Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 7.2.1 - Scalability and High Availability in Safeguard

Introduction

This document describes the ways multiple appliances in the Safeguard product line can be deployed together.

Appliances of a Safeguard deployment: SPP and SPS

The backbone of a Safeguard deployment are two appliances: One Identity Safeguard for Privileged Passwords (SPP) and One Identity Safeguard for Privileged Sessions (SPS).

SPP and SPS appliances provide different functionality. You can use them together or independently.

  • SPP provides asset and account discovery, password rotation and management, and access request workflow.

  • SPS provides transparent or non-transparent interception of remote admin protocols, audit recording and video-like playback of sessions and analytics if One Identity Safeguard for Privileged Analytics (SPA) is licensed and enabled.

When used together, the two main operational modes are SPP-initiated (or Passwords-initated) and SPS-initiated (or Sessions-initiated).

  • In SPP-initiated mode, users request access on the portal of SPP and when they are granted access, they are connected to the target account through SPS. See "Using SPS with SPP" in the Administration Guide.

  • In SPS-initiated mode, users connect directly to a target server, SPS intercepts the traffic and fetches the required credentials from SPP.

SPP and SPS appliances solve scalability and high availability independently, but they can interoperate to ensure the correct operation of the entire deployment.

Most important terms around clustering

Clustering

The term clustering is often used with different meanings. SPP and SPS appliances can be clustered to provide:

  • Shared configuration

  • Scalability

  • High Availability

  • Disaster recovery

  • Audit data replication

  • Interoperation between SPP and SPS appliances

For clarity, we will use the more specific terms throughout this document where possible.

High Availability (HA)

Multiple SPP and SPS appliances can be connected to ensure high availability. This enables the continuation of vital technology infrastructure and systems.

Disaster recovery (DR)

SPP and SPS appliances can be connected to ensure immediate recovery after a natural or human-induced disaster. Disaster recovery reduces downtime and data loss.

Scalability

Connecting multiple appliances allows load distribution and scaling to loads beyond the serving capability of a single appliance, while ensuring that you can configure and operate the deployment as a single solution instead of multiple independent appliances. Both SPP and SPS clustering provide scalability features to reduce management and operational costs.

SPP-SPS Join

You can connect an SPP cluster to one or more SPS clusters to combine their functionality, for example, to provide password rotation and session recording for the same accounts.

Overview of clustering in SPP and SPS

One Identity Safeguard for Privileged Passwords (SPP)

SPP ensures shared configuration, scalability, high availability (HA), and disaster recovery through a single architecture. You can join 3 or 5 SPP appliances into a single cluster. All important information is replicated within the entire cluster and the cluster remains functional if some of the appliances fail. You can also distribute load between the appliances in the cluster.

Figure 1: Clustering in SPP

One Identity Safeguard for Privileged Sessions (SPS)

SPS follows a different approach and solves high availability and disaster recovery independently of shared configuration and scalability.

  • Ensure high availability by adding a hot-spare pair to every SPS appliance that replicates all information from the first appliance and takes over all its functionality in case of a failure but serves no production traffic until the takeover occurs.

  • Ensure shared configuration and scalability by clustering multiple SPS appliances (or HA pairs of appliances) together to control and monitor them from a single pane of glass.

To use HA and scalability at the same time, you need to configure them independently.

Figure 2: Clustering in SPS

SPP and SPS clusters can work together and support each other’s HA and scalability models through the SPP-SPS join.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating