This manual provides guidance for installations running the PhenixID authentication server as a cluster.
The information in this manual is applicable for PhenixId Server version 4.0 or later.
Earlier versions of PhenixID cannot leverage this manual.
Clustering in version 4.0 of PhenixID authentication server will use two separate services.
PAS will (by default) handle session and configuration, the other is the database.
For PAS, it's possible to only cluster session and not the configuration.
If clustering is being configured, an external database is required.
Typically clustering is used when high availability is required. Also when traffic needs to be spread across multiple nodes due to heavy load. In those cases an external load balancer is required since load balancing is not handled internally. Depending on the configuration, clustering may also allows for "rolling upgrades", meaning that one node can be taken off line for upgrade while a second node can handle the work.
A PhenixID server cluster consist of two separate services, authentication and persistent layer. This differs from when running a non-cluster where all services are handled by the same processes.
The service that handles the actual authentication takes care of clustering the configuration and session data, making sure that data is available to all connected nodes in the cluster. The second service, the database, is in charge of storing data that is important long term but is not configuration data. This would be tokens, lockout status etc.
The image below shows the architectural lay out. Note that database and authentication service does not have to be located on the same servers. It is perfectly fine to separate database and authentication onto their own servers if desired.
Ensuring HA and fault tolerant the database it needs to be externalized. This means the responsibility of the persistent layer is put somewhere else rather than in the PAS it self. PAS will act as client to the external datasource.