How to configure OpenDJ replication topology for AWS Multi region replication

This topic has 4 replies, 3 voices, and was last updated 2 years, 11 months ago by Bill Nelson.

  • Author
  • #25954

    Dear FR Experts,

    We have three instances of OpenDJ users and OpenDJ CTS in three availability zones in Single Region. Multi-master replication is enabled among three. We don’t have any dedicated replication server at this point of time.

    Now we want to extend our OpenDJ users and CTS replication topology to AWS multi-region (3 regions, for ex: London, Ireland and Frankfurt).

    Please recommend us the best replication topology and configuration to replicate users and sessions among multi region.

    Looking forward to hear from you. Thanks.



     Bill Nelson

    My initial reaction is as follows:

    For Users, use two DS instances and one RS instance per region. Two DS instances provide HA within the region and use of RS instances minimizes cross region replication traffic. If the RS in one region ever goes down, then that region’s DS instances will simply send replication traffic to a peer RS in another region until you can stand up a new RS instance.

    For CTS, unless there is a compelling reason why you MUST maintain sessions cross region, then I would avoid cross region replication for CTS servers altogether. Reason being is that the amount of traffic generated by session creation and subsequent session updates can be quite extensive depending on Users activity. Instead, maintain CTS sessions within the region and keep traffic local within that region. Worse case scenario, someone has to reauthenticate if a region is down and they are redirected to another region. But if an entire region is down, you probably have other things to worry about than forcing Users to reauthenticate.


    I agree with @bill-nelsonidentityfusion-com’s suggestion. I’ll also add a reminder to use a different replication group-id in each region to keep the DS servers connected to the local region’s RS server.


    Thanks all for your prompt response.

     Bill Nelson

    I totally agree with @bmccraw. Good catch!

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?