OneLogin protects your data and maintains uptime through a secure, resilient, and highly-redundant data residency infrastructure. The upcoming split of OneLogin's architecture into separate administrative and SSO tiers is an integral part of our high availability model.
How do you provide high availability?
OneLogin maintains data residency in two entirely separate operating shards; one in the US and one in the EU. We provide high availability in each operating shard by using multiple databases and multiple locations with built-in redundancy. In addition, we will shortly be splitting the Single Sign-On (“SSO”) service and Administrative (“Admin”) service into separate tiers.
Figure 1. Admin and SSO tiers.
OneLogin’s Admin service layer resides in primary and secondary physical data centers in both the US and the EU. The Admin service databases at each primary data center replicate in real time to each secondary data center. If a primary physical data center goes offline, traffic can be rerouted to the secondary physical data center.
These databases will also be replicated to read-only databases in the SSO service layer. The SSO service layer provides user authentication, while the Admin service allows full administrative write functionality. If there is an interruption to the Admin service, the SSO service layer will continue to allow users to authenticate into their applications.
The SSO service layer is hosted on Amazon Web Services (AWS), which provides high levels of redundancy, automated failover, and the ability to scale capacity dynamically:
- Any SSO service node can fail over to other SSO service nodes; new nodes are spun up automatically as traffic demands.
- Additional redundancy is provided by multiple availability zones. Each availability zone is isolated physically, but connected by low latency links to enable quick replication and failover.