Configure Security Framework servers

A single datacenter can support a maximum of five (5) Security Framework servers (nodes). Kofax uses a replication factor (RF) of three (3) which means that a record is distributed to three Security Framework nodes to provide redundancy. Increasing the number of nodes helps to distribute the load across all servers, allowing data sharing across more nodes. However, adding more nodes above the recommended three does not increase the redundancy.

When two (2) nodes are installed on a datacenter in a High Availability (HA) environment, the Security Framework continues to work when one node is down. This happens when quorum cannot be met in the local datacenter (because there are two nodes instead of the recommended minimum of three), and it falls back to the first node asking for responses from at least two nodes across all datacenters. If that fallback fails (in the case when one of the two nodes is down), it falls back further to ask for one response from any node across all datacenters. As long as one node that can handle the query exists somewhere in the cluster, the Security Framework continues to work. When this happens, the responses take longer and entries are generated in the Security Framework Service log file each time a fallback attempt is made.

The fallback messages in the Security Framework log file do not mean that the Security Framework is failing, but it could indicate a node is down, which should be fixed for optimal performance. (See Remove a node from the Security Framework Service)

Using three nodes per datacenter for HA is reasonable to ensure that the system tolerates having one node down without incurring the delays that result when the fallback logic activates. Three nodes in the datacenter provides the best redundancy and performance in case a node goes down.

The following number of Security Framework nodes is recommended:

  • 2 Security Framework nodes is the minimum for HA (Kofax recommendation).
  • 3 Security Framework nodes is best for maximum redundancy.
  • Use 5 Security Framework nodes to distribute the load when there are a large number of clients.