CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign in production at UoA and thanks

On 12 Jun 2005, at 19:13, Brian Hatch wrote:
Our central servers, consisting of two machines behind a foundry have
been preforming brilliantly.

I would love to hear exactly how you've set up your load balancing.

We don't use a load balancer for our cosignd servers.  One of our major design points was that we have no single point of failure.  In order to achieve this sort of resilience in the face of network problems, our cosignd servers are not on the same net, in the same building, etc.

If we needed more than two cosignd servers, we *might* deploy a load balancer in each of two locations.  Clients would still see two IPs, but the load would be spread across however many cosignd servers were in each location.  Only the HTTPS port would be behind the load balancer, mostly because web browsers can not necessarily be relied upon to fail-over gracefully.  Port 6663 would not be load balanced, so replication would take place directly, as would access & fail-over for cosign filters.

Our current needs don't require it, but I'll be rolling it out on the
BigIPs when I have a chance.  Given Cosign's... unique... architecture,
I'm curious which way you set things up and how it's working for you.

The cosign architecture is in fact unique, in the sense that it is simple, elegant, robust, and high-performing.  If you'd like me to expound on any of its unique features, I'd be happy to go on at great length :)


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010