Frequently Asked Questions

This article highlights the most common questions our customers ask.

Why do we need to set up more than one EkoADC server?

Key reasons for setting up multiple EkoADC servers include:

  • High Availability for Authentication: Multiple servers ensure that users can still log in even if one server fails, maintaining business continuity.

  • Load Balancing: Redundancy allows for the distribution of requests among multiple servers.

  • Complex Use Cases: Some customers require multiple servers to handle different user types or organizational units.

What are Active/Active or Active/Standby operational states used for?

The state of the multiple EkoADC servers is differentiated by whether the server is handling User Authentication or User Synchronization.

State for User Authentication: Active/Active.

For user authentication, the redundant EkoADC servers often operate in an Active/Active state.

  • Mechanism: When multiple EkoADC servers are deployed, they can be used for routing user authentication. This routing often employs DNS round-robin.

  • DNS Round-Robin: This method alternates the order of address records each time a name server is queried, distributing login requests among active servers (e.g., ADC01, ADC02) to balance the load.

  • Use Case: This approach is deployed explicitly for customers who require AD authentication with a redundant server.

State for User Synchronization: Active/Standby.

For user synchronization (provisioning user data to the Eko Cloud), the servers may operate in an Active/Standby configuration.

  • Mechanism: In this state, only one server is actively executing the full synchronization job, while the other server(s) are designated as standbys or backups.

  • Example (Use Case 2): In an architecture supporting provisioning user profiles and credentials, the system may be set up where ADC01 handles User Sync (Active 01) and ADC02 is the Standby 02 for synchronization.

  • Complex Scenarios: Some setups involve complex redundancy configurations where one ADC might handle both user profiles and credentials, while the second ADC only handles user profiles.

Can our team (customer) access the EkoADC Web Console?

Yes, customers can access the EkoADC web console, although this access is typically related to maintenance, troubleshooting, and manual synchronization tasks, rather than core functionality.

Can we have our own account to access the EkoADC Web Console?

Yes. The EkoADC application is configured by default to support multiple, predefined accounts for accessing the web console. This access has to be communicated to the Eko team, as it is defined during the EkoADC initial setup.

The EkoADC predefines three distinct, role-based accounts:

  • Main User Account

  • Auditor Account

  • Operator Account

Can we change the synchronization method from LDAP to FTP?

Yes, it is possible.

However, while the customer can change the synchronization source to a file (FTP/SFTP), it is crucial to note that file synchronization should generally be used for user profile synchronization only.

  • If the primary synchronization source is a file (e.g., from an HR DB), the file must contain a user account (user ID) that can be used for mapping and LDAP binding.

  • Directory software that supports LDAP is still required for user authentication, even if user profiles are provisioned from a file.

PreviousChecking Connectivity and LogsNextEkoAI

Last updated