CA Identity Manager High Availability & JBoss Clustering

Over the course of the last few years I have seen configurations of CA Identity Manager for High Availability without using Application Server clustering. This is no longer an accepted practice. My understanding is that CA will be publishing an official technical note to debunk the old practice. As such I’d recommend the following

Over the course of the last few years I have seen configurations of  CA Identity Manager for High Availability without using Application Server clusteringThis is no longer an accepted practice. My understanding is that CA will be publishing an official technical note to debunk the old practice.  As such I’d recommend the following:

CA Identity Manager 12.x uses caching for transactions. The utilization of this feature can cause synchronization issues if the application is setup in a high availability mode without application server clustering.

An example I can give is a project I was involved with using JBoss as the CA IdM application server.   As such I will be addressing JBoss clustering in this entry.

JBoss uses a Hypersonic database to manage internal JMS data (JMS Queues).  JBoss uses the JMS queues for tracking tasks and processes within the application.  It is recommended to use a shared MS SQL database for the JMS database.  There are documents available online which explain how to migrate from Hypersonic to MS SQL.  In my example we opted to use the same MS SQL infrastructure used by Identity Manager to house the JMS database. In simplified terms, the steps to accomplish to clustering of IdM on JBoss is as follows:

  1. Create a new SQL database (JBOSS_JMS)
  2. Create a user/owner for this DB (jbossjms)
  3. Migrate JBoss to SQL from the Hypersonic DB
  4. Bring all services back up and test to ensure the migration was successful
  5. Follow the procedures in the IdM documentation to configure JBoss clustering

Note: It is not recommended to configure both the migration and clustering all at once. It would be much easier to troubleshoot one major change at a time.

As always, questions, comments or concerns?  Feel free to reach out to us at IDMWorks.