This post describes how Apache Fortress and OpenLDAP can be placed into a highly-available configuration.  Apache Fortress provides Identity and Access Management APIs over HTTP using either JSON or REST formats.  OpenLDAP is where the data is stored and maintained.

There are two identically configured machines, each with an instance of Fortress (Java) and OpenLDAP (native) processes running on it.  A Virtual IP address will be used to route traffic to the designated primary node.  In the event of a failure on the primary, the routing will be to the other.

Click to View Larger

What’s a Virtual IP Address

From Wikipedia, the free encyclopedia

A virtual IP address (VIP or VIPA) is an IP address that doesn’t correspond to an actual physical network interface. Uses for VIPs include network address translation (especially, one-to-many NAT), fault-tolerance, and mobility.

Not Load-balanced

All traffic to either Fortress or OpenLDAP gets routed to a single machine.  The virtual IP determines which of the two identically configured machines is active and which is standby.

In the event of failure on the primary node, the Virtual IP is then pointed to the secondary.

Advantages

• Simple to understand, automate/setup, maintain and use.
• Efficiency: No additional network hops (through a load-balancer) are required for round trips.
• Reliability: No risk of a ‘split-brain’ occurrence, when one node falls out of synch of the other, i.e. differing views on the data / inconsistent results.
• Safety: OpenLDAP running in multi-master replication mode will ensure both node’s data is kept in synch.  Either node can function as the primary, at any time.
• Flexibility: Upgrade to a load-balanced configuration when needed.
• This configuration works with either Apache Fortress and/or OpenLDAP.

Next Steps

Step 1: Virtual IP SetupStep 2: OpenLDAP SetupStep 3: Apache Fortress Setup

Apache Fortress is a trademark of the Apache Software Foundation.