High Availability (with PostgreSQL database)

(Feature available only in Premium and Enterprise Editions. Procedure applicable only for builds 6800 and later)

In mission-critical environments, one of the crucial requirements is to provide un-interrupted access to passwords. PMP provides the 'High Availability' feature just to ensure this.

How does High Availability work?

  • There will be redundant PMP server and database instances
  • One instance will be the Primary providing read/write access to the users. All users will be connected with primary only
  • The other instance will act as Secondary/Standby
  • At any point of time data in both Primary and Secondary will be in sync with each other. The data replication happens through a secure, encrypted channel
  • When Primary server goes down, the Secondary will offer emergency access to the users, until the fully-functional primary server is brought back to service. The changes made in the database in the intervening period will be automatically synchronized upon connection restoration

Example Scenarios

Scenario 1 - Primary & Secondary in different geographical locations and WAN Link failure happens between the locations

Assume that the Primary Server is in one geographical location 'A' and Secondary is deployed in another location 'B'. The users in both the locations will be connected to the Primary and will be carrying out password management activities. At any point of time data in both Primary and Secondary will be sync with each other. Assume there happens loss of network connectivity between the two locations. In such a scenario, users in location 'A' will continue to remain connected with the primary and will be doing all operations. Users in location 'B' will be able to get emergency access to the passwords from Secondary. Once the network between the two locations is up again, data in both the locations will be synchronized.

Scenario 2 - Primary & Secondary within the same network & Primary goes down

In case, the Primary crashes or goes down, the users in location 'A' & 'B' can rely upon the emergency access to the passwords from the Secondary.

How to set up High Availability?

Setting up high availability in PMP consists of the following four simple steps:

Step 1: Primary & Secondary Setup

You can use your current PMP installation as primary server and install another instance of PMP as secondary server in a separate workstation. To install PMP as secondary, during installation process, you need to choose the option "Configure this server as High availability secondary server". After installation, the PMP Secondary server should not be started.

Step 2: Create Data Replication Pack for High Availability in Primary

    1. Stop Primary and Secondary Servers, if running. Ensure that the postgres process of PMP is NOT running
    2. Open a command prompt and navigate to <PMP_Primary_Installation_Folder>/bin directory
    3. Run the script HASetup.bat <FQDN of PMP Primary Server> <FQDN OF PMP Secondary Server > (Windows) / HASetup.sh <FQDN of PMP Primary Server> <FQDN OF PMP Secondary Server >

      To run this script, you need to pass the fully qualified domain names of the host where PMP primary and secondary servers are installed as commandline arguments. For Example, if the primary server is running at (say) primary-server in the domain zohocorpin.com and the secondary server is running at (say) secondary-server in the domain zohocorpin.com , you need to execute the above script as follows:

      In Windows: HASetup.bat primary-server.zohocorpin.com secondary-server.zohocorpin.com

      In Linux: sh HASetup.sh primary-server.zohocorpin.com secondary-server.zohocorpin.com

    4. This will create a replication package named 'HAPack.zip' under <PMP_Primary_Installation_Folder>/replication
    5. folder. This zip contains the database package for secondary
    6. Copy the HAPack.zip. This has to be put in the PMP Secondary installation machine as detailed in Step 3 below.
    7. Start PMP primary server

Step 3: Put the HA Data Replication Pack in Secondary

Put the HAPack.zip file copied from the PRIMARY Installation (as detailed in the previous step) in to the <PMP_Secondary_Installation_Folder> and unzip it. Take care to extract the files under <PMP_Secondary_Installation_Folder> only. It will overwrite the existing data files.

Step 4: Specify the Location of Encryption Master Key

After extracting HAPack.zip in PMP Secondary Server, navigate to /conf folder, edit manage_key.conf and specify the location of pmp_key.key (encryption master key). PMP requires the pmp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

The High Availability configuration is ready now. To get it up and running, start PMP Secondary server.

Important Note: By default, PMP comes with self-signed SSL certificate. In case, you have overwritten it with a certificate signed by an internal CA (other than the prominent CAs like Verisign (http://verisign.com), Thawte (http://www.thawte.com), RapidSSL (http://www.rapidssl.com) etc) at the secondary installation, you need to carry out the following additional step to install the root certificate in PMP primary server:

  • Stop Primary Server, if running
  • Open a command prompt and navigate to <PMP_Primary_Installation_Folder>/bin directory
  • Copy the secondary server certificate and paste it under <PMP_Primary_Installation_Folder>/bin directory
  • From <PMP_Primary_Installation_Folder>/bin directory, execute the following command:
  • importCert.bat <name of the server certificate>

  • This adds the certificate to the PMP certificate store.

Now start the PMP Primary server.

Verify High Availability Setup

After carrying out the above steps, you can verify if the High Availability setup is working properly by looking at the message in "Admin General >> High Availability" page of Primary or Secondary server. If the setup is proper, you will see the following:

High Availability Status: Alive

It indicates that high availability is working fine. In case, if the status turns 'Failed', it indicates failure of the setup.

If you have configured TFA

  • Whenever you enable TFA or when you change the TFA type (PhoneFactor or RSA SecurID or One-time password) AND if you have configured high availability, you need to restart the PMP secondary server once.

©2014, ZOHO Corp. All Rights Reserved.