Configuring Vault for High Availability
This section describes options for achieving vault-high availability. The solution supports multiple options of the embedded vault and Microsoft SQL Server-based vaults. This section covers
Before You Begin
Ensure that the version of the Sectona Web Application installed on both the primary node and the failover node is the same.
The interfaces associated with the IP addresses we use for High Availability configuration should have static IP address configuration, not DHCP or PPPoE.
High Availability options for embedded vault
When you configure Sectona vault instances in a high availability pair using embedded vaults, the Sectona Web App monitors the active master vault by sending periodic messages, also called a heartbeat message or health check, to determine if the instance is accepting connections. If a health check fails, the Sectona Web App promotes the slave as a new master on the failover instance. This is defined as failover.
The following ports are used to exchange information related to high availability between vault instances:
TCP port 5389 is used to exchange hello packets for communicating the status for intervals from Sectona Web App to Primary Vault.
TCP port 3307 is used to replicate data sets between two instances.
This section describes how to configure primary and secondary nodes. The primary node is installed when building the primary instances of Sectona Web Access and Vault. Refer to the below information on how to add high availability pair.
Adding a Failover Node
Following the below-mentioned steps to add a failover node in your setup.
Login to the Sectona portal with the administrator role.
Go to System → System Status → App Services and start the service called SystemHighAvailabilityService.
Click on the High Availability option on the left menu and select the Vault option.
Click on the + Add Node button and fill in the required details. The following are the attributes to be filled in for adding a node:
Hostname: Enter the hostname of the HA server
Port: The default port for communication is 5389. Add a custom port if you customized your port settings.
System Role: Select 'Fallback' from the drop-down
IP Address: Enter the IP address of the HA server
Make sure you tick the Active tick box. Click on the Save button to add the node.
After the service first trigger interval is completed, check the Primary and Fallback Vault node status. The Primary Vault node 'Current Role' should be displayed as 'Primary-1', and 'Status' should be displayed as 'Master.' Similarly, the Fallback Vault node 'Current Role' should be 'Fallback-1' and Status should be 'Slave – Waiting for Master to send events.' This status signifies the HA configuration of Vault is successfully done.
To sync the data immediately, click on the Action button of Master/Slave and select the Re-synchronize Master option from the drop-down list.
Making the Node Inactive
To temporarily stop the sync, you can disable the node instead of deleting it. It is essential to stop the replication service, go to System → System Status → App Services and start the service called SystemHighAvailabilityService to break the replication sync and follow the procedure below.
Click on the node which you want to turn inactive.
A pop-up will appear on your screen.
Untick the Active checkbox.
Click on the Update button.
Activating added node
In a situation where you need to enable sync or re-initiating sync with a node, follow the procedure below:
Click on the node which you want to turn on.
A pop-up will appear on your screen as shown as follows:
Tick the Active checkbox.
Click on the Update button.
You will find replicating status once the node is in sync with the primary node.
Deleting the Node
This section guides you on how to delete the fallback node. If you need to re-initiate the sync, you must add the node all over again.
Login to the Sectona PAM portal as an administrator.
Click on the High Availability option in the left side menu and select the Application or Vault option as per your choice.
Click on the 'delete' icon in front of the node you want to delete.
Click Yes to confirm.
Description | Representation |
---|---|
Delete |
Once a node is deleted or decommissioned, you must manually purge the node data.
High Availability options for vault instance of Microsoft SQL Server
Sectona supports the following solutions for high database availability based on Microsoft SQL Server. The databases can automatically failover when the hardware or software of a principal or primary SQL Server fails, which ensures that Sectona Web App continues to work as expected.
Always On Availability Groups
The Always On Availability Groups feature is a high availability and disaster-recovery solution that provides an enterprise-level alternative to database mirroring. Introduced in SQL Server 2012, Always On Availability Groups maximizes the availability of a set of user databases for an enterprise. Always On Availability Groups requires that the SQL Server instances reside on the Windows Server Failover Clustering (WSFC) nodes. For more information, see http://msdn.microsoft.com/en-us/library/hh510230.
SQL Server clustering
The Microsoft SQL clustering technology allows one server to automatically take over the tasks and responsibilities of the failed server. However, setting up this solution is complicated. For more information, see https://msdn.microsoft.com/en-us/library/ms189134.aspx.
Related How-to Articles