Disaster Recovery Site

[Bryan Wooten]

Looking for any guidance / best practices for setting up CAS 5.x in a DR site.

I have been tasked to architect CAS for our much broader DR project.

We already have a remote Data Center as a location.

Now I know once you start talking CAS many other systems get involved (Like LDAP which I am also responsible for).

So I'll take any White Papers, personal experience, project plans, diagrams, etc.

Cheers,

Bryan

University of Utah

[Mallory, Erik]

I did this last year.  We have a DR site with a VMware cluster. All told we have three vmware clusters two are in our main data center and the previously mentioned DR cluster. I created three RHEL 7 vms, set up maven, java 8 and tomcat 8 (not part of the base install RHEL 7)

I use 389 on each host and leverage replication for service definitions. The idea is that each host can be nearly dependency free, save for our credential store, AD.

All three hosts are configured behind a netscaler using a least connection strategy. SSL is terminated on the netscaler and communication is encrypted on the back end to each cas node. We are using Hazelcast for ticket registry, ldap for connections to our credential store and as previously mentioned, for our service definition store.

I hope this helps, if you have questions I can probably help.

Best,

Erik Mallory

Server Analyst 

Wichita State University

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GW1ZAHFFgVqCojV0KbiuUq_9BB_Y5%3Dv8%3DENgP1paEgwUA%40mail.gmail.com.

[Bryan Wooten]

Thanks Eric,

Your configuration is almost identical to ours. Except we use OpenDJ for credential store, have Duo enabled and use a JSON service registry.

What you describe is exactly what I had in mind.

I think the bigger challenge for me will be getting our LDAPs set up in the DR site.

-Bryan

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GW1ZAHFFgVqCojV0KbiuUq_9BB_Y5%3Dv8%3DENgP1paEgwUA%40mail.gmail.com.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/857DC8AA-36F8-4983-873C-4A26B575E7D8%40wichita.edu.