Magnolia PaaS master

Adyen Connector module
- master
AI Accelerator module
- 2.2-beta
- 2.2
- 1.3
ai12z AI chatbot
- master
Algolia E-commerce connector
- master
Amplience DAM Connector module
- master
API
- master
B-FY Connector module
- master
Backend Live
- master
Backup Extended module
- master
Bitbucket module
- master
Bot Protection module
- master
Campaign manager module
- 4.0
- 3.1
CDN Helper module
- master
CDP integration framework
- master
Celum DAM Connector module
- 3.0
- 2.1
Cloudinary External DAM module
- 2.1
- 1.3
Commenting module
- master
Configuration Injection module
- master
Content Diff module
- 2.0
- 1.0
Content Exporter module
- master
Content Locking module
- 3.0
- 2.0
Content Recommender module
- 3.0
- 2.0
Content Translation Extended module
- 4.1
- 3.5
Content Type models
- master
Content Types module
- 2.0.0
Custom CSS module
- master
Customer Journey Mapping module
- master
DAM JCR Fastly renderer module
- master
Digital Asset Management module
- 4.0
Dotdigital Integration module
- master
DX Core
- 6.3
- 6.2
Dynamic Form module
- 2.0
- 1.2
E-commerce Category Sync
- master
E-commerce module
- 2.0
- 1.3
Eight Eye Workflow module
- master
Elasticsearch provider module
- master
Extended Health Check module
- master
Free trials docs
- master
Freeze module
- master
Frontify DAM connector
- 2.0
- 1.0
Fullstory Integration module
- master
Groovy shell scripts
- master
- 6.2.55
Hi Magnolia
- master
Home
- master
Hooks API module
- master
Hybrid Assets module
- master
Image Focal module
- 3.0
- 2.4
Image placement module
- master
Image Recognition module
- 2.0
Incubator Modules
- master
Insights Accelerator module
- master
Instrumentation module
- master
internal
- master
Javascript Models
- 3.0
- 2.0
JavaScript UI module
- 3.0
- 2.1
Language Availability module
- master
Link Mapper module
- master
Linkmapper Shared Database module
- master
Live Copy module
- 4.0
- 3.2
Magnolia CLI
- 5.x
- 4.x
Magnolia Cloud
- master
Magnolia PaaS
- master
Magnolia Search Index Feeder module
- master
Magnolia Vercel App
- master
Microsoft DAM Connector module
- master
Migration Tool module
- master
Multi Assets Upload module
- master
Multisite module
- 3.0.0
Netlify Integration module
- master
Orchestrate module
- 1.0-SNAPSHOT
Page-editor Apps extension
- 2.0
Performance tuning guide
- master
Periscope Control module
- master
Piano Analytics Connector module
- 2.0
- 1.0
Public User Registration Database module
- master
Publication Task Config
- master
REST module
- 3.0.0
REST Proxy module
- 2.0
- 1.0
RMQ Publication module
- master
Salesforce B2B Commerce connector
- master
Salesforce Commerce Cloud B2B connector API Reference
- master
SearchStax integration module
- master
SEO module
- master
Shop module
- master
Site module
- master
Siteimprove module
- master
Six Eye Workflow module
- master
Slack Integration module
- master
SSO Login Extension module
- master
SSO module
- 4.0
- 3.1
- 2.0
Task Email Notifications module
- master
Tasks cleaner module
- master
Throttling Filter module
- master
Two Factor Authentication module
- 2.0
- 1.0
URI Mapping app
- master
URL Translation Module
- master
Veeva DAM Connector module
- master
Version Cleaner module
- master
VWO AB Testing module
- master
Webhooks module
- 2.0
- 1.0
WeChat Login module
- master
Workflow Extended module
- master

Multicluster environments

With DX Cloud, you can deploy a multicluster environment that boosts Magnolia availability to 99.9% and supports automated disaster recovery. This is achieved through an active/active approach, distributing content across multiple clusters while ensuring resilience and security.

An active/active multicluster setup leverages a central author cluster to manage and distribute content, paired with multiple satellite clusters that serve content to users. Traffic is dynamically routed to the nearest available cluster via a CDN, enhancing performance and availability.

This page focuses on the conceptual aspect of our multicluster environment offering. If you want to dive into the technical details of setup and configuration, see Magnolia: Running Multicluster Environments.

