iPSK Manager High Availability

1. Overview

High availability configuration for iPSK Manager portal to ensure guest and IoT device self-service registration remains available during maintenance or failures.

1.1. Goals

  • Zero-downtime maintenance capability

  • Automatic failover for portal access

  • Synchronized PSK database between nodes

  • Load-balanced RADIUS proxy for ISE integration

2. Architecture

2.1. Current Deployment

Component Primary Secondary

Hostname

ipsk-manager.inside.domusdigitalis.dev

ipsk-mgr-02.inside.domusdigitalis.dev

IP Address

10.50.1.30

10.50.1.31

Role

Active

Standby

VLAN

100

100

2.2. Target Architecture

User/Device
     │
     ▼
┌─────────────┐
│ pfSense VIP │  ← Virtual IP for HAProxy
│ 10.50.1.32  │
└──────┬──────┘
       │
       ├─────────────────┐
       ▼                 ▼
┌─────────────┐   ┌─────────────┐
│ iPSK-Mgr-01 │   │ iPSK-Mgr-02 │
│ (Primary)   │   │ (Secondary) │
└──────┬──────┘   └──────┬──────┘
       │                 │
       └────────┬────────┘
                │
       ┌────────▼────────┐
       │  PostgreSQL DB  │
       │   (Primary)     │
       │  + Replication  │
       └─────────────────┘

3. Implementation Phases

3.1. Phase 1: Database Replication

  • Configure PostgreSQL streaming replication

  • Set up automatic failover with Patroni

  • Test replication lag and consistency

  • Document recovery procedures

3.2. Phase 2: Application Layer HA

  • Deploy iPSK Manager on secondary node

  • Configure shared session storage (Redis)

  • Synchronize PSK policies between nodes

  • Test application failover

3.3. Phase 3: Load Balancer

  • Configure HAProxy on pfSense

  • Create virtual IP for portal access

  • Set up health checks for backend nodes

  • Test load balancing and failover

3.4. Phase 4: ISE Integration

  • Update ISE RADIUS server configuration

  • Configure failover order for RADIUS proxy

  • Test PSK provisioning during failover

  • Verify guest portal redirect

4. Related Documentation

4.1. Infrastructure

4.2. ISE Integration

  • domus-ise-linux - BYOD/iPSK Policy configuration

  • netapi CLI - ISE network device management (netapi ise ers network-devices)

4.3. Backup and Recovery