♾️ High-Availability Architecture

Below is a High-Availability Architecture guide for the Lumos Agent. This information, along with the attached diagram, illustrates how the Lumos Agent can be deployed across multiple data centers or availability zones for maximum redundancy. Because the Agent is stateless, Lumos Cloud handles automatic failover and load-balancing behind the scenes.

Overview

• ☁️ Stateless Agent: The Lumos Agent does not store persistent data locally. All critical state is managed by the Lumos Cloud service. This design means you can run multiple copies of the Agent in different locations without worrying about data replication or conflicts.
• 🔄 Managed Failover: Lumos Cloud monitors the health of each Agent instance. If one instance fails or becomes unreachable, the Cloud service routes traffic automatically to healthy instances.
• ⚖️ Load-Balancing: Requests from Lumos Cloud are distributed across the active Agents, balancing workload and optimizing performance. You do not need to set up a separate load-balancer for the Agents in most scenarios; the Lumos Cloud handles this automatically.

Architecture Components

1. 🌩️ Lumos Cloud

   • Receives user and system requests, then routes them to available Agents.
   • Uses HTTPS (port 443) to communicate with each on-premise or container-based Agent.
   • Handles global failover if an Agent becomes unavailable.

2. 🌍 Multiple Agents in Multiple AZs or Data Centers

   • Each Agent is identical and stateless.
   • Commonly deployed in separate Availability Zones (AZs) or data centers for redundancy.
   • Network connectivity must allow outbound egress from each Agent instance to integration-proxy.lumos.com on port 443.

3. 🏠 On-Premise Resources (Trusted Zone)

   • Examples: Active Directory, databases, “legacy” apps, etc.
   • Each Agent can connect to these internal resources over the appropriate ports (e.g., 636 for LDAP over TLS, custom ports for proprietary databases, etc.).
   • You can optionally place a load-balancer or firewall rules in front of these on-premise resources as part of your security architecture.

4. 🔀 Connectivity & Traffic Flows

   • Outbound from Agent to Lumos Cloud (port 443).
   • Inbound from Agent to internal systems can use standard or custom ports (LDAP, SQL, etc.).

   ---

   Lumos Agent High-Availability Architecture

   

Deployment Steps for High-Availability

1. Plan Your Zones

   • Identify at least two (preferably more) data centers or cloud availability zones to host Agents.
   • Ensure each zone has outbound internet access to https://integration-proxy.lumos.com.

2. Install Multiple Agents

   • Install the Lumos Agent on each node (Windows or Docker).
   • Use the same Lumos On-Prem Agent Token across all instances.
   • Confirm connectivity by checking each Agent’s status in the Lumos dashboard (under Integrations → Agents).

3. Configure Network Security

   • Whitelist port 443 outbound in each AZ to https://integration-proxy.lumos.com.
   • For internal services (like Active Directory on port 636), ensure your internal network or load balancers allow connections from each Agent.

4. Validate High Availability

   • Temporarily stop or deactivate one Agent instance to verify that requests automatically fail over to a remaining instance.
   • Observe that the Agent status in the Integrations → Agents tab reflects any offline agents and that other agents remain connected.

Best Practices

1. Deploy at Least Two Agents

   • Run one in each of at least two different locations (AZs, data centers, or both) to reduce single points of failure.

2. Monitor Agent Health

   • Use the Lumos dashboard to monitor which Agents are connected and healthy.
   • Enable local system monitoring (e.g., Windows Event Viewer, Docker health checks) to quickly identify issues.

3. Keep Your Agents Up to Date

   • Periodically check for newer Agent versions.
   • If Docker-based, you can pull the latest image.
   • If Windows-based, you can download the new ZIP and update the service.

4. Network Resilience

   • Make sure each zone has redundant internet connections if possible.
   • Confirm your firewall or proxy settings won’t block or throttle the Agents.

Frequently Asked Questions (FAQ)

1. Do I need a separate load-balancer for the Lumos Agents?

   • No. The Lumos Cloud service manages load-balancing and failover automatically. You only need to ensure each Agent can reach the internet.

2. What happens if my Agents are behind a corporate proxy?

   • As long as each Agent can make outbound HTTPS calls on port 443 to integration-proxy.lumos.com, it should work. You may need to configure system-wide proxy settings (especially on Windows) or environment variables (in Docker) to ensure successful outbound connections.

3. Is there any persistent storage the Lumos Agent requires?

   • No, the Agent is fully stateless. Logs are written locally for troubleshooting, but they do not contain critical state for operation.

4. How do I verify if failover works?

   • Stop an Agent service (or container) in one AZ and watch the Lumos Integrations → Agents tab. The offline Agent will be marked, and new requests will route to healthy Agents.

Conclusion

By deploying the Lumos Agent in multiple data centers or availability zones, you gain automatic redundancy, failover, and load-balancing with minimal configuration. The stateless design allows you to easily scale your deployment as your organization’s needs grow, ensuring a highly available architecture for all on-premise integrations.