High Availability (with MS SQL server)

(Feature available only in Premium Edition. Procedure applicable only for builds 6400 and later)

 

In mission-critical environments, one of the crucial requirements is to provide un-interrupted access to passwords. PMP provides the 'High Availability' feature just to ensure this.

How does High Availability work?

High Availability Architecture

 

 

Example Scenarios

Scenario 1 - Primary & Secondary in different geographical locations and WAN Link failure happens between the locations

 

Assume that the Primary Server is in one geographical location 'A' and Secondary is deployed in another location 'B'. The users in both the locations will be connected to the Primary and will be carrying out password management activities. At any point of time data in both Primary and Secondary will be sync with each other. Assume there happens loss of network connectivity between the two locations. In such a scenario, users in location 'A' will continue to remain connected with the primary and will be doing all operations. Users in location 'B' will be able to get emergency read/write access to the passwords from Secondary (except password reset actions). Once the network between the two locations is up again, data in both the locations will be synchronized.

 

Scenario 2 - Primary & Secondary within the same network & Primary goes down

 

In case, the Primary crashes or goes down, the users in location 'A' & 'B' can rely upon the emergency access to the passwords from the Secondary (except password reset actions).
 

What happens to Audit Trails?

 

In the high availability scenarios mentioned above, audit trails will be recorded as usual. In scenario 1, as long as there is network connectivity between the two locations, the audit trails will be printed by the primary. When users connect to the Secondary, it will print operations such as 'password retrieval', 'login' and 'logout'. When the two locations get back network connectivity, the audit data will be synchronized. In scenario 2, when the primary crashes, the 'password retrieval', 'login' and 'logout' done by the users in secondary will be audited. Other audit records will already be in sync at the Standby.

How to set up High Availability?

 

 

Step 1:

Step 2:

 

To import the SSL certificate of slave SQL server into PMP Primary:

 

Step 3:

Step 4:

You need to configure MS SQL server replication between master and slave MS SQL databases.

 

 

Under Master Database details, provide the following details:

 

  1. Master Host Name: The name or the IP address of the machine where MS SQL server is installed.

  2. Port: The port number in which PMP must connect with the SQL server. Default is 1433. Since PMP connects to SQL server only in SSL mode, it is recommended that you create a dedicated database instance running in a specific port for PMP.

  3. User Name and Password: Specify the user name and password with which PMP needs to connect to the database. (You need to specify the username having SQL role as sysadmin. PMP does not store this username and password anywhere. It is just used for carrying out some queries while configuring replication between MS SQL master and slave servers).

    Here, you have the option to use even your Windows login credentials, if you are connecting to the database from Windows. In this case, you need to enter the username as <domain-name>\<username>

  4. Master Database Name: Name of the PMP database.

  5. Master Key: Paste the master key copies in Step 3 above.

 

Under Slave Database details, provide the following details:

 

  1. Slave Host Name: The name or the IP address of the machine where MS SQL server is installed.

  2. Port: The port number in which PMP must connect with the database. Default is 1433.

  3. User Name and Password: Specify the user name and password with which PMP needs to connect to the database. (You need to specify the username having SQL role as sysadmin. PMP does not store this username and password anywhere. It is just used for carrying out some queries while configuring replication between MS SQL master and slave servers).

    Here, you have the option to use even your Windows login credentials, if you are connecting to the database from Windows. In this case, you need to enter the username as <domain-name>\<username>

  4. Slave Database Name: Name of the PMP database. Default is "pmpstandby". (If you have chosen the option 'Custom' for "Encryption Key" while configuring ChangeDB.bat for Primary server, you need to create a new database for slave, create Master Key, create Certificate  and Create the Symmetric Key using AES 256 encryption. You need to mention the slave database name here.)

  5. Click "Test & Configure" to complete replication. This process will take about 30 minutes or more.

Step 5:

Start the primary server

Step 6:

Install another instance of PMP as secondary server in a separate workstation. To install PMP as secondary, during installation process, you need to choose the option "Configure this server as High availability secondary server (Read Only)". After installation, the PMP Secondary server should not be started.  

Step 7:

After installing the PMP secondary server, you need to change it to run with MS SQL by carrying out the following:

 

Execute ChangeDB.bat

 

Now, you need to provide the details about the SQL server to PMP by editing the file <Password Manager Pro Standby Installation Folder>/bin ChangeDB.bat (Windows) or <Password Manager Pro Standby Installation Folder>/bin sh ChangeDB.sh (Linux)

 

Select SQL Server and enter other values

 

  1. Host Name of Slave Database: The name or the IP address of the machine where MS SQL server is installed.

  2. Port: The port number in which PMP must connect with the database. Default is 1433.

  3. Database Name: Name of the Slave database. Here, take care to specify the name of the slave database exactly as done in Step 4 above.

  4. Authentication: The way in which you would like to connect to the SQL server. If you are connecting to the SQL server from Windows, you have the option to make use of the Windows Single Sign On facility provided PMP service is running with a service account, which has the privilege to connect to SQL server. In that case, choose the option "Windows". Otherwise, select the option "SQL". It is recommended to choose the option 'Windows' as the username and password used for authentication are not stored anywhere.

  5. User Name and Password: If you have selected the option "SQL", specify the user name and password with which PMP needs to connect to the database. The username and password entered here will be stored in PMP. So, you need to take care of hardening the host.

    Here, you have the option to use even your Windows login credentials, if you are connecting to the database from Windows. In this case, you need to enter the username as <domain-name>\<username>

  6. Encryption Key: The key with which your data is to be encrypted and stored in the SQL server. You may either leave it "Default" making PMP to generate a key. If you have configured Master database with custom key, you need to choose 'Custom' here also.

  7. If you have selected the option "Custom:" After doing the above, you need to provide certificate name and symmetric key name in the GUI as mentioned in Master database

  8. Click Test and then Save.

Step 8:

To carry PMP license, custom icons and rebranding settings, if any, from Primary to Secondary, go to <PMP_Primary_Installation_Folder>\replication directory and copy SQLServerHAPack.zip. Put the this zip file copied from the PRIMARY Installation to the <PMP_Secondary_Installation_Folder> and unzip it. Take care to extract the files under <PMP_Secondary_Installation_Folder> only. It will overwrite the existing files. This SHOULD NOT be unzipped under <PMP_Secondary_Installation_Folder>/SQLServerHAPack directory.

Step 9:

After extracting SQLServerHAPack.zip in PMP Secondary Server, navigate to <PMP_Secondary_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pmp_key.key (encryption master key). Then, start PMP Secondary Server. PMP requires the pmp_key.key file accessible with its full path when it starts up every time. After a successful start up, it does not need the key anymore and so the device with the key file can be taken offline.

Verify High Availability setup

After carrying out the above steps, you can verify if the High Availability setup is working properly by looking at the message in "Admin >> General >> High Availability" page of Primary or Secondary server. If the setup is proper, you will see the following:

 

High Availability Status: Alive

 

It indicates that high availability is working fine. In case, if the status turns 'Failed', it indicates failure of the setup.

 

 


© 2011, ZOHO Corp. All Rights Reserved.