Three node cluster

This section describes a common high availability deployment used in mid-sized deployments. In this type of deployment, all of the OpenIAM services, infrastructure are replicated on each of the three linux hosts that make up the cluster. The database is external to the cluster and can have its own cluster.

If integration to Active Directory or another Microsoft application is required, then a Windows VM should be used to host the connector. In this example, we will use the Active Directory PowerShell connector.

Note: This diagram is limited to integration with one application using common ports. The list of ports can change if integration with other applications is required.

Single node deployment

OpenIAM cluster nodesFollowing ports should be opened on each node in the cluster; Linux hosts nodes 1,2 and 3.
443Primary port that will be used by end users after SSL has been enabled
80Port that that will be used by end users before SSL is enabled.
8080Port that allows use of the OpenIAM using without going through the rProxy. Access to this port is helpful during development.
15672RabbitMQ management interface
Following ports should be opened on each node in the cluster( Linux hosts nodes 1,2 and 3) to support inter cluster communication between stack components.
9200, 9300ElasticSearch
5671-5672, 35672-35682, 4369RabbitMQ
2379Etcd (Vault DB)
2380Application cluster
OpenIAM Linux host - Node 1 only8200Vault
9080Service port
Windows Connector VM5672Connector will send and receive messages back to RabbitMQ using this port.
5985,5986WinRM ports used by the connector.
9389Used to access Active directory Web services
Active Directory5985,5986WinRM ports
9389Active Directory Web services