Project

General

Profile

Story #2331

Identity portal replication

Added by Ben Leinfelder about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
-
Start date:
2012-02-14
Due date:
% Done:

100%

Story Points:
Sprint:

Subtasks

Task #2332: Portal http session replicationClosedBen Leinfelder

Task #2333: Portal certificate store replicationRejectedBen Leinfelder

Task #2371: Use stable CILogon modulesClosedBen Leinfelder

History

#1 Updated by Ben Leinfelder about 12 years ago

  • Assignee set to Ben Leinfelder

With round-robin DNS, each CN needs to have replicas of the cilogon portal information; includes http session and client certificates for authenticated users.

#2 Updated by Dave Vieglais about 12 years ago

An alternative (certainly less desirable but easily achievable) strategy to consider is to keep the CN portals separate for the time being. RR DNS would direct the user to one CN. The "cn.dataone.org" virtual host would redirect the client to its full host name, say "cn-ucsb-1.dataone.org" where interactions would continue with that host as the base.

The less desirable aspect of this is that revisiting "cn.dataone.org" may direct the user to another CN. However, if the original visit set a cookie in the domain cn.dataone.org that contained the original host (cn-ucsb-1.dataon.org), then the redirect virtual host could redirect to the host listed in the cookie. Thus the user would continue interaction with the original host.

Not perfect by any means, but perhaps a lot simpler than setting up distributed sessions. Less satisfying though.

#3 Updated by Dave Vieglais about 12 years ago

  • Target version changed from Sprint-2012.07-Block.1.4 to Sprint-2012.09-Block.2.1
  • Position deleted (3)
  • Position set to 20

#4 Updated by Ben Leinfelder about 12 years ago

  • Status changed from New to Closed

We are using a partial replication strategy now: The DB backing store for certificate transactions and proxy is shared by the three nodes whereas the three nodes have completely independent webapp deployments of the portal and use HZ session replication.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)