Sectona is a Privileged Access Management (PAM) solution that enables organizations to manage privileged accounts across a hybrid environment. It increases the visibility of operations with session management regardless of the locations, provides automated discovery of assets and accounts, detects anomalous behavior in the system, investigates threat patterns, and offers a comprehensive approach to privileged password management with its automated password vault. It provides an integrated platform that is highly flexible and scalable which addresses the challenges of a hybrid enterprise.
The feature of High Availability (HA) ensures availability of the application and vault. Sectona uses multiple vault options and the procedure for managing high availability is handled differently at the vault level. The availability of the system depends on the different factors such as the number of components, their configuration settings, and the resources allocated to each component. High availability in the system refers to the number of fail-overs combinations and aims for a 99% uptime with near-zero downtime.
Enterprise Edition provides an option with embedded vault and Enterprise Plus support vault over an external RDBMS ( Microsoft SQL Server 2012 or Higher)
This section covers
Key concepts in context of the system
This section covers some of the key concepts used across the documentation in describing high availability situations and architecture.
Replication is the process of storing data in more than one vault. It is achieved by electronic copying of data from one database to another which is automatically synchronized, resulting in the distributed system.
Replication when using embedded vault option
Sectona uses MySQL embedded version for supporting secured vaulting. Inbuilt replication works on the master-slave configuration supported by Oracle MySQL replication (the primary database is called as master and the other synchronized databases are called slaves). This helps you to access data without any interruption hence promising high availability and ensures that the system is integrated. Replication operates on port no 3307 between instances.
Vault replication when working with Microsoft SQL Server
When configuring your vault instance over a Microsoft SQL Server, refer to building high availability depending upon configuration and licensing of Microsoft SQL Server here. The solution supports clustering and Always-On availability groups for replicating data between instances.
Redundancy & failover
The main aspect of HA is to eliminate Single Point of Failover (SPoF). To achieve this, the system is implemented with redundant servers running multiple instances of services at the same time, this is called redundancy. Similarly, when the fallback server takes over from the primary server in case of failure, it is called failover. If one server fails, the system can then failover to use another server that did not fail. For example, server A is our primary server and server B is the fallback server. In case, server A fails the user traffic will be directed to server B.
Sectona supports 1+1 instances for ensuring the failover of components of Sectona Web Access and vault components.
To achieve optimum utilization of instance resources, it is recommended to configure load balancing between Sectona instances or components. Typically, a load balancer sits between the client and the server farm accepting incoming network and application traffic and distributing that traffic across multiple servers using various methods. By spreading the work evenly, load balancing improves application responsiveness. It also increases the availability of the application for users. For achieving load balancing all instances must have similar versions of the solution running. The solution also has inbuilt software-based load balancing capabilities when enabled and configured. Following load balancing techniques are supported by the solution.
Inbuilt load balancing of Sectona Web Access
System supports inbuilt load balancing defined at the application level between two nodes and does not depend on any external components. This feature is only supported for Sectona Web Access. Refer to the Configuring load balancer section to learn more about this.
Hardware Load Balancing
Hardware load balancing allows to use an external load balancer to manage loads between Sectona Web Refer Configuring load balancer section for learning more about this.
In normal scenarios, there are two possibilities for configuring high-availability in your environment. Both scenarios are illustrated below:
In this configuration, there exists a primary node and a fallback node. At any point only a single node is active. Processing requests and the fallback node is activated only in case of failure of the primary node. This is an easier and recommended configuration for small-to-mid size environments for achieving high availability with minimum configuration, operational requirements, and flexibility of downtime expectation 1-5 mins in case of a failover.
In an active-active configuration, both the nodes will be used for processing requests in parallel. In case one of the nodes fails, then its user traffic and operations load will be shifted towards the other node as well.
Refer Configuring Sectona Web Access for High Availability and Configuring Vault for High Availability for more details
Components of high availability architecture
The following figure displays the architecture of two Sectona nodes deployed in high availability mode.
Monitoring service is an internal process used to monitor, alert, and handle failover situations. The service active and running on each node in high availability is responsible for initiating database on both the nodes, deciding on the primary, or secondary node if there is a failover, and so on. Monitoring service running on the fallback keeps sending heartbeat messages periodically to the port on which the primary application is running to check for the availability of the primary node. When it discovers that the primary application is not responding it makes itself the new master and also makes the fallback vault the new master. When the original primary app comes up again it takes the role of a fallback node and continues to operate in passive mode.
Load Management Service
Load management services checks on the numbers of sessions on each node, resource utilization on each node, and dynamically decides to pass traffic to another node. Service must be in active sync on both instances to achieve this.
When using the embedded vault option without clustering, replication between nodes can be initiated to prevent any data loss. In a high availability setup, all configuration files are synchronized automatically from the primary node to the secondary node at an interval of one minute. Database synchronization happens instantly by physical replication of the database. The database on the secondary node is in read-replica mode.