How to deploy SPS joined to SPP in a DR environment?

Hi guys,

Say a customer has 2 data centers (HQ and DR).  A 3-node SPP can be deployed as 2xSPP in HQ and 1xSPP in DR, this achieves high availability as well as DR failover for SPP.

If SPS needs to be joined and is also required to handle DR failover, what is the best way to deploy SPS in this setup?  Does anyone have any references on how other customers deploy it?

Thanks.

Hollis

Parents
  • Hi,

    We have this situation, 3 site (2 hq in Rome & dr in Milan), a 3 node cluster of SPP (2 node in principal hq (1 is main node) and 1 in dr) joined with a 3 node "cluster"  (not Hi-avilibilty) of SPS (2 node in principal hq and 1 in dr), for SPS are important the roles you assign to nodes, we have in hq sites 1 node with role Central management & Search Master (this is a best practice), this node don't accept session because is a Search Master and 1 node with role  Managed host, Search minion, for dr 1 node with role Managed host, Search minion. You can also optimize network performance, configuring on SPP in Managed Network Tab the network flow per node between SPP & SPS...

    With this architecture we provide SSH sessions (via web/client requests), SSHsessions (SPS initiated), Password Vault and RDP (via web/client requests)

  • Dears,

    We are facing almost the same issue, we have two sites main and DR with 3 SPP, and 2 SPS, we need to configure the solution for high availability

    So we have 3 SPP in cluster 2 in main and one in DR

    The question is for the SPS, we have the virtual appliance, so as per the guide, we should have the HA managed by the virtualization i.e. one active and another clone is passive

    Do we have any more details on how can we deploy SPS in HA mode?

  • Hi hhamed,

    As per the SPS Admin guide:

    HA functionality was designed for physical SPS units. If SPS is used in a virtual environment, use the HA functionalities provided by the virtualization service instead.

    https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-sessions/6.5.0/administration-guide/38#TOPIC-1385421

    Thanks!

  • Thanks Tawfik,

    Actually the user guide didn't give much details here, i have the following questions:

    Say that we need to have SPS in HA mode as a virtual appliance, can we just have the VMWare Disks on a shared storage? does SPS support this?

    To ensure HA, we should have the main VM (Up and running) and another clone on another host (Down) but replicated through VMWare and both machines are configured against shared storage. So if the host is down, other machine should start with no user intervention

    But if the VM itself is down on the first host, then we need to manually start the other one.

    I really appreciate if you confirm my understating above, do we have any best practice in this area or a n architecture diagram?

    Regards

Reply
  • Thanks Tawfik,

    Actually the user guide didn't give much details here, i have the following questions:

    Say that we need to have SPS in HA mode as a virtual appliance, can we just have the VMWare Disks on a shared storage? does SPS support this?

    To ensure HA, we should have the main VM (Up and running) and another clone on another host (Down) but replicated through VMWare and both machines are configured against shared storage. So if the host is down, other machine should start with no user intervention

    But if the VM itself is down on the first host, then we need to manually start the other one.

    I really appreciate if you confirm my understating above, do we have any best practice in this area or a n architecture diagram?

    Regards

Children
  • Hi hhamed,

    Our documentation does not have detailed information on how VMware HA should be configured as this depends on your own environment. You may refer to the VMware site for the available HA options that suits your environment best.

    Thanks!

  • Key thing to understand here is that the virtual SPS appliance is a completely stand alone unit that is not Hypervisor aware in any way.

    So all HA functionality has to be provided totally by the Hypervisor. This means that you need to make use of the shadow/clone/mirror and management features of the hypervisor to provide HA for each SPS appliance you deploy.

    This also means that extra resources have to be provided on the Hypervisor to accommodate the HA functionality you wish to configure/provide.

    This is therefore a discussion to have with the teams who support the virtual environment.

      

  • Hi @hhamed - did you get any clue to fix this? or did you setup your environment, if yes can you please share few steps? I have 3 SPP & 2 SPS Virtual Setup only.