The Arellia The Thycotic Management Server (TMS) allows organisations organizations to manage all of their endpoints from a single web console.
In order to To facilitate this centralised management AMS has been designed with High centralized management, the TMS has High Availability and Load Balancing features, so that there is no single point of failure within the product.
There are two components that make up the AMSTMS:
- Web front end
- SQL database back end
Web front end
Using Microsoft Internet Information Services the (IIS), the web front end provides the communication channel between the server and clients , clients and the web console that allows users to administer the system over HTTP and/or HTTP or HTTPS.
A single AMS TMS installation can have one more more web than one web front end serversserver. The benefits of having multiple front ends are:
- Redundancy - in case of if a server failure fails, then the other servers within servers in the cluster will seamlessly take will take over without any interruption to clients
- Load Balancing - during normal operation the client traffic is distributed across all nodes in the cluster
...
Load Balancing
Client-to-server communication with the AMS TMS platform is sessionless, thereby removing the need for client session affinity which which greatly reduces the complexity of setting up load balancing / fail over.
Network traffic can be distributed between the nodes by using You can distribute network traffic between the nodes using a variety of methods. Some example scenarios are:
- DNS round robin - very simple to setup and requires minimal configuration, load the load is balanced evenly between cluster nodes. Requires manually removing a failed node from the cluster.
- Network Load Balancing (NLB) - a component of Windows Server operating systems that allows multiple IIS servers to appear as one. Using NLB provides a greater provides greater control over how the load can be balanced and provides for detection of failed nodes which can be automatically removed from the cluster.
- Hardware based appliance - provides the highest level of reliability but requires more work setting up initial the initial configuration.
AMS TMS provides REST API's that can be utilised to determine a nodes node's health so that automatic fail over is possible.
Encryption
The client/server communication -to-server communication channel is encrypted using SSL which will require that , which requires that all nodes in the web front end cluster have a SSL certificate installed. Nodes within the cluster do not need to cluster MUST share the same certificate , and optionally the as the private key is used to encrypt server-to-client messages; the load balancer can terminate the SSL connections on its external interface and connections and communicate with the web front end nodes using normal HTTP, thereby freeing up CPU resources.
SQL database back end
AMS TMS supports the use of SQL server clusters for High Availability scenarios. We support all cluster types including stretch clusters, however the latency between the web front end and each SQL cluster node must be no greater than 30 ms. AMS also TMS also supports SQL Server fail over cluster configurations. Note that an active/active configuration does does not provide provide improved performance, just high availability.
Some customers have chosen to deploy a single standalone stand-alone instance for production with database the database mirroring to a second standalone stand-alone DR instance that can also be used for reporting. This type of configuration requires manually cutting over in a failure scenario, but allows the second SQL server to be actively used instead of sitting underutilised.
...
Warning | ||
---|---|---|
| ||
The TMS database requires Service Broker to be enabled. If you are going to create a mirror or availability group ensure that Service Broker is enabled first. If you do not then the installation of TMS will fail and you will need to remove the group before the installation will succeed. |