Backups
Although high availability (HA) protects against hardware failures, One Identity recommends enabling backups for both SPP and SPS appliances in both virtual and hardware deployments. Backups provide additional protection against:
-
Software errors
-
Mistakes that administrators make
-
Large-scale disasters that affect many nodes of a cluster
However, backups alone do not provide a sufficient level of high availability because data during backup periods can be lost and a full restore from a backup may lead to a long period of service outage.
For more information on configuring backups, see the respective sections in the Administration Guide:
-
SPP: Backup and restore in the One Identity Safeguard for Privileged Passwords Administration Guide
-
SPS: "Data and configuration backups" in the Administration Guide
Scalability
The sections in this chapter describe how scalability works in the Safeguard product line.
Scalability in One Identity Safeguard for Privileged Passwords (SPP)
The primary appliance in an SPP cluster automatically delegates platform management tasks such as password check and password change to appliances based on task load. Adding more appliances to the cluster allows performing more of these tasks.
You can customize load balancing through Managed Networks. Managed Networks are named lists of network segments serviced by a specific SPP appliance. Using Managed Networks, you can:
-
Distribute the load so there is minimal cluster traffic.
-
Use the appliances closest to the target asset to perform the task.
An SPP cluster has a default managed network that consists of all cluster members.
You can perform password request workflows through any appliance in the cluster if the cluster is healthy. For healthy clusters no automatic load balancing is performed.
Figure 6: SPP-managed networks
For more information on Managed Networks, see Managed Networks in the One Identity Safeguard for Privileged Passwords Administration Guide.
Scalability in One Identity Safeguard for Privileged Sessions (SPS)
You can join multiple SPS appliances or high availability (HA) pairs of appliances into a cluster and manage them from a single pane of glass.
The SPS cluster does not provide load balancing. You can set up network connections in a way that distributes the load among them. If SPP and SPS are used together, you can also use SPP to distribute the traffic. For more information, see Scalability in joint SPP and SPS deployments.
You can replicate the configuration of a primary node among the entire cluster.
For more information, see "Managing a cluster with configuration synchronization without central search" in the Administration Guide.
Figure 7: SPS-managed networks
You can also make all audit information about the recorded sessions from all appliances available on a single search interface. This requires a dedicated search appliance or HA pair.
For more information, see "Managing a cluster with central search configuration and configuration synchronization" in the Administration Guide.