03-29-2018 07:00 AM
So, I was not involved in the initial setup of our DUO Proxy Servers, and I was recently asked if they were in Active/Active or Active/Passive mode. This is something I should know, but alas do not… I have called support 4 times this morning, but the boys and girls at DUO are mighty busy this AM. So, maybe someone can tell me where to look on my proxies. I believe that they are based on the load I see on both of them. They always seem to be about equal, but I am not certain. We are performing a migration of our VM Servers and each one will need to go offline for about 30 minutes, so I need to know that we are good to go. If anyone can answer me, that would be the most greaterestest thing in the whole wild world. Thanks!
Solved! Go to Solution.
04-04-2018 02:39 PM
Hi there!
If you mean the Duo Authentication Proxy server, it doesn’t have native high-availability. We have some guidelines for setting up high-availability but the actual details of your HA configuration is something that would be unique to your organization. We wouldn’t know if you were using load-balancers, round-robin DNS, a hot spare, etc.
Something that might help you figure it out is to look at one of the devices that is configured to pass authentication traffic to the proxy server and see what IP address it’s using. Is it the IP address of one of the proxy servers or is it a virtual IP? If virtual, you could then try to figure out where that IP originated.
Best of luck with your migrations!
04-04-2018 02:39 PM
Hi there!
If you mean the Duo Authentication Proxy server, it doesn’t have native high-availability. We have some guidelines for setting up high-availability but the actual details of your HA configuration is something that would be unique to your organization. We wouldn’t know if you were using load-balancers, round-robin DNS, a hot spare, etc.
Something that might help you figure it out is to look at one of the devices that is configured to pass authentication traffic to the proxy server and see what IP address it’s using. Is it the IP address of one of the proxy servers or is it a virtual IP? If virtual, you could then try to figure out where that IP originated.
Best of luck with your migrations!
04-04-2018 10:29 PM
Check the duo proxy logs. If the both of the logs show that authentication happens on both of the proxies=> both are used. As Kristina said, there might be an LB in front of the proxies. . LB’s can be configured several ways. So proxies might be configured to function primary&backup mode , or loadbalanced with weighting etc so it is difficult to deduce from duo proxy logs other than auth traffic flows through them/not. Maybe you could reach out to your network admins and ask if they have LB’s configured in front of proxies and what are the settings.
04-05-2018 05:45 AM
Thanks, yeah I forgot to update this post… At first I didn’t know if the proxies themselves had some kind of HA integration option in the servers, but I did find out that we have them load balanced using our F5s with a VIP… thanks for the response!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide