Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Installing BMC Atrium Single Sign-On as a High Availability cluster

BMC contributors content

For additional information, you can also refer to the following webinar conducted by BMC Support.

You can also connect with other users for related discussions on the BMC Atrium SSO Community.

BMC Atrium Single Sign-On in a High Availability (HA) cluster environment is implemented as a redundant system with session failover. In this model, if a node fails, the BMC Atrium Single Sign-On load is transitioned to the remaining servers with minimal interruption.

When multiple BMC Atrium Single Sign-On servers are installed and configured to operate as a cluster, a system failure is absorbed by the remaining cluster nodes. The BMC best practice is to run BMC Atrium Single Sign-On cluster behind a firewall to protect the communications channels, such as replication, BMC Atrium Single Sign-On sessions, and administrative communications, between the nodes. The communications are encrypted, however, the ports must be exposed for connections from the other clustered machines.

The following interactive graphic provides high-level steps for installing BMC Atrium Single Sign-On as a HA cluster. (The graphic may take a few seconds to load)

Before you begin

BMC Atrium Single Sign-On installation in HA mode require following configurations:

  • An installed load balancer.
  • The load balancer must support HTTP traffic.
  • The load balancer must be configured with HTTP session stick mode.
  • The load balancer must be configured for HTTPS communication.

Note

HTTP session sticky mode is used to ensure that the first BMC Atrium Single Sign-On server continues to be used for subsequent requests (excluding node failure).

Installing BMC Atrium Single Sign-On in HA mode

Refer to the following topics to install BMC Atrium Single Sign-On as a High Availability cluster:

No.

Task

Description

1

Pre-installation tasks

BMC recommends that you install the provided BMC Atrium Single Sign-On Tomcat server and Java virtual machine (JVM). Although, installation onto an external (customer-provided) Tomcat server and JVM is supported, this configuration is not recommended.

Before installing the first node, the following information is needed for cluster setup:

  • URL that the load balancer uses for the cluster. The load balancer uses this URL to disperse calls to the cluster nodes.
  • Port number for the internal LDAP server
  • Port number for the replication of the internal LDAP server

The port numbers are used by LDAP for communicating data and for replication information. The specified ports should not be used by other programs and must be accessible from every computer that is part of the cluster.

2

Installing the first node

The information and instructions for installing the first node for an HA cluster on a new Tomcat are provided in the topic, Installing-the-first-node-for-an-HA-cluster-on-a-new-Tomcat-server. If you are installing the first node on an external Tomcat server, see Installing-the-first-node-for-an-HA-cluster-on-an-external-Tomcat-server.

Note

Ensure that you copy the configuration file to the additional nodes.

3.

 Installing additional nodes

The information and instructions for installing the additional nodes for an HA cluster on a new Tomcat are provided in the topic, Installing-additional-nodes-for-an-HA-cluster-on-a-new-Tomcat-server. If you are installing the additional nodes on an external Tomcat server, see Installing-additional-nodes-for-an-HA-cluster-on-an-external-Tomcat-server.

Note

After installing BMC Atrium Single Sign-On in HA mode, verify that the cookie name for all the nodes are the same. For more information about verifying the cookie name, see Managing-nodes-in-a-cluster.

4

Post-installation tasks

  • After adding a new additional node:
    • Ensure Load Balancer is configured with the new node
    • Update Apache MQ configuration of new node and existing nodes (if static configuration is used). For more information see, Session-sharing-in-HA-mode-issue.
    • Restart existing nodes sequentially
  • After a cookie name is changed for a particular BMC Atrium Single Sign-On server in the HA cluster, restart the BMC Atrium Single Sign-On server.

Note

In some cases, BMC Atrium Single Sign-On server restart, browser cache purge, and cookies cleanup do not help in avoiding a multiple redirects error. In that case, restart the operating system.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*