This article describes strategic best practices for ensuring BoKS Replica availability when implementing BoKS in your organization.

Scaling to handle the authentications in a BoKS domain

BoKS Server Agents need constant availability of a BoKS Replica in order to enforce BoKS Access Routes, among other things.

Recommended best practice:

  • There need to be enough Replica servers and the number usually depend on three factors:
    • The most important factor is the number of authentications (peak and average).
    • Replicas have been tested to handle upwards of 240 authentications per second with a single CPU system.
      Multiple (four) instances of the servc (authentication) daemon are started, so multiple CPU systems will be able to do more.

  • The number of Server Agents that will require authentication.
    • Replicas have been tested to handle upwards of 600 Server Agents each, in smoothly functioning networks.

  • To add redundancy, every domain should have at least one Replica.
    • This should also serve as Disaster Recovery (DR) Replica in case the Master is down.

  • Where to place Master and Replicas depends largely on where the Server Agents are, especially if there are multiple data centers:
    • The closer the Replica servers are to the Server Agents, the faster the user response time will be.
    • One should usually have at least one Replica in each data center.

  • If you have a collection of Server Agents in a location with low bandwidth or high latency it may or may not be a good idea to place a Replica there:
    • The benefit to the Server Agents in this location of having a Replica may come at the price of poor replication performance.
    • Slow replication to this Replica will affect replication to all Replicas so it may be necessary to keep Replicas in a place with lower latency.

  • If there are frequent or large data feeds between the Master server and other systems it may be beneficial to locate the Master near those servers.

  • Ensure that the $BOKS_etc/bcastaddr file is correctly configured. (In all but the smallest, simplest domains it is recommended to use the bcastaddr file).
    • Replicas should have the Master and DR Replica in the bcastaddr file.
    • Server Agents should have more than one Replica, and preferably all of them, in the bcastaddr file.

  • To maximize performance in larger domains it can be a good idea to take the load of Server Agent calls off the Master. See article #11696 "Avoiding stress on the BoKS Master" for more information.

Last Modified On: May 25, 2018