Skip to main content
Version: 2.75.x.x LTS

Recommendations for special setups

The standard way to operate nevisIDM is with one single instance that handles all nevisIDM-related tasks:

  • Web-GUI for administration and self-administration
  • Web-Services for administration and self-administration
  • Web-Services for authentication purposes (authentication back end for nevisAuth)
  • Batch job processing
  • Provisioning
  • Asynchronous event processing
  • Auditing
  • Etc.

This chapter contains hints concerning setups that deviate from this standard single-instance approach.

Multi-instance setups

In setups with multiple nevisIDM instances, each nevisIDM instance is usually running independently on a different host. However, common practice is that all instances use the same database and share the same data. As such, multi-instance setups are especially useful in load balancing and failover scenarios. In addition, a multi-instance setup allows you to

Requirements

The nevisIDM package needs to be installed on all affected hosts. Always use the same software version of nevisIDM for all instances. Additionally, the configuration has to be done multiple times in a consistent way. Also, all involved instances must be kept in sync.

Recommendations

We recommend that you enable provisioning on all nevisIDM instances within the multi-instance setup, but file auditing as well as asynchronous processing on one instance only (see below). This is to prevent multiple instances from processing the same event concurrently, which may occasionally lead to errors (such as sending out the same e-mail twice, or splitting the audit log file over several instances). However, take into consideration that failover of event processing or auditing is not possible in such a setup. If the relevant instance goes down, event processing or log file auditing does not take place. The event log data is still written into the database, though. As soon as the instance has been restarted, it will process the "waiting" events.

Summary

  • Enable file auditing on one instance only.
  • Enable asynchronous event processing on one instance only.
  • Enable provisioning on all instances if needed.

The code snippets below show how to configure a setup with two nevisIDM instances. You do this in the nevisidm-prod.properties file (one file per instance). On the second instance, asynchronous processing and file auditing are disabled.

The sample code below shows the configuration of the first instance, with all facilities enabled:

# first instance
# all facilities are enabled:
application.modules.auditing.enabled=true
application.modules.auditing.repeat.count=-1
application.modules.auditing.autostartup.enabled=true
application.modules.event.autostartup.enabled=true
application.modules.provisioning.enabled=true

The next code snippet shows the configuration of the second instance, where asynchronous processing and file auditing are disabled:

# second instance
# enable the audit event facility (generate events) but disable the event
# processing (writing them to the log):
application.modules.auditing.enabled=true
application.modules.auditing.repeat.count=0
application.modules.auditing.autostartup.enabled=false

# disable the event processing:
application.modules.event.autostartup.enabled=false

# enable the provisioning module:
application.modules.provisioning.enabled=true