High Availability
283 views
Skip to first unread message
David Parker
Jan 13, 2017, 3:58:10 PM1/13/17
to LinOTP
We are just starting to look at linOTP, and I would like to find any information pertaining to HA availability for the server. Does it support running multiple servers clustered behind a VIP? I assume storage reliability is left to the underlying token and user stores.
Any experiences with implementing HA or pointers to documentation would be appreciated!
Mirko Ahnert
Jan 16, 2017, 4:51:43 AM1/16/17
to LinOTP
Hi David,
Best Regards,
the replication for LinOTP depends on the underlying database infrastructure. So LinOTP is not replicating anything itself. The redundancy methods of the database solution must be configured accordingly. Here you can find an example for MySQL:
LinOTP in known to run well on MySQL, MariaDB , PostgreSQL, Oracle ...
Best Regards,
Mirko
David Parker
Jan 17, 2017, 1:45:44 PM1/17/17
to LinOTP
Thank you, Mirko! As I understand it, linotp abstracts the user and token stores, so I get that those underlying implementations have to make their own arrangements.
Is there any state that a linotp server persists? Our client has a test environment where they are evaluating linotp in which they have 3 linotp instances sitting behind a VIP. Is there any need for communication between the linotp instances?
My other availability-related question: what is the maximum transaction rate the linotp server can sustain? If/When the client rolls this to production, it's going to get very busy ;-)
Thanks for any and all comments!
Is there any state that a linotp server persists? Our client has a test environment where they are evaluating linotp in which they have 3 linotp instances sitting behind a VIP. Is there any need for communication between the linotp instances?
My other availability-related question: what is the maximum transaction rate the linotp server can sustain? If/When the client rolls this to production, it's going to get very busy ;-)
Thanks for any and all comments!
Mirko Ahnert
Jan 19, 2017, 5:02:41 AM1/19/17
to LinOTP
Hi David,
the LinOTP servers do not need to communicate with each other directly. They do it in a way via the database replication. So e.g. if a challenge is triggered it is written to the database and available to all Nodes. Same goes for enrollment/authentication/UserIdResolver and so on.
The critical number for LinOTP is about the maximum current authentications / minute. This very much depends on the speed of the database backend and the performance of the connected UserIdResolvers - because they will be contacted for each authentication. In our experience LinOTP itself is normally not the limiting factor - so it is very hard to make any general statements about the maximum transaction rate.
Best Regards,
Mirko
Reply all
Reply to author
Forward
0 new messages