2 boxes are more than what they can commit.

But, it is not a good practise to deploy the Administrative Console facing the Internet. I would recommend the following architecture, always. 

This architecture strips off the administrative capability of the 2 Internet-facing OpenAM servers. To save cost, the OpenAM server with Administrative Console can be deployed in on of the boxes. 

It's not resource intensive since how many administrators can you have in a corporate? It can also be shut down when not in use. No excuse please.


1 comment:

  1. Shutting down an OpenAM instance with embedded configuration store for a long period of time (longer than the replication changelog purge interval) can result in replication errors (in case the directory content can change without that given AM node).