High Availability (with PostgreSQL database)

(Feature available only in Premium Edition. Procedure applicable only for builds 6800 and later)

 

In mission-critical environments, one of the crucial requirements is to provide un-interrupted access to passwords. PMP provides the 'High Availability' feature just to ensure this.

How does High Availability work?

Example Scenarios

Scenario 1 - Primary & Secondary in different geographical locations and WAN Link failure happens between the locations

 

Assume that the Primary Server is in one geographical location 'A' and Secondary is deployed in another location 'B'. The users in both the locations will be connected to the Primary and will be carrying out password management activities. At any point of time data in both Primary and Secondary will be sync with each other. Assume there happens loss of network connectivity between the two locations. In such a scenario, users in location 'A' will continue to remain connected with the primary and will be doing all operations. Users in location 'B' will be able to get emergency access to the passwords from Secondary. Once the network between the two locations is up again, data in both the locations will be synchronized.

 

Scenario 2 - Primary & Secondary within the same network & Primary goes down

 

In case, the Primary crashes or goes down, the users in location 'A' & 'B' can rely upon the emergency access to the passwords from the Secondary.

How to set up High Availability?

Setting up high availability in PMP consists of the following four simple steps: 

 

Step 1: Primary & Secondary Setup

 

You can use your current PMP installation as primary server and install another instance of PMP as secondary server in a separate workstation. To install PMP as secondary, during installation process, you need to choose the option "Configure this server as High availability secondary server". After installation, the PMP Secondary server should not be started.  

 

Step 2: Create Data Replication Pack for High Availability in Primary

 

  1. Stop Primary and Secondary Servers, if running. Ensure that the postgres process of PMP is NOT running

  2. Open a command prompt and navigate to <PMP_Primary_Installation_Folder>/bin directory

  3. Run the script HASetup.bat <FQDN of PMP Primary Server> <FQDN OF PMP Secondary Server > (Windows) / HASetup.sh <FQDN of PMP Primary Server> <FQDN OF PMP Secondary Server > (Linux)

    To run this script, you need to pass the fully qualified domain names of the host where PMP primary and secondary servers are installed as commandline arguments. For Example, if the primary server is running at (say) primary-server in the domain zohocorpin.com and the secondary server is running at (say) secondary-server in the domain zohocorpin.com , you need to execute the above script as follows:

    In Windows:
    HASetup.bat primary-server.zohocorpin.com secondary-server.zohocorpin.com
    In Linux:
    sh HASetup.sh primary-server.zohocorpin.com secondary-server.zohocorpin.com
     

  4. This will create a replication package named 'HAPack.zip' under <PMP_Primary_Installation_Folder>/replication folder. This zip contains the database package for secondary

  5. Copy the HAPack.zip. This has to be put in the PMP Secondary installation machine as detailed in Step 3 below.

  6. Start PMP primary server

 

Step 3: Put the HA Data Replication Pack in Secondary

 

Put the HAPack.zip file copied from the PRIMARY Installation (as detailed in the previous step) in to the <PMP_Secondary_Installation_Folder> and unzip it. Take care to extract the files under <PMP_Secondary_Installation_Folder> only. It will overwrite the existing data files.

 

Step 4: Specify the Location of Encryption Master Key

 

After extracting HAPack.zip in PMP Secondary Server, navigate to <PMP_Secondary_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pmp_key.key (encryption master key). PMP requires the pmp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

 

The High Availability configuration is ready now. To get it up and running, start PMP Secondary server.  

 

Important Note: By default, PMP comes with self-signed SSL certificate. In case, you have overwritten it with a certificate signed by an internal CA (other than the prominent CAs like Verisign (http://verisign.com), Thawte (http://www.thawte.com), RapidSSL (http://www.rapidssl.com) etc) at the secondary installation, you need to carry out the following additional step to install the root certificate in PMP primary server:

 

 

Now start the PMP Primary server.

Verify High Availability Setup

After carrying out the above steps, you can verify if the High Availability setup is working properly by looking at the message in "Admin General >> High Availability" page of Primary or Secondary server. If the setup is proper, you will see the following:

 

High Availability Status: Alive

 

It indicates that high availability is working fine. In case, if the status turns 'Failed', it indicates failure of the setup.

 

If you have configured TFA

 

 


©2014-12, ZOHO Corp. All Rights Reserved.