Cluster-less AAC Deployment

Feature enhancements from IBM Security Access Manager v9.0.6 onwards have enabled the AAC component to be deployed in a cluster-less architecture rather than the traditional clustered configuration.

A cluster-less deployment may be preferred because of technical limitations (container runtimes do not support clustering) or operational reasons, for instance a node can be upgraded by rebuilding the node rather than updating in situ.

In a traditional clustered deployment, the configuration is automatically synchronized by Verify Identity Access between multiple appliances and can only be modified on the primary node of the cluster. Whereas in a cluster-less deployment it is the responsibility of the administrator of the environment to ensure that each appliance has an identical configuration using alternative mechanisms. In a containerized deployments (See Container Support), this is easy and configuration snapshots can be used to instantiate a replicated instance (See Scenario - Replicated Services). For appliance deployments automation should be used instead to configure each appliance identically.

In order to achieve the cluster-less configuration of AAC with a seamless failover, the AAC nodes must be configured to exercise am external runtime database and distributed session cache.