Deploying a Highly Available ForgeRock Identity Management Solution

We have already discussed on this space the installation of ForgeRock Identity Management Solution and further configuring a Database as its repository. But in those discussions, all the critical components of the Solution namely the ForgeRock OpenIDM 4, MySQL Database were a Single Point of Failure. In an environment where business continuity is critical, we ought to build a solution that has no SPOF in the architecture. So I’m going to take you through that route today. Of course, this is a hint and just a way to understand the different options that you might consider in Configuring ForgeRock OpenIDM 4 for High Availability.

I’ve a rather simple example of HA configuration, mainly meant for understanding and learning it. In a sensitive infrastructure, a great deal of planning goes into building a Highly Available Environment. So what’s the small little setup we’ve here for learning:

ForgeRock OpenIDM 4 High Available Configuration

Two instances of ForgeRock OpenIDM 4 connects to a MySQL Proxy, which in turn talks to a MySQL Replication site. Of course, in this setup, MySQL Proxy is a SPOF, so you should have at least two of it in front of the MySQL Replication site. But if I had attempted to it, the whole thing would have looked a lot more complicated and would have failed the objective of being a learning tool. So if you’ve just under a half an hour to spare, you will know:

– How to use MySQL Proxy
– How to setup MySQL Replication (Master/Slave)
– How to install OpenIDM 4
– How to configure OpenIDM 4 to use a MySQL Database as its Repository
– How to bring up an OpenIDM Cluster environment

Well, the final state is what you get to see in the illustrations above.

Now on to the video. Enjoy!

This blog post was first published @ www.fedji.com, included here with permission.

5 Comments

Comments are closed.

  1. Hi Rajesh,

    Whether having two openidm instances in a non-clustered configuration, connecting to the same database, is supported by Forgerock?

    Many thanks in advance.

  2. Rajesh R 2 years ago

    Hello Sandeep,

    As far as I know, you’ll need to cluster two or more instances of OpenIDM and point all of it to the same database instance (or a Database cluster, if you are aiming for HA at the DB level). I’m sure you would have had a chance to go through the documentation on OpenIDM HA Environment, but if you’ve not, I’d encourage you to do so. it’s at the link below:

    https://backstage.forgerock.com/docs/openidm/4.5/integrators-guide/chap-cluster

    All the same, I am curious to know what you are thinking of a non-clustered environment..

    kind regards,

    Rajesh

  3. Hi Rajesh,

    Thank you very much for the prompt response. Much appreciated.
    I am trying to setup two Forgerock environments. Env1 (Server1) and Env2 (Server2). I want to use same database MySQL for both the forgerock environments. Is is allowed as per forgerock product?

  4. Rajesh R 2 years ago

    Hello Sandeep,

    Technically it may be possible to use one instance of MySQL Database for two OpenIDM instances. The caveats are:

    (i) You run the mysql command once with a SQL script bundled with the product that creates a database by the name ‘openidm’ with all required OpenIDM tables as well as a user by the ‘openidm’ with required privileges.
    (ii) You configure a json file that has the details of database to connect to (localhost by default, port 3306 by default, ‘openidm’ database name by default).

    Now if you plan to use the same instance of MySQL for two separate OpenIDM instances, you’ll have to use different database names for each of the instances (meaning, you’ll need to modify both the SQL script and the Connection configuration file).

    Frankly, if you are familiar with MySQL installation and configuration, it’d be rather easy to have two MySQL instances (listening on two separate ports of the same machine) and have each one point to each of your OpenIDM environment.

    Rajesh

  5. Hi Rajesh,

    Thank you very much for the clarification provided. That answered my question. Much appreciated for the help.

    Regards,
    Sandeep

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?