Unity Console Admin Guide

In a load-balanced configuration there are two or more ADSS Server instances handling front-end services such as the OCSP Service. The background task of CRL polling, i.e. retrieving CRLs from online repositories should be performed by only one instance of ADSS Server. This is because if several ADSS Server instances were polling for CRLs they would simultaneously download and attempt to process the same CRL, which is obviously pointless. However this leads to a potential situation where the ADSS instance which is retrieving CRLs (referred to as the “Primary”) can become a single point of failure. If this instance fails then polling for CRLs will not be conducted by any other instance. To overcome this issue, ADSS CRL Monitor implements a high availability option such that if the Primary ADSS Server instance fails (e.g. the server fails), then another ADSS Server can automatically promote itself to Primary and take over the responsibility for CRL polling.

All ADSS Server instances use the same database and use this to check what their status is. The first installed instance of ADSS Server automatically becomes the Primary and all subsequent instances act as Secondary. This only applies to the CRL Monitor polling process; other front-end services (e.g. the OCSP service, Signing service, etc) are generally provided by all ADSS Server instances and typically accessed using a hardware load-balancer.

The screen shot below shows the status of two ADSS Servers and the configuration information:

The configuration items are as follows:

See also

CRL Monitor Key Features
CRL Storage within ADSS Server
Proxy Settings and Digest Authentication

Service Manager
HA Configuration
Viewing CRL Details
CRL Monitoring
Instant Revocation
CRL Logs
Logs Archiving
Alerts
Advanced Settings