High Availability Concepts
Access Gateway high availability consists of:
- A single administration instance of Access Gateway. The Administration instance, typically referred to as the admin node, is used to maintain and propagate configuration changes to worker nodes. In addition the adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. node can be used a normal Access Gateway instance.
- One or more worker instances, bound to the admin node, which service requests.
- A customer provided load balancer, routing requests to the Access Gateway High Availability cluster.
Access Gateway high availability instance life-cycle overview:
- An instance of Access Gateway is provisioned. This instance, referred to as the Admin node, is configured normally, including defining protected applications. Note that is not a requirement to configure applications or IDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. support before configuring high availability.
- Second and subsequent instances of Access Gateway are provisioned. These instances, referred to as Worker nodes, are not configured with applications, but rather obtain all configuration from the Admin node.
- Worker nodes are then specifically configured to use the Admin node for all configuration. Once configured, worker nodes no longer expose the admin UI but can only be accessed using the command line interface.