Configuring Sectona Web Access for High Availability
Clustering and load balancing are critical components for ensuring high availability deployment of Sectona Web Access. The solution includes an inbuilt version of a software-based load balancer with support for an external load balancer.
For added clarity, a load balancer distributes incoming user requests across a cluster to minimize response time and avoid overloading any single node. The load balancer also returns the response from the selected server to the user. The load balancer serves three essential functions:
Distributes traffic efficiently across multiple nodes
Ensures high availability by sending traffic only to nodes that are online (requires health check monitoring)
Enables the ability to add and remove nodes
This guide is intended to help configure and implement clustering and load balancers in conjunction or independently. The system supports both hardware-based and software-based load balancers. Software load balancers should run on dedicated machines. The load balancer should be connected to the application cluster using a high-speed LAN connection for software and hardware solutions to ensure high bandwidth and low latency.
This section covers
Before You Begin
Ensure that the version of the Sectona PAM application installed on both the primary node and the failover node is the same.
The interfaces associated with the IP addresses we use for High Availability configuration in Sectona PAM should have static IP address configuration, not DHCP or PPPoE configuration.
Supported failover techniques for Web Access
This section describes various application failover techniques recommended for enabling the failover of Web Access and application services.
Windows clustering-based high availability
The below steps are required to achieve high availability using Windows Clustering.
Sectona uses the Internet Information Services (IIS) server to host web access components. Sectona supports 1+n node in Windows cluster for failover. Refer to the below procedure for achieving high availability using Windows Clustering
Create a Windows Cluster as per the recommended Microsoft sizing and build guidelines mentioned here.
Ensure the IIS service (World Wide Web Publishing Service) parameter - Start Type is set to 'Manual' on both Primary and Failover nodes.
Install all web access packages as per Install Web Access procedures on the primary node on cluster drive (a common drive between Primary and Failover node)
Now manually move the cluster to the failover node and repeat the installation of the web access package on the failover node. Ensure the installation path is set to the Web Access folder on the same cluster drive, which is now assigned to the failover node. Once the installation procedure is completed, you will have a common Web Access folder for both the Primary and Failover node.
Create a .bat file with the following two commands and save it in the Web Access folder on the cluster drive. The command is to start the IIS on cluster failover.
net stop W3SVC
net Start W3SVC
In cluster > role > configure role > choose 'Generic Script' role.
Give the name to role > location of .bat file > assign a new IP address (available from the network) for the role > Attach Sectona Web Access cluster drive > Finish. (In the event of a failover, the cluster drive is moved from the Primary node to the Failover node, this executes the configured role, and the batch file is executed, which restarts the IIS)
You are required to update the Web Access Node setting to be pointed to the cluster IP. Follow the procedure to update this.
Login to the Sectona PAM portal as an administrator.
Go to System →System Status →App Services and start the service called SystemHighAvailabilityService.
Click on the High Availability option on the left menu and select the Application option.
Click on the+ Add Node button and fill in the required details. Following are the attributes to be filled for adding a node.
Make sure you tick the Active tick box to activate the node.
Click on the Save button to add the node. The added node will appear on the High Availability screen as shown as follows:
Attribute | Recommended setting |
|---|---|
Host Name | Enter the hostname of the HA server |
Port | Enter the port number for the HA server |
System Role | Select the role as 'Primary' from the drop-down |
IP Address | Enter the cluster IP address of the server |
URL | This is normally DNS or server name |
Priority | Select the priority for the drop-down as 1 |
Using internal load balancing
Sectona has inbuilt application load balancing where two web access nodes are configured in Active-Active mode with priority defined. The priority 1 (P1) node will always take the client request and checks the number of sessions running on each node and resource utilization to determine which node will process the request. The node with lesser concurrent sessions and resource utilization than others will always serve the request. In case of a node failure, the online node will become the P1 node and serve all the incoming requests. Sectona supports 1+1 nodes for failover. There are two application nodes in a clustered environment, primary and secondary. Whenever there is a cluster failover, i.e., if the primary cluster node is unavailable, the secondary cluster node becomes the primary cluster node. There can be multiple hostnames, and the user can use the PAM on both machines individually, where both PAM works as Primary P1.
Adding Priority-1 Node
This section helps you add the primary P1 node in your application:
Login to the Sectona PAM portal as an administrator.
Go to System → System Status → App Services and start the service called SystemHighAvailabilityService and also WebAppHighAvailabilityService.
Click on the High Availability option on the left menu and select the Application option.
Click on the +Add Node button and fill in the required details. Following are the attributes to be filled for adding a node.
Make sure you tick the Active tick box. Click on the Save button to add the node. The added node will appear on the High Availability screen as shown as follows:
Attribute | Description |
|---|---|
Host Name | Enter the hostname of the Primary (P1) node. |
Port | Enter the port number for the Primary (P1) node. |
System Role | Select the role as 'Primary' from the drop-down |
IP Address | Enter the IP address of the Primary (P1) node. |
URL | Provide the URL for the Primary (P1) node. |
Priority | Select the priority for the drop-down as 1 |
Adding Priority-2 Node
This section helps you add the primary P2 node in your application:
Login to the Sectona PAM portal as an administrator.
Click on the High Availability option on the left menu and select the Application option.
Click on the +Add Node button and fill in the required details. The following are the attributes to be filled in for adding a node:
Make sure you tick the Active tick box. Click on the Save button to add the node. The added node will appear on the High Availability screen as shown as follows:
Attribute | Description |
|---|---|
Host Name | Enter the hostname of the Primary (P21) node. |
Port | Enter the port number for the Primary (P2) node. |
System Role | Select the role as 'Primary' from the drop-down |
IP Address | Enter the IP address of the Primary (P2) node. |
URL | Provide the URL for the Primary (P2) node. |
Priority | Select the priority for the drop-down as 2 |
External Load Balancing
External load balancing is configured using a hardware or software load balancer with a specialized operating system that distributes web application traffic across a cluster of application servers. The hardware load balancers are implemented on Layer4 (Transport layer) and Layer7 (Application layer). On Layer4, it uses TCP, UDP, and SCTP transport layer protocol details to decide on which server the data is to be sent. On Layer7, it forms an ADN (Application Delivery Network) and passes on requests to the servers as per the type of content. For configuring Sectona Web Access with an external load balancer, it is important to configure Session stickiness, a.k.a. session persistence, a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session. Sectona supports 1+n node in the External load balancer for failover.
You are required to update the Web Access Node setting to be pointed to the load balancer IP. Follow the procedure to update this.
Login to the Sectona PAM portal as an administrator.
Go to System → System Status → App Services and start the service called SystemHighAvailabilityService.
Click on the High Availability option on the left menu and select the Application option.
Click on the + Add Node button and fill in the required details. The following are the attributes to be filled in for adding a node:
Attribute | Description |
|---|---|
Host Name | Enter the hostname of the HA server |
Port | Enter the port number for the HA server |
System Role | Select the role as 'Primary' from the drop-down |
IP Address | Enter the Load balancer IP address of the server |
URL | Provide the URL for the HA server |
Priority | Select the priority for the drop-down as 1 |
Make sure you tick the Active tick box. Click on the Save button to add the node.