Managing a High Availability Deployment
You can use the ActivID Appliance in either Single Mode or Dual Mode.
- Single Mode requires only one appliance and is designed for a limited number of users or limited authentication throughput, where High Availability (HA) is not required. The appliance is not connected to a peer appliance.
- ActivID Management Console
- ActivID Self-Service Portal
- ActivID RADIUS Front EndNote: This configuration is not recommended for production. It does not allow load balancing, high availability, or failover.
In Single Mode, you can choose whether to install the ActivID Authentication Services. If the services are installed, then the appliance offers authentication and administration services.
If the services are not installed, then the appliance behaves as a Front End and you must connect it to another appliance where the services are installed.
The Front-End applications are:
- Dual Mode is for medium and large deployments where High Availability is required. Running in Dual Mode requires two appliances.
You must configure the High Availability between the two appliances which enables communication, cross-supervision and synchronization. Also, you can install the Front-End applications.
In Dual Mode, the status of each node is independent of the other. They can be different and not synchronized.
The ActivID Appliance can be deployed with Software or External HSM cryptography.
Dual Mode can be configured when the second appliance initially has a different Cryptographic Type from the first appliance in the combinations described below
However, once the Dual Mode operation is complete, the second appliance will have the same Cryptographic Type as the first appliance.
Second Node Cryptographic State | ||||
---|---|---|---|---|
First Node Cryptographic State |
|
Software |
Software AND External HSM configured |
External HSM |
Software |
Allowed |
Allowed |
Allowed |
|
External HSM |
Not allowed |
Allowed if same security world |
Allowed if same security world |
The following administrative operations require that the applications are restarted:
- Adding a security domain
- Deleting a security domain
- Installing a hot fix or service pack
The applications restart on one node first, then on the other node to avoid a complete stop of service.
The application restart takes approximately 5 minutes.
Topics in this section:
See also: