/ news / WHEN_ONE_APPLIANCE_ISN’T_ENOUGH:_LESSONS_IN_HIGH_AVAILABILITY_AND_DISASTER_RECOVERY

When One Appliance Isn’t Enough: Lessons in High Availability and Disaster Recovery

Published on December 12, 2025

Ever tried to juggle while someone kept adding more balls?

That’s what running identity systems without High Availability (HA) and Disaster Recovery (DR) can feel like. You might keep things going - until one ball (or one Virtual Appliance) drops.

In SailPoint, Virtual Appliances (VAs) are the behind-the-scenes heroes handling critical tasks like aggregations, authentications, and provisioning.

But here’s the twist: each source in your environment ties itself to a VA cluster, and every request forms a queue waiting to be picked up.

If your VAs stumble, your business identity processes might stumble too. That’s why HA and DR planning isn’t just a checkbox - it’s your safety net.

Let’s explore three VA deployment strategies - through stories that might feel a little more… human.

1. All VAs Running - The “Everyone’s In the Kitchen” Model

Imagine running a busy restaurant where all chefs, from the main branch and the backup location, are cooking together every night. If one kitchen suddenly loses power, no problem. The chefs at the other location keep the meals coming, uninterrupted.

That’s the All VAs Running strategy.

All VAs (including those in your DR datacenter) are live and sharing the workload. If one datacenter goes dark, the others instantly pick up the slack.

✅ Pros: Seamless failover, full utilization, minimal downtime.

⚠️ Cons: Potential latency if your DR VAs are geographically distant - like shouting orders across cities.

2. Switch Clusters - The “Backup Office” Strategy

Picture this: your company has two offices, one buzzing with daily activity, and another fully equipped but empty, waiting just in case. When disaster strikes the main office, everyone packs up and moves to the backup. Work continues, but there’s a bit of chaos finding desks and logging back into systems.

That’s Switch Clusters.

Your primary cluster handles everything, while the DR cluster waits in standby, powered on but idle.

If disaster hits, you switch to the DR cluster - but you’ll need to reconfigure sources and reenter credentials.

✅ Pros: No latency during normal operations, DR VAs stay up-to-date.

⚠️ Cons: Manual reconfiguration during failover.

3. Standby Reactive Deployment - The “Vacation House” Plan

Think of this like owning a cozy vacation home. You don’t live there, but it’s stocked and ready. When your main house floods, you can move in, after a quick drive and setup.

That’s Standby Reactive Deployment.

Your DR VAs exist but aren’t deployed yet. They can be spun up quickly during a disaster. It’s cost-efficient, but recovery takes a bit longer.

✅ Pros: No added latency; efficient under normal conditions.

⚠️ Cons: Longer turnaround during disasters; depends on VA readiness and testing discipline.

Which VA deployment type do you prefer?

Source : https://documentation.sailpoint.com/saas/help/va/deploy_va.html

Youssef AGHZERE

Our related offers

Identity and Access Center

Learn more

Discover our offers

View all offers

You can also read

All the latest news