Redundancy
To ensure high availability and reliability for critical functions like user synchronization and authentication, the Eko AD Sync architecture supports the deployment of Redundancy Servers for the Eko Active Directory Connector (EkoADC).
1. Importance of Redundancy
In IT infrastructure, redundancy is the duplication of essential functions or components to increase the reliability of a system. It often appears in the form of a fail-safe or backup, forming a key part of maintenance or load-balancing strategies. A redundant server typically reflects a production server, maintaining the same storage, applications, and configurations.
2. Redundancy Scenarios in Eko AD Sync
EkoADC redundancy servers are deployed on the customer side alongside the customer's Active Directory.
2.1 User Authentication Redundancy (Active/Active)
When multiple EkoADC servers are deployed for a customer, they can operate simultaneously to handle user login requests.
Functionality: EkoADC deployments can include redundant servers for routing user authentication.
Mechanism: This redundancy often uses DNS round-robin for routing user authentication requests.
DNS Round-Robin is a method used to load balance requests among several web servers. For example, if a company has a domain name linked to three servers (ADC01, ADC02, etc.), the DNS server rotates the IP address given to each consecutive login request, distributing the load across the active servers.
Use Cases: Deploying EkoADC at the customer side with redundant servers is a supported use case for AD authentication.
2.2 User Synchronization Redundancy (Active/Standby)
While authentication is often Active/Active, synchronization typically involves a primary server handling the primary sync operation.
Functionality: Synchronization status is often managed in an Active/Standby configuration, meaning one server (e.g., ADC01) is responsible for the user sync process. At the same time, the other (e.g., ADC02) serves as a standby or backup synchronization source.
Data Handling: In a redundant setup, one ADC (e.g., ADC1) might handle both user profiles and credentials, while a secondary ADC (e.g., ADC2) might only handle user profiles.
3. Specific customer examples illustrating redundancy
Customer A: Uses four ADC servers (two for Store operations and two for HQ operations).
Customer B: Uses EkoADC redundancy servers when provisioning users from HR DB files while authenticating against Active Directory.
Customer C: Uses multiple ADCs to handle different user types and authentication methods (AD and Local authentication).
When troubleshooting authentication issues, administrators should review logs from all relevant ADC and IDMAPI servers.
Last updated