Maximum-availability deployment model
The maximum-availability deployment model increases performance and availability by introducing greater backup measures and adding a dedicated third-party load balancer application.
Figure: Maximum-availability deployment model
Performance
Higher performance is achieved with the use of the third-party load balancer directing authentication requests to two primary OneSpan Authentication Server instances. Database load sharing to dedicated database servers is configured in each OneSpan Authentication Server instance. A dedicated audit database is used for auditing and reporting. Administration is performed via the backup OneSpan Authentication Server instance, thus minimizing the load on the primary servers.
Availability
Availability of the system is maximised by allowing the third-party load balancer to handle load balancing and failover/failback between the primary OneSpan Authentication Server instances. Additionally, each primary OneSpan Authentication Server instance is configured to fail over to a backup OneSpan Authentication Server instance.
A backup database server is used, and each OneSpan Authentication Server is configured to connect to it automatically if the primary database server is not available.
OneSpan Authentication Server
Two primary OneSpan Authentication Server instances, two backup OneSpan Authentication Server instances, and one dedicated OneSpan Authentication Server instance for administration, auditing, and reporting.
Data is stored on dedicated database servers.
Administration
All administrative operations are performed on the administration server.
Long running operations can be performed with no direct impact on the authentication server performance handling authentication requests (these administrative operations will introduce only a replication impact on the commercial database servers)
The administration scenario could be disabled on both primary servers and backup servers to exclude administrative load. This is done via the Administration Web Interface.
Replication
Commercial replication is enabled between database servers. OneSpan Authentication Server replication is disabled.
Auditing
Auditing data should be written to databases at each site. The data should be imported to the master auditing database at the administration site on a regular basis.
Reporting
Reporting is best configured to retrieve auditing input from the database for increased report generation throughput.
Deployment steps
To set up the maximum-availability deployment model
- Install a commercial database on each dedicated database server, and modify the schema as needed.
- Set up replication between the databases.
- Install OneSpan Authentication Server on each primary and backup server, using the Advanced installation option.
- Configure database load sharing on each OneSpan Authentication Server instance.
- Install a database on the audit server.
- Set up auditing as required.
- Configure reporting as required.
- Make auditing data available for reporting, i.e. schedule to merge the primary server's audit data with the backup server auditing data using the Maintenance Wizard.