High Availability Status
What can I do here?
Use this window to see the High Availability status, and to change the server between primary (active) and secondary (standby).
|
Getting Here - Menu > Management High Availability
|
The High Availability Environment
A Management High Availability environment includes:
- One Active Security Management Server
- One or more Standby Security Management Server
For full redundancy, the active management server at intervals synchronizes its database with the secondary server or servers.
Active vs. Standby
In a standard High Availability configuration there is one Active server at a time. The administrator uses the Active server manage the High Availability configuration. The Active server automatically synchronizes the standby server(s) at regular intervals. You can open a Standby server only in Read Only mode. If the Active server fails, you can initiate a changeover to make a Standby server become the Active server. If communication with the Active server fails, there may be more than one Active server. This is called Collision Mode.
Primary Server vs. Secondary Server
The sequence in which you install management servers defines them as Primary or Secondary. The first management server installed becomes the Primary active server. When you install more Security Management Servers, you define them as Secondary. Secondary servers are Standby servers by default.
Important notes about backing up and restoring in Management High Availability environment:
- To back up and restore a consistent environment, make sure to collect and restore the backups and snapshots from all servers in the High Availability environment at the same time. (This does not apply to Multi-Domain Log Servers.)
- Make sure other administrators do not make changes in SmartConsole until the backup operation is completed.
For more information:
Single and Multi-Domain Management High Availability
For Security Management Server
Configuring a Secondary Server in SmartConsole
In the SmartConsole connected to the Primary server, create a network object to show the Secondary Security Management Server. After you publish, synchronize starts between the primary and secondary servers.
To configure the secondary server in SmartConsole:
- Open SmartConsole.
- In , click.
- On the page, enter a unique name and IP address for the server.
- In the section, select the tab.
- Select .
This automatically selects the , and.
- Create SIC trust between the Secondary Security Management Server and the Primary:
- Click
- Enter the SIC Activation Key of the secondary server.
- Click .
- Click .
- Click .
- Click to save these session changes to the database.
On publish, the initialization and synchronization between the servers start.
- Monitor these tasks in the Task List, in the SmartConsole System Information area. Wait for the Task List to show that a full sync has completed.
- Open the window and make sure there is one active server, and one standby.
Synchronizing Active and Standby Servers
At intervals, the Active server synchronizes with the standby server or servers, and when you publish the session. Sessions that are not published are not synchronized.
Understanding how Synchronization Works
When changes made in private sessions are published on the active server (made public) the changes are copied to the standby servers. During failover, all public and private sessions are copied from the active to the standby before the standby becomes active.
Monitoring High Availability
The window shows the status of each Security Management Server in the High Availability configuration.
To see the server status in your High Availability environment:
- Open SmartConsole and connect to a primary or secondary server.
- On the , click .
The window opens.
For the management server and its peer or peers in the High Availability configuration, the window shows:
- A Warning or Error message – The message shows if there is a problem between the High Availability peers.
- - The server that SmartConsole is connected to. Also, the High Availability mode of the server (Active or Standby), and the synchronization status and actions of the server.
- - The servers that the connected server sees. Also, the High Availability mode of each server (Active or Standby), and the synchronization status and actions of each server.
Monitoring Synchronization Status
Status messages can be general, meaning that they apply to the full system, or they can apply to a specified active or standby server. General messages show in the yellow overview banner.
General Status messages in overview banner
|
Description
|
|
The database of the primary Security Management Server is identical with the database of the secondary.
|
Some servers could not be synchronized
|
A communication issue prevents synchronization, or some other synchronization issue exists.
|
|
The active and standby servers are not communicating.
|
Communication Problem
|
Some services are down or cannot be reached.
|
Collision or HA conflict
|
More than one management server configured as active. Two active servers cannot sync with each other.
|
When connected to a specified active management server:
Status window area:
|
Peer Status
|
Additional Information
|
Connected to:
|
Active
|
SmartConsole is connected to the active management server.
|
Peers
|
Standby
|
The peer is in standby. The message can also show:
- Sync problem, last time sync
- Synchronized successfully. Last sync time: <time>
- No communication
|
|
Not communicating, last sync time
|
|
|
Active
|
A state of collision exists between two servers both defined as active.
|
When connected to a specified standby management server:
Status window area:
|
Peer Status
|
Description
|
Connected to:
|
Standby
|
Also shows: last sync time.
|
Peers
|
Active
|
The peer is in standby. The message can also show:
- No communication, last sync time
- OK., last sync time: <time>
- Sync problem, last sync time (in any direction)
|
|
Standby or Unknown
|
Can also show: no communication.
|
Failover Between Active and Standby
Changeover between the primary (active) and secondary (standby) management server is not automatic. If the Active fails or it is necessary to change the Active to a Standby, you must do this manually. When the management server becomes Standby it becomes Read Only, and gets all changes from the new Active server.
Changing a Server to Active or Standby
The Active server synchronizes with the Standby server or servers at intervals, and when you publish the session. Sessions that are not published are not synchronized.
When the administrator initiates changeover, all public data is synchronized from the new Active to the new Standby server after the Standby becomes Active. Data from the new Active overrides the data on the new Standby. Unpublished changes are not synchronized.
Best Practice - We recommend that you publish changes before initiating a changeover to the Standby.
To Interchange the Active and Standby:
- Open SmartConsole.
- Connect to the Standby server.
- On the Menu button, select .
The window opens.
- Use the buttons to change the Standby server to Active.
This changes the previous Active server to Standby.
High Availability Troubleshooting
These error messages show in the window when synchronization fails:
Not communicating
Solution:
- Check connectivity between the servers.
- Test SIC.
Collision or HA Conflict
More than one management server is configured as active.
Solution:
- From the main SmartConsole menu, select.
The window opens.
- Use the button to set one of the active servers to standby.
Warning - When this server becomes the Standby, all its data is overwritten by the active server.
Sync Error
Solution:
Do a manual sync.
For Multi-Domain Server
Synchronization
In a multi-domain environment, the Multi-Domain Servers work in active-active mode. All Multi-Domain Servers are active and synchronize each other.
The Domains managed by the Multi-Domain Server work in active-standby mode, where the Active Domain Server synchronizes all the standby Domain Servers.
The system automatically synchronizes periodically and when an administrator publishes changes to the configuration.
ICA Database Synchronization
When you create a new secondary Multi-Domain Server, the Internal Certificate Authority (ICA) on the Primary Multi-Domain Server generates a certificate when you establish SIC trust. The ICA can generate a certificate for a new administrator, if required by the authentication method. In a High Availability deployment with more than one Multi-Domain Server, the system synchronizes the ICA databases as necessary.