Sri, While I'm not sure to what extent they've thought about this (as a DR effort) you may want to get with your counterparts at Texas State and Sam Houston and, maybe, A&M because I'm pretty sure they've all worked on setting up a cluster environment for CAS especially as it relates to providing CAS in a Banner (SSB/INB) environment. Not sure if that is part of your goal but you should keep them in mind.
Chris Fontenot On Mon, Nov 15, 2010 at 2:17 PM, Srinivas Varadaraj <[email protected]> wrote: > Indeed, I will gather that as a part of my design specification so, the > expectation can be set right. A very good point ! Also to Marvin's last > email, I might end up doing a proof of concept first before recommending a > final design. > > From what I saw/read about cas clients ( I read /tried phpCAS), I only had > the ability to specify one CAS server FQDN ( of course in case of the > cluster this would be a load balancer address). Is this true or can i > specify multiple CAS servers in the CAS client. If its not possible, the > only alternative I can think of is GTM/GSLB so I can retain the same FQDN > across the datacenters. If any one knows of an alternative to this, please > let me know. > > Thank you. > -sri > Srinivas Varadaraj > Security Operations Center, > Lamar University, > 409-880-8410 (O) > 409-225-7415 (C) > Email: [email protected] > > > ------------------------------ > *From: *"Scott Battaglia" <[email protected]> > *To: *[email protected] > *Sent: *Monday, November 15, 2010 1:59:07 PM > *Subject: *Re: [cas-user] CAS architecture request. > > > I know Marvin already gave a detailed response for some of the clustering > stuff. > > One thing you must ask during DR planning is what level of data loss can > you sustain with regards to CAS tickets. > > For example, if you lose the TGT data store, the worst case scenario is > people need to log back in, etc. If that's acceptable, you can minimize the > complexity of your structure (i.e. then you only need to cluster per data > center, vs. across data centers, etc.) > > > > On Mon, Nov 15, 2010 at 12:39 PM, Srinivas Varadaraj <[email protected]>wrote: > >> All, >> I would like request CAS user's experience/advice on implementing CAS >> service in HA env with DR / Business continuity architectures. Basically, I >> have two datacenters separated by a WAN link (with IPSec VPN running >> between the gateways). I have AD (authentication source for CAS) replicating >> over this link. Now to build an active-active CAS infrastructure that spans >> across datacenter(s). Here are my thoughts: >> 1) Setup 2 separate application clusters on either side that >> replicate/share session information. Store all tickets and other dynamic >> information where possible in an mysql database cluster ( replicated over >> the WAN VPN link). The application clusters , in theory should be able to >> see active sessions on both sides using the information in the database ( >> not sure about this). I am not sure if I want to multicast over the WAN link >> or even replicate sessions over TCP on the WAN link. There is sufficient >> bandwidth but the latency is major factor. >> >> 2) Load balance between the data centers using technology such as Big IP's >> GTM . Or any other alternative solution. >> >> So, before going down this path, I need to know if I am thinking this >> through. I would love to hear ideas on how others have approached and >> accomplished the same with alternative designs/technologies. >> >> >> >> Thank you. >> -sri >> Srinivas Varadaraj >> Security Operations Center, >> Lamar University, >> 409-880-8410 (O) >> 409-225-7415 (C) >> Email: [email protected] >> >> >> CONFIDENTIALITY: Any information contained in this e-mail >> (including attachments) is the property of The State of Texas and >> unauthorized disclosure or use is prohibited. Sending, receiving or >> forwarding of confidential, proprietary and privileged information is >> prohibited under Lamar Policy. If you received this e-mail in error, >> please notify the sender and delete this e-mail from your system. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > CONFIDENTIALITY: Any information contained in this e-mail > (including attachments) is the property of The State of Texas and > unauthorized disclosure or use is prohibited. Sending, receiving or > forwarding of confidential, proprietary and privileged information is > prohibited under Lamar Policy. If you received this e-mail in error, > please notify the sender and delete this e-mail from your system. > > -- > > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
