Clustering WSO2 Governance Registry 5.1.0

Introduction

Recently, I created a Governance Registry cluster on EC2 using Nginx as a load balancer. The cluster created was a 3 node cluster, fronted with Nginx. The initial plan was to create a cluster with 2 Nginx load balancers, one each for the Store components and the Publisher components, as given below.

greg-original

Originally proposed deployment pattern

As the first step in creating the cluster, I was advised to create a cluster (same deployment pattern as above) of just one G-Reg node. Although I successfully managed to deploy the cluster, there was a major issue in it. The scenario for the G-Reg cluster I was creating was that the artifacts would be deployed by the publishers and as such, the Publisher context should only be accessible by publishers (typically in a company). The artifacts would be consumed by users and they would access these artifacts through the Store. 

Now in the cluster I created, the issue was that  if a user signs in to the Store, he/she would also be able to access the Publisher and vice versa. This is problematic since only the publishers (i.e: the company) should be able to publish artifacts. This is because G-Reg has the Single Sign On (SSO) feature enabled by default. When SSO is used, a user signed into one system can access other, connected systems without the need to sign in again at those particular systems. More on SSO can be found here.

Continue reading

Advertisements