In a multi-server deployment, what is the impact of not ensuring stickiness in the load balancer configuration?
In a high-availability PingAM 8.0.2 cluster, the Load Balancer (LB) is responsible for distributing traffic across multiple AM instances. Session Stickiness (also known as session affinity) ensures that all requests from a specific user session are routed to the same AM server that initially created the session.
According to the PingAM 'Deployment Planning' and 'Load Balancing' documentation, PingAM is designed to be 'sticky-preferred' but not 'sticky-required' if the Core Token Service (CTS) is used. If stickiness is not ensured:
Performance Impact: Every time a user request lands on a different AM server (Server B) than the one that holds the session in local memory (Server A), Server B must query the CTS (External Store) to retrieve the session details, deserialize the object, and reconstruct the session state. This cross-server look-up introduces significant latency and increases the load on the PingDS instances hosting the CTS.
CTS Load: Without stickiness, every single request becomes a 'Global' session lookup. This drastically increases the I/O and CPU overhead on the back-end directory servers, potentially leading to performance degradation of the entire identity platform.
Why other options are incorrect:
Option A: Session failover requires the CTS, but stickiness actually minimizes the need for failover logic during normal operation. Failover still works without stickiness, it just becomes the 'default' behavior for every request.
Option B: AM servers in a cluster share the same encryption keys and back-end stores. Any server can technically validate a session by looking it up in the CTS; the browser doesn't 'know' which server is correct.
Option C: Redirects are handled at the application logic level. While some internal processing changes, it doesn't necessarily result in extra browser-level HTTP redirects.
Thus, the primary negative impact of lacking stickiness in a correctly configured cluster is a decrease in performance (Option D) due to the constant session synchronization overhead.
============
Currently there are no comments in this discussion, be the first to comment!