Three node cluster

This section describes a common high availability deployment used in mid-sized deployments. In this type of deployment, all of the OpenIAM services, infrastructure are replicated on each of the three linux hosts that make up the cluster. The database is external to the cluster and can have its own cluster.

If integration to Active Directory or another Microsoft application is required, then a Windows VM should be used to host the connector. In this example, we will use the Active Directory PowerShell connector.

Note: This diagram is limited to integration with one application using common ports. The list of ports can change if integration with other applications is required.

Three node deployment

Contents of the table below over-ride the port values in the diagram

HostPortsDescription
OpenIAM cluster nodesFollowing ports should be opened on each node in the cluster; Linux hosts nodes 1,2 and 3.
443Primary port that will be used by end users after SSL has been enabled
80Port that that will be used by end users before SSL is enabled.
8080Port that allows use of the OpenIAM using without going through the rProxy. Access to this port is helpful during development.
9080OpenIAM application port
15672RabbitMQ management interface
Following ports should be opened on each node in the cluster( Linux hosts nodes 1,2 and 3) to support inter cluster communication between stack components.
22SSH
25672RabbitMQ - Internode communication
15671 (https)RabbitMQ
4369 (epmd)RabbitMQ - Peer discovery service used RabbitMQ nodes and CLI tools
9142 (https)Cassandra - Interconnect
9160, 7000, 7001Cassandra
8182, 9042JanusGraph
6379, 6390 (TCP)Redis
26379 (TCP)Redis Sentinel
9200, 9300 (http/https)ElasticSearch
2379, 2380 (TCP)Etcd cluster (Vault DB)
587SMTP Service connection
111, 2049,20048,32767,32765 -(TCP/UDP)NFS
8200,8203 (Http / Https)Vault
Windows Connector VM5672Connector will send and receive messages back to RabbitMQ using this port.
5986WinRM ports used by the connector.
9389Used to access Active directory Web services
Active Directory5986WinRM ports
9389Active Directory Web services
636Ldaps for AD authentication