[midPoint] MidPoint Multiple Nodes

[Radovan Semancik]

Hi,

On 07/20/2016 10:50 PM, Martin Marchese wrote:
>
> But we are still confused on how to handle keystores, more 
> specifically, the key that MidPoint uses to encrypt data in the DB.
>
> As far as we understand, this key is store within the keystore, so our 
> question is which is the right set up in order for the second node to 
> use the correct key while getting encrypted information from the database?

The keys are not stored in the database by design (e.g. to protect 
passwords in the database backups, to avoid leak of the password by use 
of database tools, etc.). Therefore the keystores are not shared between 
nodes. They have to be manually copied between nodes. Or you may want to 
set up a network file system. However that may be an security issue and 
copying the keystores at initial setup and then installing new keys to 
each of them is usually no big trouble.

> Also, will the connectors run in both nodes? Is it possible to select 
> in which node does each connector run?

Currently the connectors will run on all nodes. There is even a 
limitation that each connector must be installed on all the nodes. The 
limitation of the per-node connector usage was considered in the 
midPoint design, but it was not yet implemented. This may look simple, 
but it is no easy feature. E.g. a user change operation that started on 
one node must be switched to a different node if the original node does 
not have the connector to finish the operation. This is possible to do, 
but it requires much deeper degree of asynchronism in operations. 
Realistically it is only possible after we implement fully async 
provisionig (https://jira.evolveum.com/browse/MID-2457). But thanks for 
pointing that out. The feature request for that was missing in our jira. 
So I have created it: https://jira.evolveum.com/browse/MID-3310

-- 
Radovan Semancik
Software Architect
evolveum.com