Skip to main content
Skip table of contents

Set up high availability for Digital Access deployment (bridge network)

This article includes updates for Digital Access 6.3.0 and Smart ID 22.10.2.

This article describes the setup of high availability for two or more Digital Access services with a Smart ID docker compose deployment setup.

Smart ID Digital Access component supports distributed mode to enable high availability. With this mode, Digital Access will switch to a redundant service once the primary one has stopped working. Thereby, not only one but several redundant services are supported. 

The deployment steps mentioned in Deploy Smart ID apply to single node setup only. If you want to configure Digital Access in distributed mode or high availability, follow the steps below for deployment on every node.

Prerequisites

The following prerequisites apply:

  • Make sure all the required firewall ports are open.
  • This setup uses the bridge network mode.
  • You have copied the Smart ID deployment folder and followed steps from Deploy Smart ID document till the "Initialize your deployment" section.

Step-by-step instruction

Update docker-compose.yml for all services

For all nodes that you shall add, you must do changes in docker-compose.yml for all services. Make sure that all service names are different for every node and that they match the ones you set in Digital Access Admin while adding the new services. See the examples below.

Administration service

docker-compose.yml

CODE
services:
  smartid-da-admin:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/administration-service:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-admin"
    ports:
      - "8443:8443"
      - "8300:8300"
    volumes:
      - ../DA-data:/etc/nexus:z
      - ../config/da-admin-customize.conf:/opt/nexus/administration-service/config/customize.conf:ro
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend
Policy service

docker-compose.yml

CODE
services:
  smartid-da-policy:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/policy-service:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-policy"
    ports:
      - "4443:4443"
      - "8301:8301"
    volumes:
      - ../DA-data:/etc/nexus:z
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend
Authentication service

docker-compose.yml

CODE
services:
  smartid-da-auth:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/authentication-service:${SMARTID_VERSION}"
    environment:
      - IMPLICITLY_TRUST_RADIUS_CLIENT=true
    restart: always
    container_name: "smartid-da-auth"
    ports:
      - "8302:8302"
      - "18118-18126:18118-18126/udp"
    volumes:
      - ../DA-data:/etc/nexus:z
      - ../config/da-auth-customize.conf:/opt/nexus/authentication-service/config/customize.conf:ro
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend
Distribution service

docker-compose.yml

CODE
services:
  smartid-da-dist:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/distribution-service:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-dist"
    ports:
      - "8303:8303"
      - "9443:9443"
    volumes:
      - ../DA-data:/etc/nexus:z
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend
Access point

docker-compose.yml

CODE
services:
  smartid-da-accesspoint:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/access-point:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-accesspoint"
    ports:
      - "443:10443"
      - "80:8090"
    volumes:
      - ../DA-data:/etc/nexus:z
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend

In Digital Access Admin

Do updates in Digital Access Admin
  1. Start the administration service and all other services.

    Example: Start Digital Access Administration service

    CODE
    cd <SMARTIDHOME>/compose/digitalaccess/administration-service
    docker-compose up -d
    
  2. Log in to Digital Access Admin and change the internal host of all services so that they are able to communicate with the administration service and are also reachable from other nodes to other services.
  3. Make sure the port for each added service match the ports in docker-compose.yml.
  4. Go to Manage System > Administration service and check Listen on all interfaces.
  5. Click Restart to restart the administration service.
  6. Add the required services for high availability and note down the ID of the services.
  7. Go to Manage System, and for all the services, check Listen on all interfaces and Distribute key files automatically.
  8. Publish the changes.

Edit LocalConfiguration.xml of all services

Edit LocalConfiguration.xml for all services
  1. Update LocalConfiguration.xml of each service on the same host as administration service to have the correct mHost value for the administration service.
  2. Update LocalConfiguration.xml of newly added services on other nodes. For example, if you add a new policy service in the administration service, then the LocalConfiguration.xml of it would look like in the example below.
  3. Change the <id> tag value and mId of the new service to match the one in Digital Access Admin. Make sure that the mHost of the administration service is correct.

Example: LocalConfiguration.xml of 2nd policy service

CODE
<?xml version="1.0" encoding="UTF-8"?><com>
  <portwise>
    <core>
      <id>7</id>
    </core>
    <policy>
      <node>
        <object key="c000ejp1m5" name="Administration Service" trans="gi3d4lmzfh1c" ver="50600">
          <attribute name="mAllInterfaces" type="boolean" value="true"/>
          <attribute name="mPort" type="integer" value="8300"/>
          <attribute name="mHost" type="string" value="<admin-hostname>"/>
          <attribute name="mType" type="integer" value="5"/>
          <attribute name="mId" type="integer" value="1"/>
        </object>
        <object key="aaaaaaa" name="Policy service 2" trans="abgfh" ver="50600">
          <attribute name="mAllInterfaces" type="boolean" value="true"/>
          <attribute name="mPort" type="integer" value="8301"/>
          <attribute name="mHost" type="string" value="policy2-hostname"/>
          <attribute name="mHTTPLogSettings" type="container" value="logsettings">
            <attribute name="mEventLogLevel" type="string" value="OFF"/>
            <attribute name="mLocalCount" type="integer" value="2"/>
            <attribute name="mAuthenticationTiming" type="boolean" value="false"/>
            <attribute name="mFileLogLevel" type="string" value="OFF"/>
            <attribute name="mFileSizeRotationEnabled" type="boolean" value="true"/>
            <attribute name="mCentralLimit" type="integer" value="15000000"/>
            <attribute name="mLocalLimit" type="integer" value="5000000"/>
            <attribute name="mDateRotationEnabled" type="boolean" value="false"/>
            <attribute name="mCentralCount" type="integer" value="5"/>
          </attribute>
          <attribute name="mType" type="integer" value="1"/>
          <attribute name="mId" type="integer" value="7"/>
        </object>
      </node>
    </policy>
  </portwise>
</com> 
Start Digital Access
  1. Stop and start the modified Digital Access services by going into the wanted component folder:

    Digital Access - services location

    CODE
    <SMARTIDHOME>/compose/digitalaccess/accesspoint
    <SMARTIDHOME>/compose/digitalaccess/policy-service
    <SMARTIDHOME>/compose/digitalaccess/administration
    <SMARTIDHOME>/compose/digitalaccess/distribution-service
    

    Restart Dígital Access Administration service

    CODE
    cd <SMARTIDHOME>/compose/digitalaccess/administration-service
    docker-compose down
    docker-compose up -d
    
  2. If there are errors in the logs related to that the connection is not successful, restart the services and check the logs again.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.