Scaling and high-availability

Engineered for 24/7/365 uptime

Identity and token services are often critical to relying applications. The Connect2id server takes several approaches to achieve continuous availability:

  • Avoiding single points of failure: The web service layer and the underlying database for persisting the server's own data can be clustered for high-availability (HA).

  • UI isolation: The front-end is decoupled from the Connect2id server and can be updated and scaled independently.

  • Live metrics: Over hundred metrics, published at a secure web API or streamed via Graphite or Prometheus, are available to monitor your Connect2id server cluster.

  • Seamless scaling: Server nodes can be dynamically and transparently added to the cluster, or removed from it.

  • Rolling upgrades: The software is designed for upgrades with zero disruption to service.

Scaling and performance

We recommend customers run at least two Connect2id server nodes, in a "stateless" or "replication" cluster mode, to ensure high-availability of their OpenID Connect and OAuth 2.0 service.

Small organisations, with users in the order of tens of thousand of users, can run a Connect2id server on a host with as little as 1 CPU and 2 GB RAM.

Large user bases can benefit from a Connect2id cluster where the handling of requests is balanced over multiple nodes. A single node on a typical CPU with 1 core can handle between 100 and 300 logins per second. Nodes can be dynamically added or removed to match current demand.

In-memory storage and caching of data such as sessions and client registrations also allows applications to be served with low latency, while
reducing load on your backend database.

Supported deployments

A Connect2id server cluster can be deployed on premise or in a cloud provider of your choice. Supported backend databases include MySQL, PostgreSQL, SQL Server, LDAP v3 and DynamoDB. Redis can be used as an alternative in-memory and cache store to Infinispan.