Password Manager Pro | Password Management Solution

High Availability

(Feature available only in Premium Edition)

In mission-critical environments, one of the crucial requirements is to provide un-interrupted access to passwords. PMP provides the 'High Availability' feature just to ensure this.

How does High Availability work?

There will be redundant PMP server and database instances
One instance will be the Primary providing read/write access to the users. All users will be connected with primary only
The other instance will act as Secondary
At any point of time data in both Primary and Secondary will be in sync with each other. PMP leverages MySQL's database replication technique for data synchronization. The data replication happens through a secure, encrypted channel
When Primary server goes down, the Secondary will offer 'Read Only' access to the users, until the fully-functional primary server is brought back to service. The changes made in the database in the intervening period will be automatically synchronized upon connection restoration

Example Scenarios

Scenario 1 - Primary & Secondary in different geographical locations and WAN Link failure happens between the locations

Assume that the Primary Server is in one geographical location 'A' and Secondary is deployed in another location 'B'. The users in both the locations will be connected to the Primary and will be carrying out password management activities. At any point of time data in both Primary and Secondary will be sync with each other. Assume there happens loss of network connectivity between the two locations. In such a scenario, users in location 'A' will continue to remain connected with the primary and will be doing all operations. Users in location 'B' will be able to get emergency read-only access to the passwords from Secondary. Once the network between the two locations is up again, data in both the locations will be synchronized.

Scenario 2 - Primary & Secondary within the same network & Primary goes down

In case, the Primary crashes or goes down, the users in location 'A' & 'B' can rely upon the emergency read-only access to the passwords from the Secondary.

What happens to Audit Trails?

In the high availability scenarios mentioned above, audit trails will be recorded as usual. In scenario 1, as long as there is network connectivity between the two locations, the audit trails will be printed by the primary. When users connect to the Secondary, it will print operations such as 'password retrieval', 'login' and 'logout'. When the two locations get back network connectivity, the audit data will be synchronized. In scenario 2, when the primary crashes, the 'password retrieval', 'login' and 'logout' done by the users in secondary will be audited. Other audit records will already be in sync at the Standby.

How to set up High Availability?

Setting up high availability in PMP consists of the following four steps:

1. Installing Primary & Secondary instances (you can use your existing installation as Primary and install another PMP instance as standby in a separate work station)

2. Configurations to be done in Primary Installation

3. Configurations to be done in Secondary Installation

4. Enabling database replication

Carry out the steps on-by-one as detailed below.

Step 1 Primary & Secondary Setup

Before trying High Availability, you should have both Primary and Standby installations of PMP in place. You can either install one instance as 'Primary' or you can use your current PMP installation as primary server. You can install another instance of PMP as secondary server in a separate workstation. To install PMP as secondary, during installation, you need to choose the option "Configure this server as High availability secondary server (Read Only)".

Important Note:

After installation, the PMP Primary & Secondary servers should have been started and stopped at least once
It is recommended to delete all files except passtrix folder, mysql folder, test, PasstrixTemp, and ibdata1, ca-cert.pem, server-cert.pem, server-key.pem files present under <PMP_Home>/mysql/data folder in both Primary and Secondary before commencing the High Availability step.

Take care not to delete

'passtrix' folder,
'mysql' folder,
'test' folder,
'PasstrixTemp'
''ibdata1',
'ca-cert.pem',
'server-cert.pem'
server-key.pem

If you delete them, you will lose all your data.

Step 2 - Configurations to be done in Primary Installation

Prerequisite

Stop PMP Primary server, if already running
Check if PMP Secondary Server is reachable from Primary Server and vice-versa (do a ping)
Go to the PMP Primary folders and carry out the following:

Navigate to <PMP_Installation_Folder>/mysql/data folder. The following file & folders are important:

'passtrix' folder,
'mysql' folder,
'test' folder,
'PasstrixTemp'
''ibdata1',
'ca-cert.pem',
'server-cert.pem'
server-key.pem

KEEP THESE FOLDERS and delete all other files.

