High Availability with PINsafe

From Swivel Knowledgebase Wiki

Contents 1 Overview 2 Prerequisites 3 Types of PINsafe Appliance resilience 3.1 Standalone 3.2 Active/Active 3.3 DR 3.4 Active/Passive 4 Types of Third Party resilience 4.1 External Database 4.2 Load Balancers 4.3 VM resilience 5 Testing 6 Known Issues 7 Troubleshooting

Overview

PINsafe can be made to be resilient in a number of ways. This document looks at the differing approaches.

Prerequisites

PINsafe 3.x

Types of PINsafe Appliance resilience

Standalone

This is where there is no resilience and there is a single instance of PINsafe

Active/Active

This is a pair of PINsafe appliances named Primary Master and Standby Master that are able to provide authentication. They are usually deployed at a single site. Resilience is provided by MySQL clustering using database replication. Additional features include

A Virtual IP Address to allow a floating IP address to be attached to a PINsafe appliance, which in the event of failure, can move to a second PINsafe appliance. The VIP is bound to ETH0.

Session Sharing allows a Single Channel TURing image request to be made from one PINsafe server and an authentication request such as using RADIUS from another PINsafe server. As well as the Session Sharing, Information can be requested from a remote PINsafe server by RADIUS, this can be configured to make a request when a single channel authentication is made but no image has been requested, see | PINsafe RADIUS Proxy

Replication interface: Information is usually transferred across a dedicated network interface, on hardware appliances, a cross over cable is used on ETH1, and this provides the maximum resilience since there are no network devices between the appliances that can fail. Replication traffic may also be directed to run of ETH0 instead, with the loss of some resilience capability.

DR

The DR appliances are deployed at Disaster Recovery sites. They are not intended for use as day to day authentication. Resilience is provided by MySQL, the DR acting as a MySQL slave.

Active/Passive

This refers to an older version of the PINsafe HA solution using disk replication, where only one instance of a PINsafe pair is active. It is limited to two PINsafe servers only. This solution is being phased out by the Active/Active solution and is no longer offered for sale. To verify which appliance version you have see Appliance_General_FAQ

Types of Third Party resilience

External Database

An external database can be used with multiple PINsafe servers connecting to the Database. This database should be clustered to provide resilience in itself.

Load Balancers

Load balancers may be deployed to provide resilience.

VM resilience

Additional tools may be deployed such as VMware VMotion to bring up another PINsafe instance in the event of a failure

Testing

Known Issues

Troubleshooting