iPSK Manager HA: Risk Management & Governance

Risk Assessment

Risk	Likelihood	Impact	Mitigation	Contingency
PSK credentials exposed in transit (HTTP, no TLS)	High	Critical	Deploy SSL/HTTPS immediately as Phase 0, before any HA work begins.	Restrict access to iPSK Manager web UI to management VLAN only as interim control.
Primary server failure before HA is implemented	Medium	Critical	Document current config for rebuild. Maintain backup of database and application state.	Rebuild from backup on secondary server. Manual ISE RADIUS reconfiguration.
Database replication lag causes PSK inconsistency	Low	High	Synchronous replication for small dataset. Monitor replication lag with Patroni metrics.	Force failover to primary. Resync secondary from primary backup.
Uptime disruption during HA migration	Medium	High	Schedule migration during low-usage period. Keep primary active throughout. Only cutover VIP after secondary validated.	Rollback VIP to primary-only. Disable secondary if causing issues.
ISE RADIUS proxy misconfiguration after HA cutover	Low	Critical	Test RADIUS failover in lab. Document ISE RADIUS server group configuration for both primary and secondary.	Revert ISE to single-server RADIUS config pointing at primary.

Risk

Likelihood

Impact

Mitigation

Contingency

PSK credentials exposed in transit (HTTP, no TLS)

High

Critical

Deploy SSL/HTTPS immediately as Phase 0, before any HA work begins.

Restrict access to iPSK Manager web UI to management VLAN only as interim control.

Primary server failure before HA is implemented

Medium

Critical

Document current config for rebuild. Maintain backup of database and application state.

Rebuild from backup on secondary server. Manual ISE RADIUS reconfiguration.

Database replication lag causes PSK inconsistency

Low

High

Synchronous replication for small dataset. Monitor replication lag with Patroni metrics.

Force failover to primary. Resync secondary from primary backup.

Uptime disruption during HA migration

Medium

High

Schedule migration during low-usage period. Keep primary active throughout. Only cutover VIP after secondary validated.

Rollback VIP to primary-only. Disable secondary if causing issues.

ISE RADIUS proxy misconfiguration after HA cutover

Low

Critical

Test RADIUS failover in lab. Document ISE RADIUS server group configuration for both primary and secondary.

Revert ISE to single-server RADIUS config pointing at primary.

Decision Log

Date	Decision	Rationale	Decided By
2026-03-16	SSL/HTTPS is critical priority before HA	Credentials and PSKs transmitted in clear text over HTTP. No point in HA if the service itself is insecure.	Evan
2026-03-16	PostgreSQL + Patroni for database HA	Patroni provides automatic failover with leader election. Battle-tested in production environments. Simpler than manual replication management.	Evan
2026-03-16	HAProxy for load balancing (not F5 or dedicated LB)	HAProxy is lightweight, can run on VyOS or dedicated VM. No additional licensing cost. Health checks built in.	Evan
2026-03-16	Reference domus home lab for secure configuration baseline	Home lab has TLS-encrypted ODBC, certificate-based Apache config, and validated iPSK Manager deployment. Use as template.	Evan

Date

Decision

Rationale

Decided By

2026-03-16

SSL/HTTPS is critical priority before HA

Credentials and PSKs transmitted in clear text over HTTP. No point in HA if the service itself is insecure.

Evan

2026-03-16

PostgreSQL + Patroni for database HA

Patroni provides automatic failover with leader election. Battle-tested in production environments. Simpler than manual replication management.

Evan

2026-03-16

HAProxy for load balancing (not F5 or dedicated LB)

HAProxy is lightweight, can run on VyOS or dedicated VM. No additional licensing cost. Health checks built in.

Evan

2026-03-16

Reference domus home lab for secure configuration baseline

Home lab has TLS-encrypted ODBC, certificate-based Apache config, and validated iPSK Manager deployment. Use as template.

Evan

Stakeholders

Ben Castillo - Original deployment
InfoSec Engineering - HA implementation
Network Team - VLAN/routing requirements