All components (including installations of OpenSSO Enterprise and Directory Server, the Distributed Authentication User Interface, and policy agents) are redundant to achieve high availability.
All components use ZIP-based installation.
All components use load-balancing for session failover and high performance.
Each instance of OpenSSO Enterprise is installed with an embedded configuration data store.
Each instance of Directory Server contains am-users to serve as the user data store.
OpenSSO Enterprise instances are configured to run as non-root users.
The environment is configured for system failover capability, ensuring that when one instance of OpenSSO Enterprise goes down, requests are redirected to the second instance.
It is important to note that system failover, by itself, does not ensure OpenSSO Enterprise session failover which is configured separately.
The environment is configured for session failover capability. Session failover ensures that when the instance of OpenSSO Enterprise where the user's session was created goes down, the user's session token can still be retrieved from a backend session database. Thus, the user is continuously authenticated, and does not have to log into the system again unless the session is invalidated as a result of logout or session expiration.
Communications to the OpenSSO Enterprise load balancer, to the Distributed Authentication User Interface load balancer, and to the Directory Server load balancer are in Secure Sockets Layer (SSL).
Policy agents are configured with a unique agent profile to authenticate to OpenSSO Enterprise.
The Distributed Authentication User Interface uses a custom user profile to authenticate to OpenSSO Enterprise instead of the default amadmin or UrlAccessAgent.