This documentation supports the 8.1 version of BMC Atrium Single Sign-On.

To view the latest version, select the version from the Product version menu.

Installing BMC Atrium Single Sign-On as a High Availability cluster

BMC Atrium Single Sign-On in a High Availability (HA) cluster environment is implemented as a redundant system with session failover. In this model, if a node fails, the BMC Atrium Single Sign-On load is transitioned to the remaining servers with minimal interruption.

When multiple BMC Atrium Single Sign-On servers are installed and configured to operate as a cluster, a system failure is absorbed by the remaining cluster nodes. The BMC best practice is to run BMC Atrium Single Sign-On cluster behind a firewall to protect the communications channels, such as replication, BMC Atrium Single Sign-On sessions, and administrative communications, between the nodes. The communications are encrypted, however, the ports must be exposed for connections from the other clustered machines.

The following interactive graphic provides high-level steps for installing BMC Atrium Single Sign-On as a HA cluster. (The graphic may take a few seconds to load)

Before you begin

BMC Atrium Single Sign-On installation in HA mode require following configurations:

  • An installed load balancer.
  • The load balancer must support HTTP traffic.
  • The load balancer must be configured with HTTP session stick mode.
  • The load balancer must be configured for HTTPS communication.

Note

HTTP session sticky mode is used to ensure that the first BMC Atrium Single Sign-On server continues to be used for subsequent requests (excluding node failure).

Installing BMC Atrium Single Sign-On in HA mode

Refer to the following topics to install BMC Atrium Single Sign-On as a High Availability cluster:

No.TaskDescription
1Pre-installation tasksBMC recommends that you install the provided BMC Atrium Single Sign-On Tomcat server and Java virtual machine (JVM). Although, installation onto an external (customer-provided) Tomcat server and JVM is supported, this configuration is not recommended.

Before installing the first node, the following information is needed for cluster setup:
  • URL that the load balancer uses for the cluster. The load balancer uses this URL to disperse calls to the cluster nodes.
  • Port number for the internal LDAP server
  • Port number for the replication of the internal LDAP server

The port numbers are used by LDAP for communicating data and for replication information. The specified ports should not be used by other programs and must be accessible from every computer that is part of the cluster.

2Installing the first node

The information and instructions for installing the first node for an HA cluster on a new Tomcat are provided in the topic, Installing the first node for an HA cluster on a new Tomcat server. If you are installing the first node on an external Tomcat server, see Installing the first node for an HA cluster on an external Tomcat server.

Note

Ensure that you copy the configuration file to the additional nodes.

3. Installing additional nodes

The information and instructions for installing the additional nodes for an HA cluster on a new Tomcat are provided in the topic, Installing additional nodes for an HA cluster on a new Tomcat server. If you are installing the additional nodes on an external Tomcat server, see Installing additional nodes for an HA cluster on an external Tomcat server.

Note

After installing BMC Atrium Single Sign-On in HA mode, verify that the cookie name for all the nodes are the same. For more information about verifying the cookie name, see Managing nodes in a cluster.

4Post-installation tasks
  • After adding a new additional node:
    • Ensure Load Balancer is configured with the new node
    • Update Apache MQ configuration of new node and existing nodes (if static configuration is used). For more information see, Session sharing in HA mode issue.
    • Restart existing nodes sequentially
  • After a cookie name is changed for a particular BMC Atrium Single Sign-On server in the HA cluster, restart the BMC Atrium Single Sign-On server.

Note

In some cases, BMC Atrium Single Sign-On server restart, browser cache purge, and cookies cleanup do not help in avoiding a multiple redirects error. In that case, restart the operating system.

Was this page helpful? Yes No Submitting... Thank you

Comments