Server Setup » High Availability
Conjur Enterprise High Availability
A cluster of Conjur servers provides high availability and cloud-friendly, global distribution with low latency. A Conjur cluster is configured in a master-standby-follower architecture.
A cluster contains the following components:
- One active master.
- One or more standby masters, with at least two required if you want to implement a self-healing cluster. A standby is a replicated master, ready to take over as master.
- One or more followers, with at least two recommended. Followers are also replications of the master, configured to service mostly read requests. Typical deployments use load balancers to handle traffic to the followers.
The standbys continuously replicate the Conjur database from the active master, using PostgreSQL streaming replication.
Synchronous replication ensures a completely up-to-date standby at any time. Asynchronous replication may lag behind the master. A healthy cluster has at least one standby configured as synchronous.
Most traffic to Conjur is read traffic. Followers are horizontally scaling components that are typically configured behind a load balancer to handle all types of read requests, including authentication, permission checks, and secret fetches. Write operations requested on a follower are delegated to the master.
Master-to-follower replication is asynchronous. Recommended practice connects followers to the master through a load balancer. This avoids having to reconfigure the followers whenever a standby becomes a master.
Auditing in a Cluster
The master and all followers generate audit records that capture all activity. A follower forwards its audit events to the master.
Secure Communication in a Cluster
All traffic within the cluster is secured by verified TLS (HTTPS, LDAPS, or PostgreSQL with TLS). Each Conjur server has an SSL certificate which is issued by a common certificate authority (CA). The CA can be Conjur or an external customer-managed CA.
Seed Files for Replication
To create a new follower or standby, a seed file of information from the master is required. An authorized administrator generates the seed file on the master, copies it, and unpacks it on the new server. The seed file contains sensitive information, including configuration settings, SSL certificates and private keys, and data encryption keys. Be sure to restrict access to seed files and protect the information.
Master Key Encryption
The server data keys and SSL private keys can be encrypted using a master key. When the master keys are encrypted, no plaintext keys are stored on the server hard disk or included in the seed files. Conjur supports Hardware Security Module (HSM) and Amazon Key Management Service (KMS) integrations for master key encryption.
We recommend that client machines be configured to direct their requests to a load balancer that sits in front of the Conjur followers. The load balancer can use the Conjur built-in health check to route traffic to healthy machines. Use health-checking DNS in front of the load balancer(s) for even better locality and availability.
The load balancer is not provided by Conjur. Contact Conjur support for load balancer recommendations and best practices.