Higher performance is achieved with the use of the third-party load balancer directing authentication requests to two primary OneSpan Authentication Server instances. Database load sharing to dedicated database servers is configured in each OneSpan Authentication Server instance. A dedicated audit database is used for auditing and reporting. Administration is performed via the backup OneSpan Authentication Server instance, thus minimizing the load on the primary servers.

Internal HSM device may have an impact on the performance, depending on the number and performance of your HSM devices. Internal HSM devices are less likely to impact performance than external HSM devices.

Availability of the system is maximised by allowing the third-party load balancer to handle load balancing and failover between primary OneSpan Authentication Server instances. Additionally, each primary OneSpan Authentication Server instance is configured to fail over to a backup OneSpan Authentication Server instance.

A backup database server is used, and each OneSpan Authentication Server instance is configured to connect to it automatically if the primary database server is not available.

Two primary OneSpan Authentication Server instances, two backup OneSpan Authentication Server instances, and one dedicated OneSpan Authentication Server instance for administration, auditing, and reporting.

Data is stored on dedicated database servers.

All administrative operations are performed on the administration server.

Long-running operations can be performed with no direct impact on the authentication server performance handling authentication requests (these administrative operations will introduce only a replication impact on the commercial database servers).

The administration scenario could be disabled on both primary servers and backup servers to exclude administrative load. This is done via the Administration Web Interface.

To set up the internal HSM deployment model

1. Install a commercial database on each dedicated database server, and modify the schema as needed.
2. Set up replication between the databases.
3. Install and configure the HSM.
4. Install OneSpan Authentication Serveron each primary and backup server, using the Advanced installation option.
5. Configure database load sharing on each OneSpan Authentication Server instance.
6. Install a database on the audit server.
7. Set up auditing as required.
8. Configure reporting as required.
9. Make auditing data available for reporting, i.e. schedule to merge the primary server's audit data with the backup server auditing data using the Maintenance Wizard.