2.3 Configuring Identity Servers Clusters

After you install an Identity Server, you must create a cluster configuration to configure Identity Server. When you create a cluster, ensure that the servers are installed on the same operating system. Even if you have only one Identity Server, you must assign it to a cluster configuration to configure it. If you have multiple Identity Servers, you can create multiple configurations and assign different Identity Servers to them as shown in Figure 2-2.

Figure 2-2 Identity Server Configurations

A cluster of Identity Servers must reside behind a Layer 4 (L4) switch. Clients access the virtual IP address of the cluster presented on the L4 switch, and the L4 switch alleviates server load by balancing traffic across the cluster. If Identity Server is on the same machine as an Administration Console, and second Identity Server is on the same machine as a secondary Administration Console, ensure that you are familiar with Installing Secondary Administration Console before proceeding.

Whenever a user accesses the virtual IP address (port 8080) assigned to the L4 switch, the system routes the user to one of Identity Servers in the cluster, as traffic necessitates.

The system automatically enables clustering when multiple Identity Servers exist in a group. If only one Identity Server exists in a group, clustering is disabled.

IMPORTANT:You must not use a DNS round robin setup instead of an L4 switch for load balancing. The DNS solution works only as long as all members of the cluster are working and in a good state. If one of them goes down and traffic is still sent to that member, the entire cluster is compromised and all devices using the cluster start generating errors.

This section describes how to set up and manage a cluster of Identity Servers: