Hyper-Scalable Privileged Access Service: High Availability Multi-Availability Zone in Microsoft Azure

If you are a current customer with support hours for Delinea Professional Services, you can discuss any of these diagrams in detail with one of our Professional Services support architects.

Definitions

  • Recommended for large production environments
  • Major Application components split primarily across many servers with each major layer offering HA capability
  • Connectors installed in one or more locations
  • Flows depict connectivity for web based connection between user and destination systems and using native SSH or RDP clients to connect through connector to destination systems (proxied use cases)
  • Servers in other Availability Zone are located within the same region. Not all communication lines have been pictured for this active/active design between all AZs to make the diagram comprehensible. Communication within the Web, Background, Relay, and Database Layers may be required between Availability Zones using the ports described. As an example, the Web Server's in AZ1 will require communication to the Background and Relay Nodes in AZ2 based on the ports pictured in AZ1 location and vice versa. For any customers with tight firewalls between AZs, please inspect closely the ports that may be required across AZs by referencing - https://docs.delinea.com/online-help/cloud-suite/before-deploy/firewall.htm?Highlight=firewall%20rules.
  • Designs that are spread across regions will require similar failover process as depicted in HSPAS High availability single site
  • Customers may leverage PaaS offerings for PostgreSQL and Redis for Azure. This reference architecture pictures multi-AZ support for these layers. Be aware that during a failover to a replica, communication/port requirements to the replica will be required.

System Requirements

  • 8 Core, 8 GB RAM for the Application, Web, Logging, and Relay layers
  • 4 Core, 16 GB RAM for the Connector
  • 8 Core, 32 GB RAM for Postgres
  • 8 Core, 32 GB RAM for Redis Cache
  • Management Server does not need to be a net-new system and can have minimal specs

Diagram

Figure: High availability multi-availability zone in Microsoft Azure (large deployment)

alt

Figure: Diagram legend

alt