Does it make sense to spread our connectors geographically?
09-05-2018 12:20 PM
We are a large North American company with sites across the US and Canada. Should we have more than two connectors for latency? Like one on the east coast and the west coast?
Solved! Go to Solution.
09-05-2018 01:03 PM
Welcome back to the Centrify forums.
You should have as many connectors as you can for redundancy. Note that connectors can have different roles, therefore you can have different strategies for them.
Some basic guidelines:
- AD Proxy and LDAP Proxy roles: In the case of AD, many and close to global catalog servers. For LDAP, depends on your LDAP design. I highly recommend that you leverage the best placement or quantity based on your Directory design.
- Jumpbox Services (e.g. RDP, SSH): Sizing depends on load. These services work like reverse-proxies that can benefit from very good network throughput and SSL acceleration. Ask yourself:
- How many users are leveraging the SSH gateway (e.g. ssh to a connector to access systems without visiting the portal)?
- How many users are leveraging the Local Clients (PuTTY or RDP)?
- MFA Services (API/Web Server): These depend a lot of throughput, but also on how well your Active Directory Sites and Services are "well-oiled" because Centrify MFA clients will pick based on this information.
- RADIUS (client or server): If client, close to your RADIUS servers. If Server, close to your clients.