This section describes options for achieving vault high availability. The solution support multiple options of the embedded vault and Microsoft SQL Server based vaults. This section covers

Before You Begin

  • Make sure that the version of the Sectona Web Application that is installed on both the primary node as well as the failover node is the same.

  • The interfaces associated with the IP addresses that we use for High Availability configuration should have static IP address configuration and not DHCP or PPPoE.

High Availability options for embedded vault

When you configure Sectona vault instances in a high availability pair using embedded vaults, the Sectona Web App monitors the active master vault by sending periodic messages, also called a heartbeat message or health check, to determine if the instance is accepting connections. If a health check fails, the Sectona Web App promotes the slave as a new master on the failover instance. This is defined as failover.

The following ports are used to exchange information related to high availability between vault instance:

  • TCP port 5389 is used to exchange hello packets for communicating the status for intervals from Sectona Web App to Primary Vault.

  • TCP port 3307 is used to replicate data sets between two instances.

This section describes how to configure primary and secondary nodes. The primary node is installed when building the primary instances of Sectona Web Access and Vault. Refer to the below information on how to add high availability pair.

Adding a Failover Node

Following below-mentioned steps to add a failover node in your setup.

  • Login to the Sectona portal with administrator role.

  • Go to System → System Status → App Services and start the service called SystemHighAvailabilityService.

  • Click on the High Availability option on the left side menu and select the Vault option.

  • Click on the + Add Node button and fill the required details. Following are the attributes to be filled for adding a node:

    • Hostname: Enter the hostname of the HA server

    • Port: Default port for communication is 5389. Add custom port if you customized your port settings.

    • System Role: Select 'Fallback' from the drop-down

    • IP Address: Enter the IP address of the HA server

  • Make sure you tick the Active tick box. Click on the Save button to add the node.

After the service first trigger interval is completed, check the status of the Primary and Fallback Vault node. The Primary Vault node 'Current Role' should be displayed as 'Primary-1' and 'Status' should be displayed as 'Master'. Similarly, the Fallback Vault node 'Current Role' should be 'FallBack-1' and Status should be 'Slave – Waiting for Master to send events'. This status signifies the HA configuration of Vault is successfully done.

To sync the data immediately, click on the Action button of Master/Slave and select the Re-synchronize Master option from the drop-down list.

Making the Node Inactive

In a situation to temporarily stop the sync you can disable the node instead of deleting. It is important to stop the replication service, therefore, go to System → System Status → App Services and start the service called SystemHighAvailabilityService to break replication sync and then follow the procedure below.

  • Click on the node which you want to turn inactive.

  • A pop-up will appear on your screen as shown as follows:

  • Untick the Active check-box. 

  • Click on the Update button.

Activating added node

In a situation when you to enable sync or re-initiating sync with a node, follow the procedure below:

  • Click on the node which you want to turn on.

  • A pop-up will appear on your screen as shown as follows:

  • Tick the Active check-box. 

  • Click on the Update button.

You will find replicating status once the node is in sync with the primary node.

Deleting the Node

This section guides you about how to delete the fallback node. In case you need to re-initiate the sync, you have to add the node all over again.

  • Login to the Sectona PAM portal as an administrator.

  • Click on the High Availability option in the left side menu and select the Application or Vault option as per your choice.

  • Click on the  icon placed in front of the node you want to delete.

  • Click Yes to confirm.

Once a node is deleted or decommissioned , you must manually purge the node data.

High Availability options for vault instance of Microsoft SQL Server

Sectona supports the following solutions for database high availability based on Microsoft SQL Server. The databases can automatically failover when the hardware or software of a principal or primary SQL Server fails, which ensures that Sectona Web App continues to work as expected.

  • Always On Availability Groups

    The Always On Availability Groups feature is a high availability and disaster-recovery solution that provides an enterprise-level alternative to database mirroring. Introduced in SQL Server 2012, Always On Availability Groups maximizes the availability of a set of user databases for an enterprise. Always On Availability Groups requires that the SQL Server instances reside on the Windows Server Failover Clustering (WSFC) nodes. For more information, see http://msdn.microsoft.com/en-us/library/hh510230.

  • SQL Server clustering

    The Microsoft SQL clustering technology allows one server to automatically take over the tasks and responsibilities of the server that has failed. However, setting up this solution is complicated. For more information, see https://msdn.microsoft.com/en-us/library/ms189134.aspx.