Ray – good morning. Are your 4 CAS servers within the same data center?
The reason I ask is that we have 4 CAS servers in 4 different data centers (two on prem and two off prem) and what we have seen is that they tend to get into contention with each other resulting in two CAS servers having pegged CPUs. I talked to the Hazelcast folks and they told me that Hazelcast only works within one data center, and trying to run it across the 4 that we are doing is not recommended with their community edition; their paid edition will handle it as it uses MQs. Just curious if you have experienced this or not. Thanks, Jay ________________________________ Jason Rappaport (he/him) Identity and Access Management Analyst Office of Information Technology Email: <mailto:[email protected]> [email protected] Office: 609-258-8464 From: [email protected] <[email protected]> On Behalf Of Ray Bon Sent: Friday, December 10, 2021 11:42 AM To: [email protected] Subject: Re: [cas-user] CAS High Availability Baba, We use round robin with 4 cas servers and use hazelcast for ticket storage. Round robin is managed by the load balancer in prod. Whatever you use for ticket storage has to be fast enough so that the second server knows about the tickets before they are validated by the services. On my local I use apache config for clustering (this config will work with only one of the cas servers started). <VirtualHost *:443> <Proxy balancer://cascluster> # BalancerMember http://localhost:8087 BalancerMember ajp://localhost:8010 BalancerMember ajp://localhost:8011 </Proxy> DocumentRoot "/var/www/html" SSLEngine on SSLCertificateFile /etc/ssl/certs/local.uvic.ca.chain.pem SSLCertificateKeyFile /etc/ssl/private/local.uvic.ca.key.pem SSLProxyEngine on #Bypassing certicate checking on self-signed client cert SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPreserveHost On ProxyPass /cas balancer://cascluster/cas ProxyPassReverse /cas balancer://cascluster/cas #ProxyPass /cas ajp://localhost:8010/cas #ProxyPassReverse /cas ajp://localhost:8010/cas ProxyPass /cas-management ajp://localhost:8017/cas-management ProxyPassReverse /cas-management ajp://localhost:8017/cas-management ProxyPass /sp ajp://localhost:8016/sp ProxyPassReverse /sp ajp://localhost:8016/sp ProxyPass /app0 http://localhost:12080/app0 ProxyPassReverse /app0 http://localhost:12080/app0 ProxyPass /app1 http://localhost:12080/app1 ProxyPassReverse /app1 http://localhost:12080/app1 ProxyPass /Shibboleth.sso http://localhost:12080/Shibboleth.sso ProxyPassReverse /Shibboleth.sso http://localhost:12080/Shibboleth.sso ProxyPass /nodejs https://localhost:8443 ProxyPassReverse /nodejs https://localhost:8443 ServerName local.uvic.ca <IfModule mod_headers> RequestHeader set X-HTTPS 1 Header set Referrer-Policy "no-referrer-when-downgrade" </IfModule> </VirtualHost> Ray On Fri, 2021-12-10 at 03:57 -0800, Baba Ndiaye wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I want to set up a high availability solution for my CAS servers and i want some solutions for that i want to use DNS round Robin *cluster (cas1.myorganisation.edu cas2.myorganisation.edu) *DNS round robin If you already implement it i need your help please. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] <mailto:[email protected]> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d9d0256b4b73788ab1fee8a3bcda3476618eedd.camel%40uvic.ca <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d9d0256b4b73788ab1fee8a3bcda3476618eedd.camel%40uvic.ca?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR04MB5156F8724919C4C8080F3F2BCC749%40BL0PR04MB5156.namprd04.prod.outlook.com.
smime.p7s
Description: S/MIME cryptographic signature
