This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Deployment Patterns

Owned by Former user (Deleted)
Last updated: Mar 22, 2018
3 min read

WSO2 Identity Server includes two main deployment patterns. These patterns take high availability into consideration and are recommended for production deployment environments. The following sections provide high level information on the recommended patterns available and point off to instructions on how to set up and configure the deployment pattern. 

Deployment prerequisites

As a first step in planning your deployment, ensure that you have the necessary system requirements and a compatible environment.

System requirements

Memory

4GB: 2 GB for the Java Virtual Machine (JVM) and 2 GB for the Operating System (OS)

Disk10 GB minimum

Environment compatibility

Operating systems

For information on tested operating systems, see Tested Operating Systems and JDKs.

RDBMS

For information on tested DBMSs, see Tested DBMSs.

Directory services

Supports Directory Services implementing following LDAP Protocols:

  • LDAP v2
  • LDAP v3

Tested on:

    • Open LDAP 2.4.28
    • Microsoft Active Directory Windows 2012
Java Oracle JDK 1.8 (There’s a known issue with   JDK1.8.0_151)
Web browsers

For more information on tested web browsers, see Tested Web Browsers.

Load balancers

Nginx, Apache HTTPD, HAProxy, AWS ELB, AWS ALB
For more information about load balancers, see Configuring the load balancer.

Deployment Patterns

Notes

Note the following before you begin:

  1. Metrics is engaged with the product just to capture JVM metrics. At the moment no identity specific metrics that can be used to figure out the runtime behavior of Identity Server are exposed.
    Therefore, the metrics related datasource is not being considered and will be skipped in the production deployment patterns given below.

  2. Ensure high availability for the respective RDMS and Directory Services used for each of the deployment patterns given below.

  3. In each production deployment, share the runtime deployment artifacts among nodes using a shared file system.
    In the deployment patterns defined below, this process is referred to as '     Artifact synchronization ’.

    The Runtime deployment artifacts are:

      1. Email output event publisher
        /repository/deployment/server/eventpublishers/

      2. Secondary user stores
        /repository/deployment/server/userstores/

      3. Analytics data publishers and event streams /repository/deployment/server/eventpublishers/
        /repository/deployment/server/eventstreams/

Pattern 1

HA clustered deployment of WSO2 Identity Server

This deployment can be scaled from two to N nodes based on capacity requirements. 

  • Load balancer should be configured to use sticky sessions

  • All WSO2 Identity Server nodes should participate in a cluster. 

The UserStore is the user base. It can be one of the following: 

  • A Directory Service that can communicate over LDAP protocol like OpenLDAP

  • Active Directory

  • A database that can communicate over JDBC

The IdentityDB is the database  that stores all identity related data.

Set Up Deployment Pattern 1

To set up and configure clustered deployment of WSO2 Identity Server according to clustering pattern 1, see /wiki/spaces/IS530/pages/25560356.


Open ports

ProductPortUsage

WSO2 Identity Server		9763 HTTP servlet port
9443 HTTPS servlet port
4000 Ports to be opened with respect to clustering membership scheme used

Pattern 2

HA clustered deployment of WSO2 Identity Server with WSO2 Identity Analytics

  • Load balancers should be configured to use sticky sessions.

  • All WSO2 Identity Server nodes should participate in a cluster. 

  • Since WSO2 Identity Server Analytics is not mission critical, a two node cluster is recommended where only one will receive events over TCP failover, as configured in WSO2 Identity Server nodes to publish events. The other node will keep its state synced with the active node.



The Analytics dashboards are to be used by administrators to analyze login events and sessions. Therefore, the IS analytics deployment can be isolated from the IS server deployment without sharing the full user base, permission and governance data. However, if you prefer to do so, the same user base can be shared among the IS cluster and the IS Analytics cluster as well.

The UserStore is the user base. It can be one of the following:

    • A Directory Service that can communicate over LDAP protocol like OpenLDAP

    • Active Directory

    • A database that can communicate over JDBC

The IdentityDB is the database that stores all identity related data.


The AnalyticsDB is the database that stores all analytics related data.

Set Up Deployment Pattern 2

To set up and configure clustered deployment of WSO2 Identity Server according to clustering pattern 2, see Setting Up Deployment Pattern 2.


Open ports

ProductPortUsage
WSO2 Identity Server9763HTTP servlet port
9443HTTPS servlet port
WSO2 Analytics9763HTTP servlet port
9443HTTPS servlet port
7611 Thrift port for event receiver
7711 SSL port for authentication to publish events