High-Availability Introduction & Key Concepts

Sectona is a Privileged Access Management (PAM) solution that enables organizations to manage privileged accounts across a hybrid environment. It increases the visibility of operations with session management regardless of location, provides automated discovery of assets and accounts, detects anomalous behavior in the system, investigates threat patterns, and offers a comprehensive approach to privileged password management with its automated password vault. It provides an integrated platform that is highly flexible and scalable, which addresses the challenges of a hybrid enterprise.

The feature of High Availability (HA) ensures the availability of the application and vault. Sectona uses multiple vault options, and the procedure for managing high availability is handled differently at the vault level. The system's availability depends on different factors, such as the number of components, configuration settings, and the resources allocated to each component. High availability in the system refers to the number of fail-overs combinations and aims for a 99% uptime with near-zero downtime.

Enterprise Edition provides an option with an embedded vault and Enterprise Plus support vault over an external RDBMS ( Microsoft SQL Server 2012 or Higher)

This section covers

• Key concepts in the context of the system

• Components of high availability architecture

Key concepts in the context of the system

This section covers key concepts used across the documentation to describe high-availability situations and architecture.

Vault Replication

Replication is the process of storing data in more than one vault. It is achieved by electronically copying data from one database to another, automatically synchronized, resulting in a distributed system.

• Replication when using the embedded vault option
  Sectona uses MySQL embedded version for supporting secured vaulting. Inbuilt replication works on the master-slave configuration supported by Oracle MySQL replication (the primary database is called master, and the other synchronized databases are called slaves). This helps you access data without interruption, promising high availability and ensuring that the system is integrated. Replication operates on port no 3307 between instances.

• Vault replication when working with Microsoft SQL Server
  When configuring your vault instance over a Microsoft SQL Server, refer to building high availability depending upon the configuration and licensing of Microsoft SQL Server here. The solution supports clustering and Always-On availability groups for replicating data between instances.

Redundancy & failover

HA's main aspect is eliminating a Single Point of Failover (SPoF). To achieve this, the system is implemented with redundant servers running multiple instances of services simultaneously, called redundancy.  Similarly, it is called failover when the fallback server takes over from the primary server in case of failure. If one server fails, the system can then failover to use another server that did not fail. For example, server A is our primary server, and server B is the fallback server. In case of server A fails, the user traffic will be directed to server B.

Sectona supports 1+1 instances to ensure the failover of Sectona Web Access and vault components' components.

Load balancing

To achieve optimum utilization of instance resources, it is recommended to configure load balancing between Sectona instances or components. Typically, a load balancer sits between the client and the server farm, accepting incoming network and application traffic and distributing that traffic across multiple servers using various methods. By spreading the work evenly, load balancing improves application responsiveness. It also increases the availability of the application for users. For achieving load balancing, all instances must have similar versions of the solution running. The solution also has inbuilt software-based load balancing capabilities when enabled and configured. The solution supports the following load-balancing techniques.

• Inbuilt load balancing of Sectona Web Access
  The system supports inbuilt load balancing defined at the application level between two nodes and does not depend on external components. This feature is only supported for Sectona Web Access. Refer to the Configuring load balancer section to learn more about this.

• Hardware Load Balancing
  Hardware load balancing allows an external load balancer to manage loads between Sectona Web. Refer Configuring load balancer section to learn more about this.

High-Availability configurations

In normal scenarios, there are two possibilities for configuring high availability in your environment. Both scenarios are illustrated below:

• Active-Passive configuration
  In this configuration, there exists a primary node and a fallback node. At any point, only a single node is active. Processing requests and the fallback node is activated only in case of failure of the primary node. This is an easier and recommended configuration for small-to-mid-size environments for achieving high availability with minimum configuration, operational requirements, and flexibility of downtime expectation of 1-5 mins in case of a failover.

• Active-Active configuration:
  In an active-active configuration, both nodes will be used for processing requests in parallel. If one of the nodes fails, then its user traffic and operations load will be shifted toward another node.

• Refer to Configuring Sectona Web Access for High Availability and Configuring Vault for High Availability for more details

Components of high availability architecture

The following figure displays the architecture of two Sectona nodes deployed in high availability mode.

Monitoring Service

Monitoring service is an internal process to monitor, alert, and handle failover situations. The service active and running on each node in high availability is responsible for initiating the database on both nodes, deciding on the primary or secondary node if there is a failover, and so on. The monitoring service running on the fallback keeps sending heartbeat messages periodically to the port on which the primary application is running to check for the availability of the primary node. When it discovers that the primary application is not responding, it makes itself the new master and also makes the fallback vault the new master. When the original primary app comes up again, it becomes a fallback node and continues to operate in passive mode.

Load Management Service

Load management services check the number of sessions on each node and resource utilization on each node and dynamically decide to pass traffic to another node. Service must be in active sync on both instances to achieve this.

Vault Replication

When using the embedded vault option without clustering, replication between nodes can be initiated to prevent data loss. In a high-availability setup, all configuration files are synchronized automatically from the primary node to the secondary node at an interval of one minute. Database synchronization happens instantly by physical replication of the database. The database on the secondary node is in read-replica mode.