Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray – good morning. Are your 4 CAS servers within the same data center?
The reason I ask is that we have 4 CAS servers in 4 different data centers (two on prem and two off prem) and what we have seen is that they tend to get into contention with each other resulting in two CAS servers having pegged CPUs. I talked to the Hazelcast folks and they told me that Hazelcast only works within one data center, and trying to run it across the 4 that we are doing is not recommended with their community edition; their paid edition will handle it as it uses MQs. Just curious if you have experienced this or not.
Thanks, Jay
________________________________
Jason Rappaport (he/him)
Identity and Access Management Analyst
Office of Information Technology
Email: jaso...@princeton.edu
Office: 609-258-8464
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d9d0256b4b73788ab1fee8a3bcda3476618eedd.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Good morning. We have a similar architecture, but slightly different. We run an internal/ external view of DNS that routes one to either an on-prem load balancer if they are on-prem or an off-prem load balancer if they are off-prem. Behind each LB we run two CAS servers. All four CAS servers replicate tickets via Hazelcast and have a local copy of services (SAML, CAS, OIDC) that is shipped to them via Azure DevOps release pipeline. That being said, we have experienced Hazelcast issues that manifest themselves as pegged CPU typically on two CAS servers (one on and one off prem); when this happens we also see Hazelcast heartbeat error messages. I have talked to the Hazelcast folks and they do not recommend using Hazelcast in this manner. Instead, they only recommend using Hazelcast if your CAS servers are in the same datacenter. We are considering moving to an all off-prem authentication infrastructure as a result.
Thanks, Jay
________________________________
Jason Rappaport (he/him)
Identity and Access Management Analyst
Office of Information Technology
Email: jaso...@princeton.edu
Office: 609-258-8464
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of Baba Ndiaye
Sent: Saturday, February 5, 2022 10:37 AM
To: Ray Bon <rb...@uvic.ca>
Cc: cas-...@apereo.org
Subject: Re: [cas-user] CAS High Availability
Ok, thanks for the clarification. So something i have this error /cas/login?exception.message=Error+decoding+flow+execution HTTP/1.1"
i have this architecture currently
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFu1ZRsC1M8WP4etkoauNzkj%2Bjo2SMgFbF%3DptDfPQPGXBuE9ig%40mail.gmail.com.