ArboNed is a Dutch national labor-service, specialized in absence, prevention and optimization of employees. DongIT offered its expertise to built a secure infrastructure to report absences by employees of companies affiliated to ArboNed.
High availability, scalable, fail-over mechanism and no single-point of failure
At any given moment the service should be available for employees to report their absence, therefore high availability is demanded. Besides high availability, the infrastructure should be able to handle a large amount of traffic during peak hours and the exchanged information should be secure at all times. Failure of one component should not be an obstacle to report an absence.
DongIT has built an infrastructure in collaboration with TriageExpert and Berkeley Bridge that would meet the requirements mentioned. DongIT has specifically chosen for a scalable solution, including fail-over mechanisms and no single-point of failure.
How does it work?
Absence reports are first sent to high-end loadbalancers which are then forwarded to one of the available absence-servers (based on an algorithm). The algorithm is used to redirect traffic over the available servers and makes sure that a user will always be forwarded to the same server during a session. The latter is important due to temporary stored information during the absence report.
Fail-over mechanism (absence report)
Whenever a server fails, it will be detected by the load-balancers and set to unavailable. Traffic will then be rerouted to all other available servers. The unavailable server can be fixed by administrators while employees can still fill out their absence report. When the ‘failed’-server is fixed, it will be detected by the load-balancers and will become automatically available for use again. By using this setup, the service should be always available to its users.
Capacity can be an issue, especially when handling a large amount of traffic or due to change in the architecture. DongIT has managed to create a flexible setup to install as many servers as needed to handle the requests of absence reports. Servers can be added on the fly with little configuration needed.
Information is secured by transport using SSL-certificates. The servers taking care of absence reports are not directly connected to the Internet. Every request will go through the load-balancer which decides what to do. Request will only be forwarded when the load-balancer matches a certain criteria.
Technical: HAProxy load-balancing and KeepAlived (health check)
DongIT makes use of the reliable and secure open-source software, HAProxy (http://haproxy.1wt.eu). HAProxy offers high availability, load-balancing and proxy for TCP and HTTP. DongIT’s load-balancers are redundant, this means whenever an ‘active’ load-balancer fails, a backup load-balancer will take over. Switching between ‘active’ and ‘non-active’ load-balancers and checking its status is done using the open-source software KeepAlived (http://keepalived.org)