Rob/Chris, Good to talk to you guys, hope your doing fine, that's the design I was considering except the backend was a multimaster mysql. I built this as POC with tomcat and mysql with apache doing reverse proxy. Turns out I am getting all kinds good advice here. I still have an important aspect I am not clear about ( sorry I have been on CAS prep a couple weeks now).
Are CAS clients capable of talking to multiple CAS servers or do I have to retain the same FQDN across the datacenters using GTM/GSLB ? I am trying to avoid the additional cost but if its unavoidable I have to build it in. Thank you. -sri Srinivas Varadaraj Security Operations Center, Lamar University, 409-880-8410 (O) 409-225-7415 (C) Email: [email protected] ----- Original Message ----- From: "Robert Marti" <[email protected]> To: [email protected] Sent: Wednesday, November 17, 2010 9:49:03 AM Subject: RE: [cas-user] CAS architecture request. We've thought about DR quite a bit, but have been stalled on actually implementing anything. Our current CAS cluster is active/active VMs writing to an Oracle RAC database (the same cluster that houses all the ERP info) for ticket storage. We don't have to worry about replication this way, and there's really no "failover" since the tickets aren't locked to one server or the other. For DR we were thinking of duplicating the current cluster at the DR site as a passive cluster, and using our F5's to fail that over - tickets would be synced over as often as the ERP data is (probably pretty often :) Rob Marti Systems Administrator Sam Houston State University 936-294-3804 // [email protected] > -----Original Message----- > From: Chris Fontenot [mailto:[email protected]] > Sent: Wednesday, November 17, 2010 7:49 AM > To: [email protected] > Subject: Re: [cas-user] CAS architecture request. > > Sri, > > While I'm not sure to what extent they've thought about this (as a DR effort) > you may want to get with your counterparts at Texas State and Sam Houston > and, maybe, A&M because I'm pretty sure they've all worked on setting up a > cluster environment for CAS especially as it relates to providing CAS in a > Banner (SSB/INB) environment. Not sure if that is part of your goal but you > should keep them in mind. > > Chris Fontenot > > > > > On Mon, Nov 15, 2010 at 2:17 PM, Srinivas Varadaraj <[email protected]> wrote: > > > Indeed, I will gather that as a part of my design specification so, the > expectation can be set right. A very good point ! Also to Marvin's last > email, I > might end up doing a proof of concept first before recommending a final > design. > > From what I saw/read about cas clients ( I read /tried phpCAS), I only > had the ability to specify one CAS server FQDN ( of course in case of the > cluster this would be a load balancer address). Is this true or can i specify > multiple CAS servers in the CAS client. If its not possible, the only > alternative I > can think of is GTM/GSLB so I can retain the same FQDN across the > datacenters. If any one knows of an alternative to this, please let me know. > > > > Thank you. > -sri > Srinivas Varadaraj > Security Operations Center, > Lamar University, > 409-880-8410 (O) > 409-225-7415 (C) > Email: [email protected] > > > > > ________________________________ > > From: "Scott Battaglia" <[email protected]> > To: [email protected] > Sent: Monday, November 15, 2010 1:59:07 PM > Subject: Re: [cas-user] CAS architecture request. > > > I know Marvin already gave a detailed response for some of the > clustering stuff. > > One thing you must ask during DR planning is what level of data loss > can you sustain with regards to CAS tickets. > > For example, if you lose the TGT data store, the worst case scenario > is people need to log back in, etc. If that's acceptable, you can minimize > the > complexity of your structure (i.e. then you only need to cluster per data > center, vs. across data centers, etc.) > > > > > On Mon, Nov 15, 2010 at 12:39 PM, Srinivas Varadaraj > <[email protected]> wrote: > > > All, > I would like request CAS user's experience/advice on > implementing CAS service in HA env with DR / Business continuity > architectures. Basically, I have two datacenters separated by a WAN link > (with IPSec VPN running between the gateways). I have AD (authentication > source for CAS) replicating over this link. Now to build an active-active CAS > infrastructure that spans across datacenter(s). Here are my thoughts: > 1) Setup 2 separate application clusters on either side that > replicate/share session information. Store all tickets and other dynamic > information where possible in an mysql database cluster ( replicated over the > WAN VPN link). The application clusters , in theory should be able to see > active sessions on both sides using the information in the database ( not > sure > about this). I am not sure if I want to multicast over the WAN link or even > replicate sessions over TCP on the WAN link. There is sufficient bandwidth > but the latency is major factor. > > 2) Load balance between the data centers using technology > such as Big IP's GTM . Or any other alternative solution. > > So, before going down this path, I need to know if I am > thinking this through. I would love to hear ideas on how others have > approached and accomplished the same with alternative > designs/technologies. > > > > > Thank you. > -sri > Srinivas Varadaraj > Security Operations Center, > Lamar University, > 409-880-8410 (O) > 409-225-7415 (C) > Email: [email protected] > > > > > CONFIDENTIALITY: Any information contained in this e-mail > (including attachments) is the property of The State of Texas > and > unauthorized disclosure or use is prohibited. Sending, > receiving or > forwarding of confidential, proprietary and privileged > information is > prohibited under Lamar Policy. If you received this e-mail in > error, > please notify the sender and delete this e-mail from your > system. > > -- > You are currently subscribed to [email protected] as: > [email protected] > > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > CONFIDENTIALITY: Any information contained in this e-mail > (including attachments) is the property of The State of Texas and > unauthorized disclosure or use is prohibited. Sending, receiving or > forwarding of confidential, proprietary and privileged information is > prohibited under Lamar Policy. If you received this e-mail in error, > please notify the sender and delete this e-mail from your system. > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] To > unsubscribe, change settings or access archives, see http://www.ja- > sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user CONFIDENTIALITY: Any information contained in this e-mail (including attachments) is the property of The State of Texas and unauthorized disclosure or use is prohibited. Sending, receiving or forwarding of confidential, proprietary and privileged information is prohibited under Lamar Policy. If you received this e-mail in error, please notify the sender and delete this e-mail from your system. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
