On Fri, Sep 1, 2017 at 12:55 PM, Asela Pathberiya <[email protected]> wrote:
> Hi APIM team, > > According to the docs; We are not recommending the thrift protocol to > communicate with GW and KM when even TCP load balancer is used. > > The problem is that; thrift connection must be authenticated & thrift > session is not replicated among key manager nodes. > > IMO; we have three solution for this. > > 1. Replicate thrift session in KM nodes > > 2. Client side load balancing > > 3. Sending authentication credentials from GW to KM in every request. > This has been implemented in WSO2IS for XACML PDP. You can find the > details [1] & sample thrift client [2] > +1. This sounds more scalable and reliable. Replicating backend sessions is bit complicated and we have tried this once with HZ clustering messages. But it did not worked well and if we do clustering will be mandatory. If IS supports token meta data validation via thrift we should be able to use it in future. Like lakmal said i do not see advantage of doing this on 2.1 as we haven't recommend it for production. Thanks, sanjeewa. > > We can easily implement approach 3, Shall we consider this for next APIM > release ? > > [1] http://xacmlinfo.org/2014/04/11/thrift-load-balancing/ > [2] https://svn.wso2.org/repos/wso2/people/asela/xacml/pep/thrift-LB > > Thanks, > Asela. > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 <077%20762%205933> > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
