cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

High availability for Secure Login Server

Go to solution
asif_rahmetulla
Participant

on ‎03-29-2022 12:28 AM

0 Kudos

Hello there,

We are exploring option for Secure Login servers in an active / idle configuration to address high-availability.

Can you please clarify section 6.6.3 of the Single Sign-On 3.0 implementation guide (https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/3.0/en-US/f66ff414c7804d068d6aab770be18fc8.html) whether it means having two separate installations of NetWeaver Application AS Java system (say SL1 and SL2) with Secure Login Server component installed on each.

Please share any article describing the setup for Secure Login Servers with an active/idle high-availability configuration.

Regards,

Asif

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colt
Active Contributor
‎03-29-2022 7:19 AM
0 Kudos

Dear Asif,

using the Secure Login Server would mean a single point of failure. For this reason, at least two independent NetWeaver AS JAVA servers need to be operated and maintained to achieve failover capabilities.

It is a proven approach to set up the SLS on two (or more) different systems. Each SLS has its own URL at which it can be reached. The Secure Login Client (SLC) now processes a list of the available SLS. If the first SLS on its list does not respond after a specified time (timeout), then the next SLS on the list is contacted automatically. Thus, failover and availability are granted. This is always active/passive and only one SLS will be used by the clients, mostly the primary.

A real load balancing or HA can only be used with an upstream NLB, this fact should be taken into account. From the point of view of the SLC, a virtual IP is used for the SLS host in the registry config while the NLB can distribute the load to different SLS hosts.

Does that help?

Cheers Carsten

Show replies
Show replies
asif_rahmetulla
Participant
‎03-29-2022 9:11 PM
0 Kudos

Hello Carsten,

Thank you for providing your inputs! it definitely helps

Pardon my lack of knowledge, can you educate me on the NLB.

From the SAP Single Sign-On 3.0 implementation guide, SAP Web dispatcher can be used as load balancer. For the SLC, are you suggesting that the Enrollment URLs that are pushed to the client only point to a virtual IP (URL of the web dispatcher) which will then route the request to the active SLS and in case if the primary SLS is not available it would route to the passive node?

I appreciate your input!

Regards,

Asif

andrehunziker
Explorer
‎10-19-2022 12:45 PM
0 Kudos

Hello Carsten

In case of SLWC its not working.

Its look like that ssoURL is the problem

Did you have for this an solution?

Regards

André

Answers (1)

Answers (1)

Colt
Active Contributor
‎03-30-2022 11:56 AM
0 Kudos

Dear Asif, well I can't tell you in detail either as setting up NLB typically isn't in my scope and is handled by another team. Yes, I know from customers that have used SAP WD, others BIG IP F5 etc. this is possible. And it can be active/active as well, based on the LB config.

However, taking a look at this older post and Infos from Kai may help you further 🙂

Cheers Carsten

Show replies
Show replies
asif_rahmetulla
Participant
‎03-31-2022 2:22 PM
0 Kudos

Hello Carsten,

Thank you for sharing the post! Greatly appreciate your help

Regards,

Asif

Ask a Question