Managing a High Availability Deployment

You can use the ActivID Appliance in either Single Mode or Dual Mode.

Single Mode requires only one appliance and is designed for a limited number of users or limited authentication throughput, where High Availability (HA) is not required. The appliance is not connected to a peer appliance.

In Single Mode, you can choose whether to install the ActivID Authentication Services. If the services are installed, then the appliance offers authentication and administration services.

If the services are not installed, then the appliance behaves as a Front End and you must connect it to another appliance where the services are installed.

The Front-End applications are:

ActivID Management Console
ActivID Self-Service Portal
ActivID RADIUS Front End
Note: This configuration is not recommended for production. It does not allow load balancing, high availability, or failover.

Dual Mode is for medium and large deployments where High Availability is required. Running in Dual Mode requires two appliances.

You must configure the High Availability between the two appliances which enables communication, cross-supervision and synchronization. Also, you can install the Front-End applications.

In Dual Mode, the status of each node is independent of the other. They can be different and not synchronized.

High Availability Cryptography Compatibility

The ActivID Appliance can be deployed with Software or External HSM cryptography.

Dual Mode can be configured when the second appliance initially has a different Cryptographic Type from the first appliance in the combinations described below

However, once the Dual Mode operation is complete, the second appliance will have the same Cryptographic Type as the first appliance.

		Second Node Cryptographic State
First Node Cryptographic State		Software	Software AND External HSM configured	External HSM
	Software	Allowed	Allowed	Allowed
	External HSM	Not allowed	Allowed if same security world	Allowed if same security world

Topics in this section: