Managing a High Availability Deployment

You can configure the ActivID Appliance deployment with High Availability (HA) to ensure uninterrupted operations and service accessibility in the event of failure or disaster.

Using secondary/redundant ActivID Appliances, load balancing and failover, you can manage the transfer of traffic and data.

For further information, see Deployment Modes.

Note: High Availability should be not confused with scalability. HA does not add resources to the system to handle increased traffic or improve performance.

You can use the ActivID Appliance in either:

  • Single Mode requires only one appliance and is designed for a limited number of users or limited authentication throughput, where High Availability (HA) is not required. The appliance is not connected to a peer appliance.

    • In Single Mode, you can choose whether to install the ActivID Authentication Services:

    • If the services are installed, then the appliance offers authentication and administration services.

    • If the services are not installed, then the appliance behaves as a Front End and you must connect it to another appliance where the services are installed.

    The Front-End applications are:

    • ActivID Management Console
    • ActivID Self-Service Portal
    • ActivID RADIUS Front End
      Note: This configuration is not recommended for production. It does not allow load balancing or failover.
  • Dual Mode requires at least two appliances for High Availability.

    You must configure the High Availability between them, enabling communication, cross-supervision and synchronization.

    You can also install the Front-End applications.

    For further information, see About High Availability Synchronization and Data Replication.

    Note: In Dual Mode, the status of each node is independent of the other. They can be different and not synchronized.

The ActivID Appliance can be deployed with Software or External HSM cryptography.

Dual Mode can be configured when the second appliance initially has a different Cryptographic Type from the first appliance in the combinations described below

However, once the Dual Mode operation is complete, the second appliance will have the same Cryptographic Type as the first appliance.

    Second Node Cryptographic Type
First Node Cryptographic Type

 

Software

Software AND External HSM configured

External HSM

Software

Allowed

Allowed

Allowed

External HSM

Not allowed

Allowed if same Entrust security world

Allowed if same Entrust security world

The following administrative operations require that the applications are restarted:

  • Adding a security domain
  • Deleting a security domain
  • Installing a hot fix or service pack

The applications restart on one node first, then on the other node to avoid a complete interruption of service.

The application restart takes approximately five (5) minutes.

Topics in this section:

See also:

ActivID Appliance Ports and Protocols

Deployment Modes