On Nov 6, 2006, at 9:35 AM, Scott Battaglia wrote: > The JBossTicketRegistry utilizes multi-casting in order to > efficiently deliver the cache. First, we obviously only recommend > you do multi-casting on a "trusted network" (i.e. one you > control). Second, you can enable encryption in the JGroups > configuration. More information on that can be found here: > > http://www.jgroups.org/javagroupsnew/docs/javadoc/org/jgroups/ > protocols/ENCRYPT.html > > Does that help? We should probably update our javadocs to reflect > this information.
JBossTicketRegistry is often set up using mulit-casting, but that is not the only method. Multi-casting makes sense when you have lots of machines in the cluster, to keep the network traffic from growing exponentially. My guess is that most sites only want 2-3 CAS servers. In this case, I think using direct tcp connections instead of multi-cast is a better configuration option. The HA-Shibboleth extension (also using JBossTicketRegistry) recommends this configuration as well: http://middleware.georgetown.edu/dokuwiki/doku.php/ projects:hashib:usagedoc#identifying_the_network_connection_to_use This should decrease the likelihood of unauthorized insertion of data into the cluster and removes the need for encryption which introduces a noticeable performance decrease: http://middleware.georgetown.edu/dokuwiki/doku.php/ projects:hashib:usagedoc#encrypting_your_traffic I'm in the process of switching over to a clustered setup, and once I have the configuration set I'll post it back to the list. Steve Cochran Dartmouth College _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
