High Availability with PostgreSQL Database
(Feature available only in Premium and Enterprise Editions. Procedure applicable only for builds 6800 and later)
How to set up High Availability in Server running with PostgreSQL?
Step 1: Primary & Secondary Setup:
You can use your current Password Manager Pro (PMP) installation as the Primary server and install another instance of PMP in a separate workstation as the Secondary server. During the installation of PMP as Secondary, you need to choose the option "Configure this server as High availability secondary server". After installation, the PMP Secondary server should not be started.
Step 2: Create a Data Replication Pack for High Availability in Primary:
- Stop the Primary and Secondary Servers, if running. Ensure the postgres process of PMP is NOT running.
- Open the command prompt and navigate to the <PMP_Primary_Installation_Folder>/bin directory.
- Run the script HASetup.bat <FQDN of PMP Primary Server> <FQDN OF PMP Secondary Server > (Windows) / HASetup.sh <FQDN of PMP Primary Server> <FQDN OF PMP Secondary Server > (Linux).
To run this script, you need to pass the fully qualified domain names of the host where the PMP Primary and Secondary servers are installed as commandline arguments. For Example, if the Primary server is running at, say, primary-server in the domain zohocorpin.com and the Secondary server is running at, say, secondary-server in the domain zohocorpin.com, you need to execute the above script as follows:
In Windows: HASetup.bat primary-server.zohocorpin.com secondary-server.zohocorpin.com
In Linux: sh HASetup.sh primary-server.zohocorpin.com secondary-server.zohocorpin.com
- This will create a replication package named 'HAPack.zip' under the <PMP_Primary_Installation_Folder>/replication folder and contains the database package for the Secondary.
- Copy the 'HAPack.zip' and place it in the machine where the PMP Secondary installation is running, as detailed in Step 3 below.
- Start the PMP Primary server.
Step 3: Place the HA Data Replication Pack in the Secondary
- Place the 'HAPack.zip' file, copied from the Primary Installation (as detailed in the previous step), in the <PMP_Secondary_Installation_Folder> and unzip it.
- Take care to extract the files under <PMP_Secondary_Installation_Folder> only. It will overwrite the existing data files.
Step 4: Specify the Location of Encryption Master Key
After extracting "HAPack.zip" in the PMP Secondary server, navigate to
Note: PMP requires the pmp_key.key file to be accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.
The High Availability configuration is ready now. To get it up and running, start the PMP Secondary server.
- Stop Primary Server, if running.
- Open a command prompt and navigate to the <PMP_Primary_Installation_Folder>/bin directory.
- Copy the Secondary server certificate and paste it under the <PMP_Primary_Installation_Folder>/bin directory.
- From the <PMP_Primary_Installation_Folder>/bin directory, execute the following command:
importCert.bat <name of the server certificate>
- This adds the certificate to the PMP certificate store.
By default, PMP comes with a self-signed SSL certificate. In case, you have overwritten it with a certificate signed by an internal CA (other than the prominent CAs like Verisign (http://verisign.com), Thawte (http://www.thawte.com), RapidSSL (http://www.rapidssl.com), etc) at the Secondary installation, you need to carry out the following additional steps to install the root certificate in the PMP primary server:
Now start the PMP Primary server.