Hello, friends.

I am trying to deploy RMI-Adapter to OpenShift.
I discovered that not only RMI (ItdiServiceProvider) may be used for communicating with ISIM Service via SDI, but there is also WebServicesITDIServiceProvider (based on SOAP).
So SOAP is the option I am considering too.
Now I am interesting in aspect of load-balancing.
After some R&D I see that RMI is not about load-balancing (not adapted, because RMI is quite statefull). 

In RedBook I found a note:
  Note: The following scenarios consider the use of two adapters in each case. This can be extrapolated to cases where it is determined that there is a need for more than two adapter instances. The scenarios presented below are failover scenarios. We do not recommend considering using a load-balancing strategy for the adapters. This can cause issues with operations such as reconciliations, which rely on using a dedicated adapter instance.

My questions are:
- Has anyone trying some load-balancing (not failover) with RMI? Does it brought some performance or another advantages?
- Has anyone trying to use that SOAP transport between ISIM and SDI? What risks, limitations and disadvantages will I meet?


------------------------------
Дамир Фаразетдинов
------------------------------

You should probably forget about the SOAP Service Provider - I am quite sure that was never supported for more than a very short period of time (I am great lover of the Service Provider architecture - and SOAP was an interesting possibility - but it is not documented so it would be very (interesting I agree) task to find out how e.g. SDI could utilize this. It probably also not supporting all the interesting extension that you would want such as modern SSO etc...)

So forget that Service Provider and stick to the RMI one. 

Load balancing is definitely possible and can be good solution if you need to scale a lot of provisioning actions against one specific service - but in most cases the SDI solution allows you to scale to an exhaust most managed systems - i.e. SDI is not a bottleneck in most cases. So I would normally consider failover the primary reason for having a loadbalancer in place.

The loadbalancer required is btw in the network level (basically IP address swapping) - I have not seen anything on the protocol layer which it sounds like you are looking for - but that is only my guess.

HTH

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------

Original Message:
Sent: Wed March 09, 2022 07:43 AM
From: Дамир Фаразетдинов
Subject: Web-services ITDI Service provider (replace RMI)

Hello, friends.

I am trying to deploy RMI-Adapter to OpenShift.
I discovered that not only RMI (ItdiServiceProvider) may be used for communicating with ISIM Service via SDI, but there is also WebServicesITDIServiceProvider (based on SOAP).
So SOAP is the option I am considering too.
Now I am interesting in aspect of load-balancing.
After some R&D I see that RMI is not about load-balancing (not adapted, because RMI is quite statefull).

In RedBook I found a note:
  Note: The following scenarios consider the use of two adapters in each case. This can be extrapolated to cases where it is determined that there is a need for more than two adapter instances. The scenarios presented below are failover scenarios. We do not recommend considering using a load-balancing strategy for the adapters. This can cause issues with operations such as reconciliations, which rely on using a dedicated adapter instance.

My questions are:
- Has anyone trying some load-balancing (not failover) with RMI? Does it brought some performance or another advantages?
- Has anyone trying to use that SOAP transport between ISIM and SDI? What risks, limitations and disadvantages will I meet?


------------------------------
Дамир Фаразетдинов
------------------------------