Installing BMC Atrium Single Sign-On as a High Availability cluster
BMC Atrium Single Sign-On in a High Availability (HA) cluster environment is implemented as a redundant system with session failover. In this model, if a node fails, the BMC Atrium Single Sign-On load is transitioned to the remaining servers with minimal interruption.
When multiple BMC Atrium Single Sign-On servers are installed and configured to operate as a cluster, a system failure is absorbed by the remaining cluster nodes. The BMC best practice is to run BMC Atrium Single Sign-On cluster behind a firewall to protect the communications channels, such as replication, BMC Atrium Single Sign-On sessions, and administrative communications, between the nodes. The communications are encrypted, however, the ports must be exposed for connections from the other clustered machines.
The following interactive graphic provides high-level steps for installing BMC Atrium Single Sign-On as a HA cluster. (The graphic may take a few seconds to load)
Before you begin
BMC Atrium Single Sign-On installation in HA mode require following configurations:
- An installed load balancer.
- The load balancer must support HTTP traffic.
- The load balancer must be configured with HTTP session stick mode.
- The load balancer must be configured for HTTPS communication.
HTTP session sticky mode is used to ensure that the first BMC Atrium Single Sign-On server continues to be used for subsequent requests (excluding node failure).
Installing BMC Atrium Single Sign-On in HA mode
Refer to the following topics to install BMC Atrium Single Sign-On as a High Availability cluster:
|1||Pre-installation tasks||BMC recommends that you install the provided BMC Atrium Single Sign-On Tomcat server and Java virtual machine (JVM). Although, installation onto an external (customer-provided) Tomcat server and JVM is supported, this configuration is not recommended. |
Before installing the first node, the following information is needed for cluster setup:
The port numbers are used by LDAP for communicating data and for replication information. The specified ports should not be used by other programs and must be accessible from every computer that is part of the cluster.
|2||Installing the first node|
The information and instructions for installing the first node for an HA cluster on a new Tomcat are provided in the topic, Installing the first node for an HA cluster on a new Tomcat server. If you are installing the first node on an external Tomcat server, see Installing the first node for an HA cluster on an external Tomcat server.
Ensure that you copy the configuration file to the additional nodes.
|3.||Installing additional nodes|
The information and instructions for installing the additional nodes for an HA cluster on a new Tomcat are provided in the topic, Installing additional nodes for an HA cluster on a new Tomcat server. If you are installing the additional nodes on an external Tomcat server, see Installing additional nodes for an HA cluster on an external Tomcat server.
After installing BMC Atrium Single Sign-On in HA mode, verify that the cookie name for all the nodes are the same. For more information about verifying the cookie name, see Managing nodes in a cluster.
In some cases, BMC Atrium Single Sign-On server restart, browser cache purge, and cookies cleanup do not help in avoiding a multiple redirects error. In that case, restart the operating system.