How many forests should my Security database have?
10 July 2020 08:14 PM


MarkLogic does not recommend having more than one forest for the Security database.

The Security database is typically fairly small and there is no reason to have more than one forest for the Security database. Having more than one Security forest causes additional complexity during failover events, server upgrades, and restarts. A functioning Security database is critical to the stability of a MarkLogic Cluster and it is easier to recover from a host failure if the Security database is configured with only a single forest and a single replica forest. 

In terms of high availability and forest failover, one local disk failover forest should be configured. In terms of database replication, a replica forest in the replica cluster should be configured.

If you have more than one Security forest(s):

We have seen incidents where customers attached more than one Security forest either intentionally or inadvertently (scripting bug or user error) and run into issues while detaching them.

When the database rebalancer is enabled for the database (default setting) and when a new forest is attached, the database will automatically redistribute the content across all attached forests. Problems can then arise when security forests are detached without preserving their content. This is true for any database, but is problematic when dealing with the Security database. 

When a Security database forest is detached without first retiring it (and verifying documents are moved out of it), some Security documents will be removed from the database. This may lead to users being locked out of the cluster or render the cluster unusable.  If this occurs on your MarkLogic cluster, please contact MarkLogic Support to help with the repair.

Best Practice

  • Do not configure more than one forest for any system database, including the Security database.
  • If you have multiple forests in your Security database, and need to come back in line with our one forest recommendation
    • Retire the extra Security database forests;
    • Verify all extra forests are drained of content (zero documents / zero fragments);
    • Detach the extra forests.
  • Once your cluster is in line with our one forest recommendation, disable the rebalancer for the Security database.
  • Configure a single replica forest to achieve high availability.

Further reading

Administering Security in MarkLogic

Database Rebalancing in MarkLogic

Restoring Security Database

Security Database restore leading to lingering Certificate Template id in Config files

(7 vote(s))
Not helpful

Comments (0)