Changes between Version 5 and Version 6 of IdpOverview


Ignore:
Timestamp:
07/08/11 15:01:58 (13 years ago)
Author:
jpmitchell@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • IdpOverview

    v5 v6  
    1111Iptables is used to re-write packets arriving on the virtual hosts on port 443 to port 8444. This is so the Tomcat server can run without root on the virtual host. 
    1212 
    13 Load balancing is performed via a set of hardware appliances built by Coyote Point configured in a master/hot-standby redundant pair. The https://idp.alaska.edu service URL is bound to the load balancer which utilizes some form of NAT to rewrite packets and send them to the servers that are actually running the Shibboleth service. Currently the load balancer is providing fail over for the two production boxes in a master/hot-standby configuration. This is due to the nature of sessions in SAML and how state is managed in Shibboleth. Currently if one production server goes down the load balancer will shift load to the other production server and SSO sessions are lost for users. Current application sessions (SPs) are maintained in the applications, so users can still access current applications but will be forced to login again to new applications. 
     13Load balancing is performed via a set of hardware appliances built by Coyote Point configured in a master/hot-standby redundant pair. The https://idp.alaska.edu service URL is bound to the load balancer which utilizes some form of NAT to rewrite packets and send them to the servers that are actually running the Shibboleth service. The test box is not load balanced. Currently the load balancer is providing fail over for the two production boxes in a master/hot-standby configuration. This is due to the nature of sessions in SAML and how state is managed in Shibboleth. Currently if one production server goes down the load balancer will shift load to the other production server and SSO sessions are lost for users. Current application sessions (SPs) are maintained in the applications, so users can still access current applications but will be forced to login again to new applications. 
    1414 
    1515References:[[br]]