Steps

Open a command prompt and navigate to <PMP_Installation_Folder>/bin directory and run the script replicationPack.bat (Windows)/ replicationPack.sh (Linux)
This will create a new directory named 'replication' under <PMP_Installation_Folder> and a replication package named 'Replication.zip' under <PMP_Home>/replication folder. This zip contains the database package for standby
Go to <PMP_Installation_Folder>/mysql/bin directory. You will find a file named HAPrimary.conf, rename that file as HASecondary.conf
Edit the HASecondary.conf and enter the name of the host where the secondary server is running.

master_host=<hostname of Secondary>

For example, 'test_workstation' is the machine where the secondary PMP server is running, you need to enter the information as below:

master_host=test_workstation
Open a command prompt and navigate to <PMP_Installation_Folder>/bin and run the script startDB.bat <MySQL Port> (Windows) / startDB.sh <MySQL Port> (Linux). You need to provide the MySQL port of PMP while executing the above script as shown below. By default, the MySQL port in PMP is 2345.

startDB.bat <MySQL Port> (For Windows)
startDB.sh <MySQL Port> (For Linux)

For example, with the default the MySQL port 2345, you need to execute this as:

startDB.bat 2345 (For Windows)
startDB.sh 2345 (For Linux)

This will start the Primary Database (Default MySQL port is 2345)
Copy the Replication.zip file present under <PMP_Installation_Folder>/replication directory. This has to be put in the PMP Secondary installation machine as detailed in Step 3 below.

Step 3 - Changes in Secondary Installation

Prerequisite

Stop PMP Secondary server, if already running
Check if PMP Primary Server is reachable from Secondary Server and vice-versa (do a ping)
Go to the PMP Secondary folder and carry out the following:

Navigate to <PMP_Installation_Folder>/mysql/data folder. The following file & folders are important:

'passtrix' folder,
'mysql' folder,
'test' folder,
'PasstrixTemp'
''ibdata1',
'ca-cert.pem',
'server-cert.pem'
server-key.pem

KEEP THESE FOLDERS and delete all other files.

Steps

Put the Replication.zip file copied from the PRIMARY Installation (as detailed in the previous step) in to the <PMP_Installation_Folder> of Secondary and unzip it. Take care to extract the files under <PMP_Installation_Folder> only. It will overwrite the existing data files.
Copy the <PMP_Installation_Folder>/mysql/bin/database_params.conf file of secondary installation and put it over <PMP_Installation_Folder>/conf directory of secondary installation
Copy the startDB.bat (in Windows) / startDB.sh (in Linux) file present under <PMP_Installation_Folder>/mysql/bin of secondary installation and put it over <PMP_Installation_Folder>/bin directory of secondary installation
Go to <PMP_Installation_Folder>/bin of secondary installation and execute startDB.bat <MySQL Port> (in Windows) / startDB.sh <MySQL Port> (in Linux) to start Secondary database (Default MySQL port is 2345)

For example, with the default the MySQL port 2345, you need to execute this as:

startDB.bat 2345 (For Windows)
startDB.sh 2345 (For Linux)
This will start the Secondary Database (Default MySQL port is 2345)

Step 4 - Enabling Database Replication � This is to be done in both Primary and Secondary Installations

Run enableReplication.bat (in Windows) / enableReplication.sh (in Linux) present in <PMP_Installation_Folder>/mysql/bin of both Primary and Secondary installations

Step 4 - Start Primary and Secondary

Start Primary and Secondary Servers
High Availability setup is now ready

Verify High Availability setup

After carrying out the above steps, you can verify if the High Availability setup is working properly by looking at the message in "Admin >> General >> High Availability" page of Primary server. If the setup is proper, you will see the following:

Connection Status: Alive and High Availability Live is in progress now

Secondary server is running in host: <Host Name>

Note 1 : In case, the Primary Server crashes, when carrying out disaster recovery, please ensure the following:

Go to the <PMP_Home>/mysql/data of secondary server and copy the files ibdata1, passtrix
Install another instance of PMP afresh (same version as that of the PMP secondary from which you copied the above files)
In the new installation, go to <PMP_Home>/mysql/data and overwrite the ibdata1, passtrix files
Start the new PMP installation

Note 2:

After configuring high availability, if you change the port of the Primary PMP server, the high availability setup will not work. It has to be re-configured with suitable changes.