I know Marvin already gave a detailed response for some of the clustering stuff.
One thing you must ask during DR planning is what level of data loss can you sustain with regards to CAS tickets. For example, if you lose the TGT data store, the worst case scenario is people need to log back in, etc. If that's acceptable, you can minimize the complexity of your structure (i.e. then you only need to cluster per data center, vs. across data centers, etc.) On Mon, Nov 15, 2010 at 12:39 PM, Srinivas Varadaraj <[email protected]> wrote: > All, > I would like request CAS user's experience/advice on implementing CAS > service in HA env with DR / Business continuity architectures. Basically, I > have two datacenters separated by a WAN link (with IPSec VPN running > between the gateways). I have AD (authentication source for CAS) replicating > over this link. Now to build an active-active CAS infrastructure that spans > across datacenter(s). Here are my thoughts: > 1) Setup 2 separate application clusters on either side that > replicate/share session information. Store all tickets and other dynamic > information where possible in an mysql database cluster ( replicated over > the WAN VPN link). The application clusters , in theory should be able to > see active sessions on both sides using the information in the database ( > not sure about this). I am not sure if I want to multicast over the WAN link > or even replicate sessions over TCP on the WAN link. There is sufficient > bandwidth but the latency is major factor. > > 2) Load balance between the data centers using technology such as Big IP's > GTM . Or any other alternative solution. > > So, before going down this path, I need to know if I am thinking this > through. I would love to hear ideas on how others have approached and > accomplished the same with alternative designs/technologies. > > > > Thank you. > -sri > Srinivas Varadaraj > Security Operations Center, > Lamar University, > 409-880-8410 (O) > 409-225-7415 (C) > Email: [email protected] > > > > CONFIDENTIALITY: Any information contained in this e-mail > (including attachments) is the property of The State of Texas and > unauthorized disclosure or use is prohibited. Sending, receiving or > forwarding of confidential, proprietary and privileged information is > prohibited under Lamar Policy. If you received this e-mail in error, > please notify the sender and delete this e-mail from your system. > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
