Scaling and high-availability

Engineered for 100% uptime

Identity and token services are often critical to relying applications. The Connect2id server takes several approaches to achieve continuous availability:

  • Avoiding single points of failure: The web service layer and the underlying database for persisting the server's own data can be clustered for high-availability (HA).

  • UI isolation: The front-end is decoupled from the Connect2id server and can be updated and scaled independently.

  • Live metrics: Over hundred metrics, published at a secure web API or streamed via Graphite or Prometheus, are available to monitor your Connect2id server cluster.

  • Seamless scaling: Server nodes can be dynamically and transparently added to the cluster, or removed from it.

  • Rolling upgrades: The software is designed for upgrades with zero disruption to service.

Scaling and performance

We recommend customers run at least two Connect2id server nodes, in "replication" or "stateless" cluster mode, to ensure high-availability of their OpenID Connect and OAuth 2.0 service.

Small organisations, with users in the order of 10 thousand users, can run a Connect2id server on a host with as little as 1 CPU and 2 GB RAM.

Large user bases can benefit from a Connect2id cluster where the OpenID Connect / OAuth 2.0 requests are load-balanced over multiple nodes. A single node on typical server grade hardware can handle between 100 and 300 logins per second. Nodes can be dynamically added or removed to match current demand.

In-memory storage and caching for data such as sessions and client registrations also allows applications to be served with low latency, while
reducing load on your backend database.

Supported deployments

A Connect2id server cluster can be deployed on premise or in a cloud provider of your choice. Supported backend databases include MySQL, PostgreSQL, LDAP v3 and DynamoDB. Redis can be used as an alternative in-memory and cache store to Infinispan.