This is the first in, I imagine, a series of articles regarding VDI processes, lessons learned, tech issues overcome, etc. as it relates to my experience planning, configuring, deploying, and managing a Virtual Desktop Infrastructure roll out.
One issue that had cropped up after the pilot deployment was how fail over of single sign-on (SSO) authentication would work on the 0-client endpoints that use the ProveID Web API calls to the SSO infrastructure (2 Imprivata appliances, single site). On the Windows side, HA was built in to the agent, whereas it downloads the SSO topology from an appliance after agent install. Appliance failovers are seamless and Offline mode is configured to prevent authentication failure even if both appliances go offline. However, all documentation on the ProveID side was sparse from Imprivata and further research did not reveal any answers to these questions:
Q. If the appliance configured in 'OneSignServer=https://<servername or IP> SignOn=yes' is down, will the endpoint go into an offline mode? Will it fail over to another appliance?
A. The answer is no to both. You will not be able to authenticate after the endpoint boots. A visual cue is that the Imprivata logo will be missing from the logon box.
Q. Does the entry for OneSignServer accept multiple servers then? If so, what is the syntax?
A. Yes, you can specify multiple servers.
OneSignServer=https://server1.domain.com,server2.domain.com SignOn=yes
Note: You can use a comma or semi-colon for separation. Do not add the https:// to additional servers.
