Scaling and high-availability

Engineered for 100% uptime

Identity services can be critical to relying applications.

The Connect2id server is designed from the ground up for continuous availability:

  • Avoiding single points of failure: The web service layer and the underlying database for persisting the server’s own data can be clustered for high-availability (HA).

  • Database isolation: By using clever caching techniques, the Connect2id server can sustain basic service (user login / ID token issue) with the underlying database being down or unavailable for minutes or even hours.

  • UI isolation: Front-ends / UIs are not served by the Connect2id server itself, and can be updated and scaled independently.

  • Live metrics: Over hundred live metrics, published at a secure web API or streamed via Graphite, are available to monitor your Connect2id server cluster.

  • Seamless scaling: Server and database nodes can be transparently added or removed to / from the cluster.

  • Seamless upgrades: The software is designed for upgrades with zero disruption to service.

Scaling and performance

For small organisations (in the order of 10 thousand users) the Connect2id server can run on a virtual host with 1 core and 2 GB RAM.

Large user bases can benefit from a Connect2id cluster where the OpenID Connect / OAuth 2.0 requests are load-balanced over multiple nodes. A single server node on typical hardware can handle between 100 and 300 logins per second. Nodes can be dynamically added or removed to / from the cluster to match current demand.

Utilising modern data grid technology by Infinspan enables aggressive in-memory caching of internal objects (sessions, client registrations, persisted authorisations) across the cluster for optimal responsiveness.

Supported deployments

We support production deployment of Connect2id server clusters on premise or in the cloud:

  • On premise, typically with UDP / multicast based node discovery and data synchronisation.

  • In the cloud (e.g. AWS), with agent-based node discovery and TCP based data synchronisation.