Scott and Chris, Thank you for your replies, and please forgive my utter ignorance on the load balancer topic and that my following question might be slightly off-topic... how do you keep the load balancer (hardware or Apache/mod_jk) from becoming the single point of failure that you are trying to avoid when you cluster? Do you really have 2 or more load balancers talking to each other and having a single hostname in DNS (perhaps through some kind of round-robin)?
Thank you, bruno From: Scott Battaglia [mailto:[email protected]] Sent: Monday, June 22, 2009 9:05 AM To: [email protected] Subject: Re: [cas-user] Clustering and certificates On Mon, Jun 22, 2009 at 9:59 AM, Bruno Melloni <[email protected]<mailto:[email protected]>> wrote: <snip /> 1. jBoss recommends placing a certificate in a load balancer (like apache/mod_jk) that sits in front of the cluster, placing no certificate on the jBoss servers themselves. a. Will CAS work with the certificate in the load balancer instead of each individual application server? Yes, we deploy with a certificate on a hardware load balancer over here. b. Or does CAS require a certificate in each cluster node - so that the calls between the client and CAS can happen (and be trusted) using HTTPS? It does not because technically all of your clients are talking to the load balancer first. 2. Is there a good document about clustering CAS? (it would be even better if it was about clustering CAS on jBoss, but I won't hold my breath) Our wiki has documentation on the multitude of solutions available (JBoss Cache, Memcached, JPA). The two that get the most testing are Memcached and JPA. If you disable sessions for the Spring Web Flow then you don't need to worry about actually clustering JBoss Application Server. You just deploy multiple instances and they are all stateless. Only the ticket cache is then stateful. 3. Do you have any recommendations, warnings, knowledge about pitfalls, etc... that I should keep in mind as I setup this? Setup is easier if you rely on client storage of Spring Web Flow flows (its a relatively simple change to the configuration). There are the usual warnings about properly protecting your network and the traffic between your clusters, etc. Cheers, Scott Thank you, Bruno -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
