WSO2 API Manager cluster deployment. Some architectural doubts

1
votes

I have the following doubt related to a WSO2 API Manager 2.6.0 installation in cluster mode.

I have to follow the deployment PATTER 4 proposed by the official documentation: https://docs.wso2.com/display/AM260/Deployment+Patterns

So this is the logical scheme:

enter image description here

In order to provide high availability this deplyment pattern expected:

  • 2 external gateways componet (the gateways exposed on Internet).
  • 2 internal gateways component (the gateways exposet inside the intraned or accessible via VPN).
  • 2 developers portals (publisher, store with the traffic manager component).
  • 2 key manager components.

Ok this is pretty clear to me. From this logical schema the final client provided me the following physical scheme representing the actual machines (we are going to deploy it ons some virtual machines, we are not using tool like Kubernates):

enter image description here

This second physical scheme illustrate the VM that have to be created and the component that have to be installed on each machine. Here I am finding the following doubts:

  1. As you can see in the previous picture (into the WSO2 API Manager nodes section of the scheme) it seems that the gateway component is splitted into gateway manager and gateway worker node. It seems that in a 2 gateways scenario there are 2 nodes for the first gateway component (a manager node and a worker node) and other 2 nodes for the second gateway component (another manager node and another worker node). It seems to me pretty strange. From what I know the gateway component is self-consistent and I have not to split in manager and workers node. My idea is to have only 2 nodes for my redundant gateway componenets (GATEWAY 1 and GATEWAY 2). Is it or am I missing something?

  2. Another doubt is related to the load balancing: the gateways componenets have to be under a load balancer. My doubt is: can make sense use 2 different load balancers? (an external LB for the external gateway node and an internal LB for the internal gateway nodes).

  3. Last doubts it is related it is related to the 2 key managers node (related to WSO2 IS component that have to be integrated with API Manager). I think that also these 2 nodes have to be under load balancing. So is it wise to put these nodes under the previously mentioned internal load balancer?

1
wso2wso2-amwso2is

1 Answers

1
votes

1) APIM used to have this worker-manager separation earlier, and the publisher used to publish API runtime artifacts to the gateway manager node. Then the gateway manager saves the runtime file in its file system and an NFS is used to sync those with other gateways. But now there is no manager profile anymore. Now the publisher publishes to itself (i.e. config of the publisher should be pointed to itself) and then uses the NFS to share the files with the gateways.

2) Yes, you can.

3) Yes, you can. But if you have use cases such as token generation via Authorization code grant, you need to expose the KM to external LB too, because browsers have to directly talk (redirect) to KM when a user logs in.