Managing a High Availability Deployment
You can configure the ActivID Appliance deployment with High Availability (HA) to ensure uninterrupted operations and service accessibility in the event of failure or disaster.
Using secondary/redundant ActivID Appliances, load balancing and failover, you can manage the transfer of traffic and data.
For further information, see Deployment Modes.
You can use the ActivID Appliance in either:
- Single Mode requires only one appliance and is designed for a limited number of users or limited authentication throughput, where High Availability (HA) is not required. The appliance is not connected to a peer appliance.
-
If the services are installed, then the appliance offers authentication and administration services.
-
If the services are not installed, then the appliance behaves as a Front End and you must connect it to another appliance where the services are installed.
- ActivID Management Console
- ActivID Self-Service Portal
- ActivID RADIUS Front EndNote: This configuration is not recommended for production. It does not allow load balancing or failover.
In Single Mode, you can choose whether to install the ActivID Authentication Services:
The Front-End applications are:
- Dual Mode requires at least two appliances for High Availability.
You must configure the High Availability between them, enabling communication, cross-supervision and synchronization.
You can also install the Front-End applications.
For further information, see About High Availability Synchronization and Data Replication.
Note: In Dual Mode, the status of each node is independent of the other. They can be different and not synchronized.
The ActivID Appliance can be deployed with Software or External HSM cryptography.
Dual Mode can be configured when the second appliance initially has a different Cryptographic Type from the first appliance in the combinations described below
However, once the Dual Mode operation is complete, the second appliance will have the same Cryptographic Type as the first appliance.
Second Node Cryptographic Type | ||||
---|---|---|---|---|
First Node Cryptographic Type |
|
Software |
Software AND External HSM configured |
External HSM |
Software |
Allowed |
Allowed |
Allowed |
|
External HSM |
Not allowed |
Allowed if same Entrust security world |
Allowed if same Entrust security world |
The following administrative operations require that the applications are restarted:
- Adding a security domain
- Deleting a security domain
- Installing a hot fix or service pack
The applications restart on one node first, then on the other node to avoid a complete interruption of service.
The application restart takes approximately five (5) minutes.
Topics in this section:
See also: