We recently went live with a hybrid CAS (5.3.12.1) deployment using Azure. We have one CAS node inside our network, and 2 in Azure. They replicate sessions using Hazelcast. We have our internal DNS directing on-prem traffic to our local CAS node, and any traffic from public IP addresses goes to the Azure CAS nodes, which are load balanced behind Azure's basic load balancer.
The key, I believe, to our success with Hazelcast is our use of Docker swarm. Using the overlay networking, the CAS nodes all are able to share a subnet/broadcast domain, making discovery of the other nodes easy. Other than the dependency in the pom.xml, the only thing I had to add to the properties is this: cas.ticket.registry.hazelcast.cluster.members=cas_servername1, cas_servername2,cas_servername3 We did some testing prior to our production go live, where we disabled the VPN between our site and Azure. I was impressed to see that the Hazelcast service managed itself so well. No sessions were lost, and when the connection was restored, Hazelcast reestablished its cluster and replication. Our overall goal was to ensure that cloud services available to public IP address would be available in the event that our local datacenter were to go offline for any reason, and I believe we were successful. I think CAS 6 has more native support for Docker, so I'm looking forward to getting going on a CAS 6 deployment in the near future. On Friday, November 15, 2019 at 8:41:06 AM UTC-7, Kelly Geng wrote: > > Hi All, > > Does anyone here deploy a CAS(v5 +) instance to both local data center and > some cloud instance (AWS, Azure, etc), and have an active-active set up, > and was able to have Hazelcast replicating sessions across all nodes? We > are on CAS 6.0 and have 2 local nodes and 2 AWS nodes. We intend to send a > small portion of traffic(from specific IP addresses) to AWS on a daily > basis, so we always know it is working in case we need to switch all > traffic there in a disaster mode. > > We have a hard time persisting the sessions between a local node and an > AWS node. For example, after a user authenticates through a local DC node > and establishes an SSO session there, if he then goes to a different > service that forwards him to an AWS node, he is prompted to log in again, > instead of already knowing his SSO session. We have verified that the > Hazelcast replication between the 2 local nodes and between the 2 AWS nodes > are functioning. > > Does anyone have a similar setup and could share their experience? Thanks > much! > > -- > Kelly > Application Developer > Miami University > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ab8d228-6dcf-45b5-8b2a-2213e4660922%40apereo.org.
