Pricing  Get Quote
 
 

Configuring high availability in ADSelfService Plus

ADSelfService Plus utilizes automatic failover to support high availability in case of system and product failures. Essentially, this means that when the ADSelfService Plus service on one machine fails, another instance of ADSelfService Plus running on another machine automatically takes over. This ensures end users get uninterrupted access to the products' features such as self-service password management and single sign-on.

Before configuring high availability in ADSelfService Plus, ensure that the following conditions are satisfied.

Condition 1: ADSelfService Plus must be downloaded and installed in two separate machines.

If you already have ADSelfService Plus, update your installation to the latest build, and ensure that you download and install the latest version of ADSelfService Plus in the second machine as well.

Condition 2: Both the instances should,

  • Run as a service.
  • Have the same build architecture (32-bit or 64-bit) and build number.
  • Be connected to the same domain and network.
  • Have the AD domains configured using a service account with Domain Admin privileges. Note that Domain Admin privileges are only mandatory during the initial setup of high availability. Once high availability has been configured, the service account can be changed to one with lesser privileges based on other features configured.
  • Have uninterrupted sharing of the installation directory folder between the primary and secondary instances.

Condition 3: The virtual IP address must lie in the same IP range as that of the primary and standby servers.

Note: A virtual IP address is an unused static IP address that will be used to access both the primary and secondary instances.

To find an unused static IP address, open command prompt and try to ping any random IP. If it throws a request timed out error, the IP is unused and can be used as the virtual IP address.

Once high availability has been configured, this virtual IP address will be used to access ADSelfService Plus.

Condition 4: High availability can only be implemented if the Failover and Secure Gateway Services add-on has been purchased. Visit our store to purchase the add-on.

Configuration steps

  1. Log into ADSelfService Plus.
  2. Go to Admin → Enterprise Essentials → High Availability.
  3. Select Enable High Availability.
  4. In the Primary Server section, the URL of the ADSelfService Plus server you are currently accessing (i.e., the primary server) will be auto-filled.
  5. In the Standby Server section, enter the URL of the ADSelfService Plus standby server.
  6. In the Credentials section enter the Admin Username and the Password of a super admin user in the ADSelfService Plus standby server.
    Note: Super admins are users who have been given full control over the entire product.
  7. In the Virtual IP section, enter:
    • A single IP with which you can access both the primary and standby servers. When the product is accessed using this IP, the data is routed directly through the server that is active at that particular time.
    • The Virtual Host Name.
    • Note: A virtual host name is the alias given to the virtual IP.
  8. Click Save.

    high-availability-configuration

  9. To enable high availability, you will need to restart the primary server first and then restart the standby server.
    Important: Once high availability is enabled, you must:
    • Update the Access URL with the virtual IP address value from step 6.
    • Add the virtual IP address value in the Admin Login page IP restriction list (if it is enabled) in the Logon Settings.
    • Update the virtual IP address in SAML SSO settings, Password Sync Agent, Windows logon agent (GINA/CP), enrollment script, and mobile app server settings.

 

Request Support

Need further assistance? Fill this form, and we'll contact you rightaway.

Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management