If you're a software developer, on the other hand, you'll have to consider how to handle session state for the...
server cluster in order to preserve authentication credentials.
There are several mechanisms for doing this. One is through load balancing and the other involves the Microsoft Cluster Service (MCSC). In Windows Server 2003, MCSC integrates with Active Directory. It creates a virtual service object within Active Directory that allows Kerberos authentication. This object is used only for Kerberos authentication and can't be used for applying Group Policy Objects (GPO).
In other versions of Windows and Unix systems, more traditional load balancing systems are used. In general, these systems use load balancing software to distribute traffic across servers that are members of a cluster. The load balancer is assigned a virtual IP address that can represent any server in the cluster.
When requests are made to this virtual IP address, the session is preserved by the load balancer and distributed to member servers. Among the data in the session is a unique string of characters and numbers assigned after login. If someone is logged onto the Web site and hits a link that goes to another Web server in the cluster, as you describe, the load balancer automatically authenticates the user to the second Web server.
Load balancers are supposed to keep the session alive, even if the original server goes down. Again, the session is stored by the load balancer, so it isn't extinguished by the loss of any one server in the cluster.
In J2EE, for example, there are session objects associated with a servlet. The session can be shared across all the servers in a cluster, or just stored in a few that can be accessed as needed. There are multiple coding schemes for doing this that are beyond the scope of this brief tip.
Generally, once the user is authenticated to the cluster, the load balancer managing the cluster takes over maintaining the session state.
For more information:
Dig Deeper on Two-Factor and Multifactor Authentication Strategies
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.