Here is the short answer to your questions, for detailed, I think Marvin already sent a link on the presentation we did at the last Jasig conference.
Thanks. -sri Srinivas Varadaraj Email: [email protected] ----- Original Message ----- > From: "Javier Fradiletti" <[email protected]> > To: [email protected] > Sent: Tuesday, July 10, 2012 9:16:50 AM > Subject: Re: [cas-user] reverse proxy & load balancing behind Apache > RE: [cas-user] reverse proxy & load balancing behind Apache Good to > know. > Can I ask what's the configuration you're using? > .- Persistence method on the F5 : > Universal/JSESSIONID , although the validation process is so small > its almost stateless. > .- CAS ticket store configuration: a single one behind your three CAS > servers? Each CAS server has their own? > This is were we differ from the the recommended EHCache approach, we > use NDB cluster + JPA ticket registry . In our setup all nodes run > mysqld so each instance of CAS refers to itself but has visibility > to tickets issued by other nodes in the cluster due to replication. > But I believe the use of EHCache can now over come the additional > dependency on mysql and achieve the same results. > .- CAS ticket store implementation you're using? > Thanks a lot! > javier > On Mon, 2012-07-09 at 17:02 -0400, Srinivas Varadaraj wrote: > > We do, a 3 node CAS cluster behind F5 loadbalancer(s) on multiple > > sites with SSL offloaded. > > > -sri > > > Thank you. > > > Srinivas Varadaraj > > > Email: [email protected] > > > > From: "Javier Fradiletti (Contractor)" <[email protected]> > > > > > > To: [email protected] > > > > > > Sent: Friday, July 6, 2012 8:21:43 AM > > > > > > Subject: RE: [cas-user] reverse proxy & load balancing behind > > > Apache > > > > > > Anyone have used Cisco SLB or F5 LB for load balancing? > > > > > > -----Original Message----- > > > > > > From: b savage [ mailto:[email protected] ] > > > > > > Sent: Fri 7/6/2012 8:03 AM > > > > > > To: [email protected] > > > > > > Subject: Re: [cas-user] reverse proxy & load balancing behind > > > Apache > > > > > > On Fri, Jul 6, 2012 at 6:49 AM, Frank Van Damme > > > <[email protected]>wrote: > > > > > > > 2012/7/5 Philippe MARASSE <[email protected]>: > > > > > > > > Member ;-), > > > > > > > > > > > > > > > > As far as I remember, clustering is not so easy. I've set up > > > > > a > > > > > few years > > > > > > > ago > > > > > > > > a clustered CAS involving a few more steps : > > > > > > > > 1 - Clustering tomcat (on-line documentation at apache site > > > > > is > > > > > good > > > > > > > > enough) > > > > > > > > 2 - Make CAS redistributable in web.xml > > > > > > > > 3 - Share the tickets registries (JPATicketRegistry if I'm > > > > > not > > > > > > > mistaken) > > > > > > > > 4 - Use sticky sessions in the balancer > > > > > > > > > > > > > > > > Rdgs > > > > > > > > > > > > > > It looks like mod_balancer does send the same client more or > > > > less > > > > to > > > > > > > the same backend. > > > > > > > So far I got session replication more or less working (the cas > > > > > > > clustering wiki page says nothing about authentication so I'm > > > > also > > > > > > > somewhat worried about session hijacking through the multicast > > > > > > > packages that Tomcat sends - after all, everyone can capture > > > > those > > > > > > > packages and it looks like any server can announce himself as a > > > > > > > cluster member). > > > > > > I found a slideshow presentation somewhere that says you don't > > > > > > > actually need session replication because it is only used for > > > > storing > > > > > > > the "webflow state", and recommands adding > > > > > > > repository-type="client" > > > > > > > to > > > > > > > <flow:executor id="flowExecutor" registry-ref="flowRegistry" > > > > > > > > > > > > > > ... unfortunately I can't test if that works because it is based > > > on > > > an > > > > > > > older Spring version and I can't find the equivalent in newer > > > > versions > > > > > > > - that is, if it hasn't just been made obsolete at all. > > > > > > > > > > > > > Good points. They are highlighted in the warning areas on the > > > clustering > > > > > > page. > > > > > > Many thanks for the advice and pointers, > > > > > > > > > > > > > > -- > > > > > > > Frank Van Damme > > > > > > > No part of this copyright message may be reproduced, read or > > > > seen, > > > > > > > dead or alive or by any means, including but not limited to > > > > telepathy > > > > > > > without the benevolence of the author. > > > > > > > > > > > > > > -- > > > > > > > You are currently subscribed to [email protected] as: > > > > > > > [email protected] > > > > > > > To unsubscribe, change settings or access archives, see > > > > > > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > > > > > > > > -- > > > > > > You are currently subscribed to [email protected] as: > > > [email protected] > > > > > > To unsubscribe, change settings or access archives, see > > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- You are currently subscribed to [email protected] as: > > > [email protected] To unsubscribe, change settings or access archives, > > > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > CONFIDENTIALITY: Any information contained in this e-mail > > > (including attachments) is the property of The State of Texas and > > > unauthorized disclosure or use is prohibited. Sending, receiving or > > > forwarding of confidential, proprietary and privileged information > > is > > > prohibited under Lamar Policy. If you received this e-mail in > > error, > > > please notify the sender and delete this e-mail from your system. > > -- > > > You are currently subscribed to [email protected] as: > > [email protected] > > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
