Gluu Cluster Manager Documentation#
Cluster Manager is a GUI tool for installing and managing a highly available, clustered Gluu Server infrastructure.
Cluster Manager is licensed under the Gluu Support License.
This service is in beta. Please report bugs or feature requests via the Gluu support portal.
- LDAP Replication
- Cache Management
- Central Logging
- End-to-end secure tunneling between oxAuth and Redis
Cluster Manager utilizes the following components:
Gluu Server: free open source software package for identity and access management
Redis-Server: a value key-store known for it's high performance, installed outside the chroot on all servers. The configuration file is located on the servers with Gluu at
Stunnel: used to protect communications between oxAuth and Redis and Twemproxy caching services. The configuration file is located at
/etc/stunnel/stunnel.confon all servers. It runs on port 8888 of the NGINX/Proxy server and 7777 on the Gluu servers. For security Redis runs on localhost. Stunnel faciliates SSL communication over the Internet for Redis, which doesn't come default with encrypted traffic
Twemproxy: used for cache failover, round-robin proxying and caching performance with Redis. The configuration file for this program can be found on the proxy server in
/etc/nutcracker/nutcracker.yml. It runs locally on port 2222 of the NGINX/Proxy server. Twemproxy enables high availability by automatically detecting Redis server failure and redirecting traffic to other working instances. Twemproxy will not reintroduce failed servers. Restarting Twemproxy can be performed manually, or a script can be written to automate the task of resetting the "down" flag of the failed server
NGINX: used to proxy communication between Gluu instances. The configuration file is located on the load balancing server (if installed) at
/etc/nginx/nginx.conf. It can be set to round-robin for load balancing across servers by changing
backend_id. Note: This breaks SCIM functionality if one of the servers goes down and redundancy isn't built into the logic of your SCIM client