Does it make sense to spread our connectors geographically?

Showing results for 
Search instead for 
Do you mean 
Reply
Participant I
Posts: 3
Registered: ‎07-16-2018
#1 of 2 414
Accepted Solution

Does it make sense to spread our connectors geographically?

We are a large North American company with sites across the US and Canada. Should we have more than two connectors for latency? Like one on the east coast and the west coast?

Centrify Guru I
Posts: 2,349
Registered: ‎07-26-2012
#2 of 2 413

Re: Does it make sense to spread our connectors geographically?

[ Edited ]

@ebeshara,

 

Welcome back to the Centrify forums.

 

You should have as many connectors as you can for redundancy.  Note that connectors can have different roles, therefore you can have different strategies for them.

conn-services.JPG

 

Some basic guidelines:

  • AD Proxy and LDAP Proxy roles:   In the case of AD, many and close to global catalog servers.  For LDAP, depends on your LDAP design.  I highly recommend that you leverage the best placement or quantity based on your Directory design.
  • Jumpbox Services (e.g. RDP, SSH):  Sizing depends on load.  These services work like reverse-proxies that can benefit from very good network throughput and SSL acceleration.   Ask yourself:
    • How many users are leveraging the SSH gateway (e.g. ssh to a connector to access systems without visiting the portal)?
    • How many users are leveraging the Local Clients (PuTTY or RDP)?
  • MFA Services (API/Web Server):   These depend a lot of throughput, but also on how well your Active Directory Sites and Services are "well-oiled" because Centrify MFA clients will pick based on this information.
  • RADIUS (client or server):   If client, close to your RADIUS servers.  If Server, close to your clients.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: