We're also doing this Redis exercise here (combined with Postgres as HVDB), and we're going for the 5 server setup. (3 VMs in datacentre1, 2 VMs in datacentre2).
My understanding of the 5 sentinels vs 3 sentinels, is that with 5 sentinels you can 'survive' 2 nodes (machines/vm's running the sentinel) being unavailable, and the remaining 3 (still the majority of 5) will be able to automate failover to a new master Redis.
This would be useful if, e.g:
- planned maintenance (patching/reboot/...) on 1 VM + unexpected issue on a 2nd VM.
- DC2 blackout/outage (2 VMs down)
- What I suspect won't survive in our case, is a DC1 outage (3 VMs down)
I believe ideally there would be a 3rd datacentre I suppose (where the 3rd VM from dc1 would reside in dc3), however regarding DC outages there are likely additional technologies that can help spin up the VMs automatically in other regions.
------------------------------
HANS VANDEWEGHE
------------------------------
Original Message:
Sent: Thu August 18, 2022 04:16 AM
From: Jasper Teuben
Subject: High availability for Redis as session service
Hi Tom,
As you know I want to start with this soon and we have discussed a 3 and 5 server configuration.
The thing is I cannot remember the difference between a 3 and 5 server setup.
When do you want to scaleup the number of servers, any recommendations?
Jasper
------------------------------
Jasper
Original Message:
Sent: Wed August 17, 2022 06:32 AM
From: Tom Bosmans
Subject: High availability for Redis as session service
Hi Gerardus,
i've written this blog to describe in a bit more detail what to do:
https://www.gwbasics.be/2022/04/redis-sentinel-for-isva-webseal.html
Tom Bosmans
------------------------------
Tom Bosmans
Original Message:
Sent: Wed August 17, 2022 04:06 AM
From: Gerardus Bastiaansen
Subject: High availability for Redis as session service
Scott, my bad, I meant creating a HA redis environment by making use of sentinels, just as you pointed out.
It's clear to me now how to set things up, thanks again for the quick answers
------------------------------
Gerardus Bastiaansen
Original Message:
Sent: Wed August 17, 2022 03:26 AM
From: Scott Exton
Subject: High availability for Redis as session service
Geradus,
Your understanding is correct, except that you won't be creating a 'redis cluster', but will instead be creating a 'sentinal environment' (the 'cluster' term is overloaded and I just wanted to ensure that there is no confusion).
Thanks.
Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor
Original Message:
Sent: 8/17/2022 3:06:00 AM
From: Gerardus Bastiaansen
Subject: RE: High availability for Redis as session service
Hi Scott, thanks for your answer.
So if I understand this correctly, the way to set it up is the following:
- create a redis cluster, with sentinels, following the Redis documentation, so that Redis can always elect a new master when needed
- reference the Redis servers in WebSEAL as documented, which will then automatically determine which server is the master
------------------------------
Gerardus Bastiaansen
Original Message:
Sent: Tue August 16, 2022 04:50 PM
From: Scott Exton
Subject: High availability for Redis as session service
Geradus,
WebSEAL is not sentinel-aware. This essentially means that it does not rely on Redis itself to tell WebSEAL who the writable server is, WebSEAL uses its own logic to determine this.
Redis clustering is not currently on the roadmap. I imagine however that it will be placed on the roadmap when it becomes more popular and is requested by customers.
Thanks.
Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor
Original Message:
Sent: 8/16/2022 4:12:00 AM
From: Gerardus Bastiaansen
Subject: High availability for Redis as session service
I noticed that Redis is supported as an alternative for the DSC, and I am considering to use it, as it is a more widely used technology
The ISVA 10.0.4 documentation states that the most common HA solution for Redis is by the use of Redis Sentinel. The Redis documentation where the link refers to states that a Redis client should be 'Sentinel aware'. Is this the case for ISVA, and how should it be configured? Is there any guidance or document describing how to use Redis in a HA setup in combination with ISVA?
It is also stated that Redis clustering is not supported, but is support for Redis clustering on the roadmap?
------------------------------
Gerardus Bastiaansen
------------------------------