High Availability with PostgreSQL Database
Setting up High Availability in the Server Running with PostgreSQL
The process of setting up High Availability in the Server running with PostgreSQL consists of four simple steps:
Step 1: Primary & Secondary Setup
You can use your current PAM360 installation as the Primary server and install another instance of PAM360 in a separate workstation as the Secondary server. During the installation of PAM360 as Secondary, you need to choose the option Configure this server as High availability secondary server. After installation, the PAM360 Secondary server should not be started.
Step 2: Create a Data Replication Pack for High Availability in Primary
- Stop the Primary and Secondary Servers, if running. Ensure the postgres process of PAM360 is NOT running.
- Open the command prompt and navigate to the <PAM360_Primary_Installation_Folder>/bin directory.
- Run the script HASetup.bat <FQDN of PAM360 Primary Server> <FQDN OF PAM360 Secondary Server > (Windows) / HASetup.sh <FQDN of PAM360 Primary Server> <FQDN OF PAM360 Secondary Server > (Linux).
To run this script, you need to pass the fully qualified domain names of the host where the PAM360 Primary and Secondary servers are installed as commandline arguments. For Example, if the Primary server is running at, say, primary-server in the domain zohocorpin.com and the Secondary server is running at, say, secondary-server in the domain zohocorpin.com, you need to execute the above script as follows:
In Windows: HASetup.bat primary-server.zohocorpin.com secondary-server.zohocorpin.com
In Linux: sh HASetup.sh primary-server.zohocorpin.com secondary-server.zohocorpin.com
- This will create a replication package named HAPack.zip under the <PAM360_Primary_Installation_Folder>/replication folder and contains the database package for the Secondary.
- Copy the HAPack.zip and place it in the machine where the PAM360 Secondary installation is running, as detailed in Step 3 below.
- Start the PAM360 Primary server.
Step 3: Place the HA Data Replication Pack in the Secondary
- Place the HAPack.zip file, copied from the Primary Installation (as detailed in the previous step), in the <PAM360_Secondary_Installation_Folder> and unzip it.
- Take care to extract the files under <PAM360_Secondary_Installation_Folder> only. It will overwrite the existing data files.
Step 4: Specify the Location of Encryption Master Key
After extracting HAPack.zip in the PAM360 Secondary server, navigate to
Note: PAM360 requires the pam360_key.key file to be accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.
The High Availability configuration is ready now. To get it up and running, start the PAM360 Secondary server.
By default, PAM360 comes with a self-signed SSL certificate. In case, you have overwritten it with a certificate signed by an internal CA (other than the prominent CAs like Verisign, Thawte, RapidSSL, etc) at the Secondary installation, you need to carry out the following additional steps to install the root certificate in the PAM360 primary server:
- Stop Primary Server, if running.
- Open a command prompt and navigate to the <PAM360_Primary_Installation_Folder>/bin directory.
- Copy the Secondary server certificate and paste it under the <PAM360_Primary_Installation_Folder>/bin directory.
- From the <PAM360_Primary_Installation_Folder>/bin directory, execute the following command:
importCert.bat <name of the server certificate>
- This adds the certificate to the PAM360 certificate store.
Now start the PAM360 Primary server.