locked
Impact of NOT having SSO Cluster RRS feed

  • Question

  • Hello Everyone,

    I wanted to understand the below points about SSO Clustering.

    * Impacts of NOT having SSO Cluster

    * Benefits of having SSO Cluster

    * Step by step guide available for SSO Clustering.

    * Is there any pre-requisite or important deadlocks while performing SSO Clustering.

    Thanks in advance for all your suggestions.


    Thanks,
    Prashant
    ----------------------------------------
    Please mark this post accordingly if it answers your query or is helpful.

    Thursday, April 9, 2015 10:01 AM

Answers

  • * Impacts of NOT having SSO Clusterà -->SSO is the key service in order to run BizTalk environment. That is why it is recommended to have SSO as a cluster service in production environemt along with your SQL instance as cluster. This is for high availability of the service.

    Consider SSO is running only on one physical machine and if that goes off, your whole biztalk environment will stop working and it will be a downtime. That is why it is always recommended to have SSO as cluster.

    * Benefits of having SSO Cluster--> same as above appoint.

    * Step by step guide available for SSO Clustering.--> https://msdn.microsoft.com/en-us/library/aa559783.aspx?f=255&MSPPError=-2147217396

    * Is there any pre-requisite or important deadlocks while performing SSO Clustering.--> nope. It’s very straight forward , please follow the guide . any windows Admin person can perform the clustering of this service.

    Make sure you keep the backup always at safe place.

     


    Greetings,HTH
    Naushad Alam

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer
    alamnaushad.wordpress.com


    Thursday, April 9, 2015 10:38 AM
    Moderator
  • 1.  You have a single point of failure.  That's only a problem if it's the only single point of failure.

    2. Redundancy/HA.  There's really no performance benefit.

    3. All documented at MSDN: https://msdn.microsoft.com/en-us/library/gg634572(v=bts.70).aspx

    4. No, other than clustering prereqs.

    Thursday, April 9, 2015 12:17 PM
    Moderator
  • It's explained on:

    https://msdn.microsoft.com/en-us/library/gg634572(v=bts.70).aspx

    Every 60 seconds the SSO synchronizes with the master sso, if the master secret server fails, and the SSO service detects the failure in one of its refresh intervals, the SSO service and all run-time operations that were running before the server failed, including decryption of credentials, continue successfully. However, you cannot encrypt new credentials or port configuration data. Therefore, the BizTalk Server environment has a dependency on the availability of the master secret server 

    So most part of the BizTalk processing will still work, but it's not possible to change anything in the configuration eg port configuration, or read anything from a sso config store.

    Also, if two BizTalk servers are configured in a group and one suddenly goes down, will the messages it was processing can be resumed on other server?

    It depens what the processing was a request-response sendport will probably stay active an orchestration will problably become suspened and could be resumed but normally you have to clean up some mess.

    Monday, April 13, 2015 2:23 PM

All replies

  • * Impacts of NOT having SSO Clusterà -->SSO is the key service in order to run BizTalk environment. That is why it is recommended to have SSO as a cluster service in production environemt along with your SQL instance as cluster. This is for high availability of the service.

    Consider SSO is running only on one physical machine and if that goes off, your whole biztalk environment will stop working and it will be a downtime. That is why it is always recommended to have SSO as cluster.

    * Benefits of having SSO Cluster--> same as above appoint.

    * Step by step guide available for SSO Clustering.--> https://msdn.microsoft.com/en-us/library/aa559783.aspx?f=255&MSPPError=-2147217396

    * Is there any pre-requisite or important deadlocks while performing SSO Clustering.--> nope. It’s very straight forward , please follow the guide . any windows Admin person can perform the clustering of this service.

    Make sure you keep the backup always at safe place.

     


    Greetings,HTH
    Naushad Alam

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer
    alamnaushad.wordpress.com


    Thursday, April 9, 2015 10:38 AM
    Moderator
  • 1.  You have a single point of failure.  That's only a problem if it's the only single point of failure.

    2. Redundancy/HA.  There's really no performance benefit.

    3. All documented at MSDN: https://msdn.microsoft.com/en-us/library/gg634572(v=bts.70).aspx

    4. No, other than clustering prereqs.

    Thursday, April 9, 2015 12:17 PM
    Moderator
  • If you have a clustered BizTalk environment, you have to cluster the SSO otherwise you still have a single point of failure.

    If you don't have a clustered BizTalk environment there is no use of clustering the SSO because there is always a single point of failure (the database).  

    Thursday, April 9, 2015 12:59 PM
  • Guys if I have SQL & SSO Clustered and two BizTalk Servers configured in same Group will it considered as Highly Available environment?

    In case of two BizTalk servers configured in same group, we will have ENTSSO service running on both the servers. So ideally one server is will have Master Secret while other will be just caching it. So if master secret server is down, other server will use the cached version of Master Secret and this will work perfectly till the ENTSSO service is not restarted.

    Also, if two BizTalk servers are configured in a group and one suddenly goes down, will the messages it was processing can be resumed on other server?


    Thanks,
    Prashant
    ----------------------------------------
    Please mark this post accordingly if it answers your query or is helpful.

    Sunday, April 12, 2015 4:45 PM
  • It's explained on:

    https://msdn.microsoft.com/en-us/library/gg634572(v=bts.70).aspx

    Every 60 seconds the SSO synchronizes with the master sso, if the master secret server fails, and the SSO service detects the failure in one of its refresh intervals, the SSO service and all run-time operations that were running before the server failed, including decryption of credentials, continue successfully. However, you cannot encrypt new credentials or port configuration data. Therefore, the BizTalk Server environment has a dependency on the availability of the master secret server 

    So most part of the BizTalk processing will still work, but it's not possible to change anything in the configuration eg port configuration, or read anything from a sso config store.

    Also, if two BizTalk servers are configured in a group and one suddenly goes down, will the messages it was processing can be resumed on other server?

    It depens what the processing was a request-response sendport will probably stay active an orchestration will problably become suspened and could be resumed but normally you have to clean up some mess.

    Monday, April 13, 2015 2:23 PM