Load Balancing and Failover

OneSpan Authentication Server provides load-balancing and failover between HSM slots.

Session pool

When the OneSpan Authentication Server service or daemon is started, OneSpan Authentication Server will automatically create a session pool to use when accessing each HSM. HSM slots with an attribute matching the OneSpan Authentication Server configuration setting slotSelectionAttribute will be added to the session pool – up to the value of the slotsExpected configuration setting.

When OneSpan Authentication Server needs to access data protected by the HSM, it takes a random session from the pool. Where multiple HSM devices are available, this spreads the load across all slots.

If a session does not receive a response from a slot, the HSM is blacklisted and slots on the other HSM device(s) will be used, where available.

HSM re-initialization

OneSpan Authentication Server will stop and re-initialize all HSM devices in the session pool if one of the following applies:

All configured HSM devices are blacklisted.
At least one HSM has been blacklisted and no sessions are currently required.

Load balancing and failover

Session pool

HSM re-initialization

Log in

Two-step verification is required