Geographic High-Availability Appliance Failure & Disaster Recovery

One key aspect of the Geographic High-Availability (GEO HA) Appliance is the data center redundancy and failure handling that ensures the highest form of Appliance uptime offered by Auth0.

Standard Configuration

The standard configuration of a GEO HA Appliance is a stretched cluster that consists of the following pieces:

  • one geographically-aware global load balancer/DNS failover configuration;
  • one primary data center with three Appliance instances;
  • one secondary data center with three Appliance instances;
  • one arbiter, a seventh instance that is located in its own data center.

Failure Scenarios and Handling

The following table summarizes what might happen and its possible performance impact in the event that any portion of the standard configuration encounters an error.

Event Outcome Performance Impact
Data unavailable for one or more (but not all) of the primary data center's node(s) Data for one of the remaining nodes becomes the primary None
Service unavailable for one or more (but not all) of the primary data center's node(s) The unavailable nodes are removed from the primary site load balancer and no longer serves requests Reduction in overall handling capacity
Data unavailable for all nodes in the primary data center Arbiter elects one of the secondary site's nodes to become the primary data node Performance degradation due to cross-geography data requests
Service unavailable for all nodes in the primary data center Global load balancer redirects all requests to the secondary data center's nodes (but still serves data from the primary data center) Performance degradation due to cross-geography data requests
Neither data nor service for the primary data center is available Global load balancer redirects all requests to the secondary data center None
Connection failure between global load balancer and primary data center Global load balancer redirects all requests to the secondary data center's nodes (but still serves data from the primary data center) Performance degradation due to cross-geography data requests
Arbiter is unavailable No impact to the end user if both the primary and secondary data centers are still available None