High availability concepts

Concepts and architecture

Access Gateway high availability consists of:

  • A single administration instance of Access Gateway. The administration instance or admin node is used to maintain and propagate configuration changes to worker nodes. Additionally, you can use the admin node as a normal Access Gateway instance.
  • One or more worker instances bound to the admin node, which service requests.
  • A customer provided load balancer that routes requests to the Access Gateway high availability cluster.

Overview of the Access Gateway high availability instance life-cycle:

  • An instance of Access Gateway is provisioned. This instance is called the Admin node. This node is configured normally, including defining protected applications. You aren't required to configure applications or IDP support before configuring high availability.
  • Second and subsequent instances of Access Gateway are provisioned. These instances are called worker nodes. These nodes are not configured with applications, but obtain all configurations from the admin node.
  • Worker nodes are then specifically configured to use the admin node for all configuration. After you configure them, worker nodes don't expose the Access Gateway Admin UI console. You can only access then using the command line interface.

Access Gateway High Availability architecture

In this diagram the admin node is shown also acting as a worker node. If the admin is NOT intended to also service requests, it can be omitted from the load balancers configuration.