Migrate from standalone mode to High Availability mode


We are using PrivacyIdea as RADIUS server for VPN SSL authentication since 2020. It works great !

We have now two different site location and 2 WAN.

We want to move out from this:

Site A: PrivacyIdea Site A
Site A: Database Site A

Site B: PrivacyIdea Site A
Site B: Database Site A

To this architecture:

Site A + B: PrivacyIdea A+B
Site A + B: database A + B

Is this guide still working for Ubuntu 20.04 and PrivacyIdea 3.7.1 ?

What are the most important things to do to avoid erasing the database.

Thanks !

It’s PROBABLY still relevant, but I found issues cropped up after awhile with replication. This is most certainly due to my lack of knowledge. However, unless your sites are geographically distant, it would probably be easier to just properly route those requests across your internal network.

To add, since we don’t have database replication occurring, I have a task configured to backup the database every couple hours to an external file share that gets backed up by our enterprise backup solution. If our datacenter becomes a smoking hole in the ground, we’d only be out a couple hours and MAYBE a token or two, acceptable risk level for me.

In terms of availability, our organization isn’t nearly large enough to overwhelm a very modestly resourced PrivacyIDEA server. About 2,000 tokens and probably about the same number of authentications per day don’t even touch the server’s high water mark.

One place we DID run into issues was having an automated system that scans RADIUS authenticated devices en masse. When being hit with around 1,000 RADIUS authentications per second, the server was absolutely crushed and would drop auth requests, the RADIUS plugin is quite resource intense.