Configuring Disaster Recovery Setup
A disaster recovery strategy is a key part of any business continuity plan. It covers the processes that should be followed in the event of a disaster to ensure that the business can recover and keep operating. It is a strategy to resume operations in an alternate data center (usually in a geographic location) if the main data center becomes unavailable. Failover (to another location) is a fundamental part of disaster recovery.
Sectona supports 1+1 node manual failover for DR. Sectona Web Access and embedded vault can be configured with a standby DR instance. Sectona Embedded Vault DR node once configured is in near real-time sync with Primary Vault node.
This guide is intended to provide help with configuring and implementing the system as a standalone DR instance for embedded vault. Please contact Sectona Support or Professional Services team to design your DR strategy and options for the DR setup.
Another option for Sectona DR instance is the External Vault node using MS SQL Server. For more details on MS SQL Server Disaster Recovery options and configurations refer here.
This section covers
Before You Begin
Make sure that the same version of the Sectona PAM application is installed on both the primary node and DR node.
The Primary and DR node for Web Access and Vault should have identical resources. Session log storage to be provisioned at a minimum of up to 20% of Primary node to suffice the requirement if the operations are run using DR site PAM for a month.
The interfaces associated with the IP addresses that we use for DR configuration in Sectona PAM should have static IP address configuration and not DHCP or PPPoE.
Adding Application DR Node
This section helps you to add a DR node in your application:
Login to the Sectona PAM portal as an administrator.
Under System→ Click on System Status → App Services and start the service called SystemHighAvailabilityService.
Click on the High Availability option in the left side menu and select the Application.
Click on the + Add Node button and fill the required details.
A few minutes after the service’s first trigger interval is completed check the status of the Primary and DR Application node in Sectona. The Primary Application node 'Current Role' should be 'Primary-1' and DR Application Node 'Current Role' should be 'DR-1'. This status signifies that the DR configuration of the Application node is successfully done. Following are the attributes to be filled for adding a node:
Attribute | Description |
|---|---|
Host Name | Enter the hostname of the DR application node |
Port | Enter the port number for the DR application node |
System Role | Select DR |
IP Address | Enter the IP address of DR Application node |
URL | Provide the URL for the DR Application node |
Priority | Select the priority from the dropdown |
Adding Embedded Vault DR Node
This section helps you to add a remote node in your vault:
Login to the Sectona as an administrator.
Under System→ System Status → App Services and start the service called SystemHighAvailabilityService.
Click on the High Availability option in the left side menu and select the Vault
Click on the + Add Node button and fill the required details.
A few minutes after the service’s first trigger interval is completed check the status of the Primary and DR Vault node in Sectona. The Primary Vault node 'Current Role' should be 'Primary-1' and status should be 'Master'. Similarly, the DR Vault node 'Current Role should be 'DR-1' and status should be Slave – Waiting for Master to send events'. This status signifies that the DR configuration of the Vault node is successfully done. Following are the attributes to be filled for adding a node:
Attribute | Description |
|---|---|
Host Name | Enter the hostname of the DR vault node |
Port | Enter the port number for DR node |
System Role | Select DR |
IP Address | Enter the IP address of the DR node |
Handling a Failover to DR
If Sectona Primary instance fails, then the DR instance is required to be manually promoted as Primary for allowing access to end-users through DR instance. For enabling access end-user through DR instance follow the below steps with Sectona 'admin' login:
Login to Sectona DR node URL (For E.g. https://www.pam-dr.com/login?LoginFlag=ByPassAppNodeCheck). This URL syntax is required to have direct login to DR node using standard DR Sectona Web Access. URL is restricted as its status is configured as DR in Sectona.
The above URL with additional postfix parameters allows to browse DR node URL.
Login with admin ID, Go to System > High Availability > Application Node > click on the 'Switch Over Primary' button to promote DR node as Primary node.
Now Login to DR node using standard URL (For E.g. https://www.pam-dr.com). It will now allow to browse and log in.