On Wed, Mar 5, 2014 at 3:10 PM, Sameera Jayasoma <[email protected]> wrote:
> Hi Asela,
>
>
> On Wed, Mar 5, 2014 at 10:55 AM, Asela Pathberiya <[email protected]> wrote:
>>
>> Hi All,
>>
>> In some Identity Server deployment, there are clients (web
>> applications, Application clients and so on) that talk to admin
>> services in Identity server such as user management, entitlement and
>> s on... To access these admin services, client must be authenticated
>> to Identity Server. We can configure some pre-defined user for the
>> client application and client would always be authenticated to admin
>> service using the defined user. It is not good to authenticate for
>> every requests and populate the contexts, therefore normally
>> authenticated session info (Cookie) would be used by the clients.
>>
>> If we want to achieve high availability and load distribution, you
>> need to load balance the clients requests with clustered Identity
>> server instances. As WSO2 Identity Server (and all WSO2 products) does
>> not support for user session replication across cluster nodes.
>> Therefore we may need to use sticky session with the load balancer..
>> But If LB only considers the sticky session as the only metric for
>> load balancing, All request would be received to an one node of the
>> cluster.. There would not be any use from other nodes..(no
>> Active-Active nodes)
>
>
> No. All requests will not directed to a single server even we use sticky
> sessions. Only the requests related to a single session will get routed to
> the same server. Requests belongs a different session will get routed a
> different server in the cluster.
>
> This is how we've been clustering our products with management consoles.
> With sticky sessions you will get true load balancing.
Yes.. that is the normal scenario.. As i have mentioned above, There
is only one pre-defined user who is authenticated with the admin
server.
To be clear, please take following examples.
1. OAuth or Entitlement mediator calls to WSO2IS. --> When we
configure these mediators, we configure user/password within the
mediator. Those user/pass are used to authenticate for every request.
Then If, we configure a LB(with sticky session) between ESB and
IS, LB can not do the load distribution (No Active-Active)
2. API Gateway calls to Key manager --> AFAIK, API Gateway calls the
admin service of the key manager. User/Pass has been configure in the
api-manager.xml file. Therefore Gateway always uses same user/pass.
Then if we configure a LB(with sticky session) between API Gateway
and Key manager , LB can not do the load distribution (No
Active-Active)
Thanks,
Asela.
>
> Thanks,
> Sameera.
>>
>>
>> Can typical LB (WSO2 ELB, Apache HTTPD) take other metrics for load
>> balancing when sticky session has been configured? Are they
>> intelligent enough ?
>> As I know, user session replications would be supported with Carbon
>> 5.. Till what is the best solution for load balancing the Admin
>> services? I have written some blog about this [1].. which may be
>> helpful. what is in the blog, may not be the best approaches..
>>
>> [1] http://soasecurity.org/2014/03/04/load-balancing-wso2-admin-services/
>>
>> Thanks,
>> Asela.
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>
>
>
>
> --
> Sameera Jayasoma,
> Architect,
>
> WSO2, Inc. (http://wso2.com)
> email: [email protected]
> blog: http://sameera.adahas.org
> twitter: https://twitter.com/sameerajayasoma
> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
> Mobile: 0094776364456
>
> Lean . Enterprise . Middleware
--
Thanks & Regards,
Asela
ATL
Mobile : +94 777 625 933
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
