This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Deployment Patterns
WSO2 Identity Server includes two main deployment patterns. These patterns take high availability into consideration and are recommended for production deployment environments. The following sections provide high level information on the recommended patterns available and point off to instructions on how to set up and configure the deployment pattern.
Deployment prerequisites
As a first step in planning your deployment, ensure that you have the necessary system requirements and a compatible environment.
System requirements
Memory | 4GB: 2 GB for the Java Virtual Machine (JVM) and 2 GB for the Operating System (OS) |
---|---|
Disk | 10 GB minimum |
Environment compatibility
Operating systems | For information on tested operating systems, see Tested Operating Systems and JDKs. |
---|---|
RDBMS | For information on tested DBMSs, see Tested DBMSs. |
Directory services | Supports Directory Services implementing following LDAP Protocols:
Tested on:
|
Java | Oracle JDK 1.8 (There’s a known issue with JDK1.8.0_151) |
Web browsers | For more information on tested web browsers, see Tested Web Browsers. |
Load balancers | Nginx, Apache HTTPD, HAProxy, AWS ELB, AWS ALB |
Deployment Patterns
Notes
Note the following before you begin:
Metrics is engaged with the product just to capture JVM metrics. At the moment no identity specific metrics that can be used to figure out the runtime behavior of Identity Server are exposed.
Therefore, the metrics related datasource is not being considered and will be skipped in the production deployment patterns given below.Ensure high availability for the respective RDMS and Directory Services used for each of the deployment patterns given below.
In each production deployment, share the runtime deployment artifacts among nodes using a shared file system.
In the deployment patterns defined below, this process is referred to as ' Artifact synchronization ’.The Runtime deployment artifacts are:
Email output event publisher
/repository/deployment/server/eventpublishers/Secondary user stores
/repository/deployment/server/userstores/Analytics data publishers and event streams /repository/deployment/server/eventpublishers/
/repository/deployment/server/eventstreams/
Pattern 1
HA clustered deployment of WSO2 Identity Server
This deployment can be scaled from two to N nodes based on capacity requirements.
Load balancer should be configured to use sticky sessions
All WSO2 Identity Server nodes should participate in a cluster.
The UserStore is the user base. It can be one of the following:
A Directory Service that can communicate over LDAP protocol like OpenLDAP
Active Directory
A database that can communicate over JDBC
The IdentityDB is the database that stores all identity related data.
Set Up Deployment Pattern 1
To set up and configure clustered deployment of WSO2 Identity Server according to clustering pattern 1, see /wiki/spaces/IS530/pages/25560356.
Open ports
Product | Port | Usage |
---|---|---|
WSO2 Identity Server | 9763 | HTTP servlet port |
9443 | HTTPS servlet port | |
4000 | Ports to be opened with respect to clustering membership scheme used |
Pattern 2
HA clustered deployment of WSO2 Identity Server with WSO2 Identity Analytics
Load balancers should be configured to use sticky sessions.
All WSO2 Identity Server nodes should participate in a cluster.
Since WSO2 Identity Server Analytics is not mission critical, a two node cluster is recommended where only one will receive events over TCP failover, as configured in WSO2 Identity Server nodes to publish events. The other node will keep its state synced with the active node.
The Analytics dashboards are to be used by administrators to analyze login events and sessions. Therefore, the IS analytics deployment can be isolated from the IS server deployment without sharing the full user base, permission and governance data. However, if you prefer to do so, the same user base can be shared among the IS cluster and the IS Analytics cluster as well.
The UserStore is the user base. It can be one of the following:
A Directory Service that can communicate over LDAP protocol like OpenLDAP
Active Directory
A database that can communicate over JDBC
The IdentityDB is the database that stores all identity related data.
The AnalyticsDB is the database that stores all analytics related data.
Set Up Deployment Pattern 2
To set up and configure clustered deployment of WSO2 Identity Server according to clustering pattern 2, see Setting Up Deployment Pattern 2.
Open ports
Product | Port | Usage |
---|---|---|
WSO2 Identity Server | 9763 | HTTP servlet port |
9443 | HTTPS servlet port | |
WSO2 Analytics | 9763 | HTTP servlet port |
9443 | HTTPS servlet port | |
7611 | Thrift port for event receiver | |
7711 | SSL port for authentication to publish events |