Table of Contents
Advertisement
Chapter 6.
Cloning Subsystems
When a new subsystem instance is first configured, the Red Hat Certificate System allows subsystems
to be cloned, or duplicated, for high availability of the Certificate System. The cloned instances run
on different machines to avoid a single point of failure and their databases are synchronized through
replication.
6.1. About Cloning
Planning for high availability reduces unplanned outages and other problems by making one or more
subsystem clones available. When a host machine goes down, the cloned subsystems can handle
requests and perform services, taking over from the master (original) subsystem seamlessly and
keeping uninterrupted service.
Using cloned subsystems also allows systems to be taken offline for repair, troubleshooting, or other
administrative tasks without interrupting the services of the overall PKI system.
NOTE
All of the subsystems except the TPS and RA can be cloned.
Cloning is one method of providing scalability to the PKI by assigning the same task, such as handling
certificate requests, to separate instances on different machines. The internal databases for the
master and its clones are replicated between each other, so the information about certificate requests
or archived keys on one subsystem is available on all the others.
Typically, master and cloned instances are installed on different machines, and those machines are
placed behind a load balancer. The load balancer accepts HTTP and HTTPS requests made to the
Certificate System subsystems and directs those requests appropriately between the master and
cloned instances. In the event that one machine fails, the load balancer transparently redirects all
requests to the machine that is still running until the other machine is brought back online.
79
Advertisement
Table of Contents
