VM Single Instance

While an active-active cluster enables you to achieve four or five nines uptime, you may want to consider a single VM instance if simplicity of operation trumps availability. If you do a good job at monitoring, and can restore from backup quickly, it's certainly possible to meet an SLA of 99.9% availability using just one server.

Janssen has linux packages available for SUSE, Red Hat and Ubuntu. One operational consideration is that you should hold the version of Jans Auth Server, to avoid update during the normal package update process. As many applications may rely on a central IDP, you want to plan updates and have a rollback plan if something goes wrong. An automated, unattended update process for the IDP is too risky.

An important security tradeoffs when you run Janssen on a single VM is that services which you want to control access to are running on a server with an Internet-facing ethernet interface: the Config API, database, and SCIM server. Even though these service are running on localhost, if the Internet facing interface was compromised, network protection could be bypassed.

The main advantage of running a single VM is simplicity. Your sys admins won't need any special training. And it will be easy to install, backup, monitor, and configure your deployment. If you have many autonomous domains, each with their own brand and user identity management process, the simplicity of running a single IDP might be the best solution. If three nines is acceptable to your business, the expense of deploying and operating a cluster may not be justified.

Last update: 2022-10-17
Created: 2022-07-21