Tyk Identity Broker in multi-node context

Perhaps a stupid question but before we go on a deployment of many nodes of tyk gateway I’d like to know how to configure TIB in a context where we have 2 or more tyk nodes.

Those gateway nodes will be behind a proxy (HAProxy in our case). For high availability consideration I though that we could install 2 TIB services (behind the proxy too). Is it a good idea?

So, in the TIB config :

"TykAPISettings": { "GatewayConfig": { "Endpoint": "http://proxied-gateway-url", //loadbalanced url to my gateways "Port": "8080", "AdminSecret": "54321" }, "DashboardConfig": { "Endpoint": "http://proxied-dashboard-url", //loadbalanced url to my dashboards "Port": "3000", "AdminSecret": "12345" } }

Is it the wright way here to setup the “proxied” urls of gateways and dashboards? I ask myself if its possible to have 2 tyk-dashboard ? What about “DashboardCredential” …etc

Now in the tyk_analytics.conf of tyk dashboard (in case that we have 2 TIB nodes):

"identity_broker": { "enabled": true, "host": { "connection_string": "http://proxied-TIB-url", //loadbalanced url to TIB "secret": "test-secret" } }

Same question above.

Thank you for your advice.

Yup that should be fine, TIB uses redis as a back-end for shared data, so if two TIB instances have the same Profiles.json file, they will tore all the important stuff in Redis so you can run more than one TIB node at a time.

Yes it is, you can load balance dashboards in the same environment with the same license.

This setting is only needed if you are managing TIB profiles with the Dashboard, and might not work that well as the dashboard integration doesn’t support multiple TIB nodes yet - profiles data is stored in memory per node, so if you modify the profile with the dashboard, then the changes will only affect one TIB node.

Hope that helps :slight_smile:

Ok thank you.

So, if I manage my profiles.json files manually (adding new profiles, update or delete), and if I understand, the identity_broker section of the tyk_analytics.conf file is useless?

Thank you.

Yup, that is correct :slight_smile: