Hi All,
I read about SSO in HA mode and realized that we need to have load balancer in place. This is needed when SSO A goes down then it can switch over the requests to SSO B.
For this to happen we need to point the SSO components like Admin server - STS and others to this Load balancer -- the Virtual IP.
What if -- if the Load Balancer goes down then will someone be able to login to the Virtual Infra.
Please correct if I am wrong
Thanks
If the load balancer goes down then you will not be able to reach the SSO server. SSO requires for the authentication verification of new users session. You would need to place a redundant load balancer to get rid of this
lvaibhavt wrote:
Hi All,
I read about SSO in HA mode and realized that we need to have load balancer in place. This is needed when SSO A goes down then it can switch over the requests to SSO B.
For this to happen we need to point the SSO components like Admin server - STS and others to this Load balancer -- the Virtual IP.
What if -- if the Load Balancer goes down then will someone be able to login to the Virtual Infra.
Please correct if I am wrong
Thanks
I see no real value in SSO in HA mode to be honest, it is too complex to setup and it just moves the SPOF to a different layer.
I was using SSO in a HA configuration on my current project. I found it was extremely complex to setup and administer.
Further we had failures in the environment where we were locked out because of the implementation. We switched to a multi-site configuration without HA. So each vCenter server had it's own SSO server, which had it's own SQL database. This worked much better then the previous configuration.
Generically speaking I don't think VMware PSO recommends implementing SSO HA, even though the feature is available.
Cheers,
Paul
Hi,
i agree with the others. If you need a high availability SSO Server, i would recommend to use vmware heartbeat.
I know it cost extra, but it works and it is not that complicated.
Frank
Hi All,
Thank you for the suggestions.
If the SSO Server goes down then please let me know if below options are fine to recover it. Considering SSO DB is not on the same server.
First >> Restore the backup of the SSO configuration to a new server
Second >> Take a clone of the SSO Server
Third >> Restore the SSO machine from backup applications like vRanger/Veeam.
Thanks
Hi All,
For a standalone SSO Server -- below things I tested
If we take a clone of the SSO server. Bring the original one down. Power on the Clone Machine. Authentication happens.
I tried logging to the admin@system-domain via web client and normally from Vi client it was working fine.
I then powered off the cloned SSO server and powered on the original one. It was working well.
I then again powered off original SSO Server and power on Clone. It was working fine.
I took backup of the SSO Server from Veeam and then restore it. Powered it on and the authentication was going fine.
I took snapshot of the SSO server and deleted the registry -- restored the snapshot. It was working fine
I have also earlier taken backup of the SSO configuration files and then restored on the new machine and then authentication was going fine.
If none of the above work then we can create a new SSO server and point VC and Inventory Service to this new Server. Article # 2033620
Hope it helps
Thanks
Vaibhav