Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] : SAP BTP Multi-Region reference architectures for High Availability and Resiliency #12

Open
namratasurendranath opened this issue Sep 26, 2024 · 3 comments
Open

[Question] : SAP BTP Multi-Region reference architectures for High Availability and Resiliency #12

namratasurendranath opened this issue Sep 26, 2024 · 3 comments
Assignees
@mahesh0431

Comments

@namratasurendranath
Copy link

We are trying to implement SAP BTP Multi-Region reference architectures for High Availability and Resiliency.

We have deployed nodeJS application (microservice) to Cloud Foundry in Canada (ca10) region. This application basically provides https REST endpoint. Consumer applications need to authenticate using OAuth 2.0 before they can use this application. We want to avoid any downtime to this application due to planned BTP downtimes (quarterly max 4 hrs) and even any unplanned downtimes. We want to implement multi-region architecture by deploying this nodeJS application in lets say Europe region- cloud foundry subaccount too in addition to canada region. We referred SAP's reference architecture and decided to use AWS Route53 for DNS failover load balancer.

image

However, we dont understand how consumer applications can access authenticate against nodeJS application using OAuth 2.0 since service keys for XSUAA application in both regions (subaccounts) will be different. Consumer applications will have to use 2 different OAuth 2.0 token endpoints. If they have cached token from Canada region, it wont work for Europe region. Also if they cannot fetch token from Canada region (if its down), , they will have to fetch token from Europe region using separate URL. We were recommended IAS, however the problem remains same as IAS is also subaccount specific service and will have planned downtimes. Can this problem be resolved?
@anirban-sap
Copy link
Contributor

@mahesh0431 @maxstreifeneder - could you take a look at this?

@mahesh0431
Copy link
Contributor

@NARAYANAGAYATHRI IAS is multi-region enabled you can check here the documentation: https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/disaster-recovery-high-availability .

@namratasurendranath
Copy link
Author

Hello @mahesh0431 : Is that your recommended reference architecture for enabling BTP multi region? IAS then becomes a mandatory component in this architecture which can synchronize a common set of credentials for the BTP Application/Service. Please clarify.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mahesh0431 mahesh0431

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mahesh0431 @anirban-sap @namratasurendranath