Key features

Standalone resilience: No cluster configuration (e.g., Solr indexes) is automatically synced between clusters, preventing error replication and treating each as an independent entity.
Regional session management: Sticky sessions or session sharing (e.g., via Redisson) is limited to instances within the same cluster, not across clusters (e.g., a session in Frankfurt is not shared with a US-based cluster).
Secure communication: mTLS authentication ensures trusted interactions between the author cluster and satellite clusters, safeguarding content distribution.
High availability: Regional distribution and CDN routing improve performance and uptime, targeting 99.9% availability.

Architecture overview

A multicluster environment consists of:

Author cluster: The central hub that manages content and configuration, pushing updates to all connected clusters.
Satellite clusters: Standalone clusters that serve content to users, operating independently to ensure resilience.

Satellite clusters are reachable from the author cluster. However, the author cluster does not have to be reachable from the satellite clusters, i.e. can be behind a firewall for security reasons.

Content is distributed from the author cluster to satellite clusters, with a CDN (e.g., Fastly) handling routing based on geolocation. This ensures users access the closest available cluster via the nearest CDN Point of Presence (POP).

Security between clusters is maintained through a mutual TLS (mTLS) trust mechanism, where the author cluster authenticates itself to satellite clusters using certificates, ensuring secure communication without compromising cluster independence.

CDN routing

The CDN dynamically distributes traffic, connecting users to the nearest satellite cluster for reduced latency and high availability.

multiRegion activeActive

Content distribution flow

Content flows from the author cluster to all satellite clusters, ensuring consistency across regions while allowing each cluster to operate standalone.

Advantages:

Reduces latency by serving users from the closest available satellite cluster.
Ensures high availability, even if one cluster experiences issues.
Eliminates single-cluster dependencies for content delivery through secure, authenticated distribution.

What is not synchronized across clusters?

In a multiregion setup, certain resources remain isolated per cluster and are not automatically synchronized. This means each cluster operates independently for these elements, ensuring security, stability, and fault isolation. Understanding these limitations helps teams design a resilient, secure, and well-managed multiregion architecture.

Resources that are not synced

The following resources must be managed separately in each cluster.

Resource	Notes
Search indexes (Solr)	Each cluster maintains its own index, meaning searches may return different results if indexes are not manually aligned.
Ingress configurations	Custom domain routes and load balancer settings must be explicitly defined per cluster. This includes network routing rules.
TLS/SSL certificates	Certificates must be provisioned separately per cluster; they do not propagate automatically.
Secrets	Sensitive credentials such as environment variables and API keys remain local to each cluster and must be manually deployed or managed via a secure vault.
Configuration maps (ConfigMaps)	Cluster-specific application configurations do not sync between regions.
Persistent storage	Data storage is local to each cluster, preventing accidental cross-region data corruption. This includes PV/PVCs, databases and Magnolia-home.
Kubernetes workloads	Each cluster has its own independent workloads; there is no automatic cross-cluster replication. This includes Pods, StatefulSets, Deployments, and DaemonSets.
CronJobs (scheduled tasks)	Scheduled jobs run only in the cluster where they are defined.

Resource

Notes

Search indexes (Solr)

Each cluster maintains its own index, meaning searches may return different results if indexes are not manually aligned.

Ingress configurations

Custom domain routes and load balancer settings must be explicitly defined per cluster. This includes network routing rules.

TLS/SSL certificates

Certificates must be provisioned separately per cluster; they do not propagate automatically.

Secrets

Sensitive credentials such as environment variables and API keys remain local to each cluster and must be manually deployed or managed via a secure vault.

Configuration maps (ConfigMaps)

Cluster-specific application configurations do not sync between regions.

Persistent storage

Data storage is local to each cluster, preventing accidental cross-region data corruption. This includes PV/PVCs, databases and Magnolia-home.

Kubernetes workloads

Each cluster has its own independent workloads; there is no automatic cross-cluster replication. This includes Pods, StatefulSets, Deployments, and DaemonSets.

CronJobs (scheduled tasks)

Scheduled jobs run only in the cluster where they are defined.

Why this matters

Keeping these resources isolated per cluster provides several key advantages:

Security: Secrets (API keys, credentials) do not automatically replicate across clusters, reducing risk in case of a security breach.
Stability: Workloads and databases are independent, preventing issues in one cluster from impacting another.
Compliance: Certain regulatory frameworks require strict separation of environments, which this approach enforces.

Feedback

PaaS