Critical System Protection

 View Only

Understand and configure simple failover with static load balancing in SCSP 

Oct 10, 2012 08:55 AM

Content:

  • About simple failover
  • How simple failover works
  • About the fail back interval
  • Specifying the management server list for an agent
  • Configuration
  • Related articles

About simple failover

Symantec Critical System Protection includes simple failover. Should the primary management server fail, simple failover lets agents automatically switch to the next management server in an ordered list of alternate servers.

Simple failover enables you to deploy a set of front-end Tomcat servers without reconfiguring your IT infrastructure. The ordered list of management server host names or IP addresses is maintained by the Symantec Critical System Protection agent configuration.

Another use for simple failover is static load balancing. With static load balancing, you manually assign a set of agents to each Tomcat server. Each agent can fail to a different Tomcat server if its primary server becomes inaccessible.

How simple failover works

Simple failover works as follows:

■ When the IPS Service starts up, it uses the first server in the ordered list of management servers. The first server in the ordered list is considered the primary management server; the remaining servers are alternate servers. The IPS Service uses server #1 as long as communication with the server is successful.

■ At startup, the IPS Service always uses the first server in the ordered list of management servers, regardless of which server was in use when the IPS Service was shut down.

■ When the ordered list of management servers changes, the IPS Service immediately attempts to connect to the first server in the new list.

■ When communication with a server fails, the IPS Service uses the next server in the ordered list of management servers. When communication with the last server fails, the IPS Service uses the first server in the list. The IPS Service loops through the ordered list of management servers indefinitely.

■ When the IPS Service switches to a new management server, it logs the action.

■ Once the IPS Service fails away from the first server in the ordered list, it periodically checks if server #1 is back, based on the fail back interval.

See “About the fail back interval”.

■ When the fail back interval expires, the IPS Service checks if server #1 is available. If server #1 is available, the IPS Service starts using it immediately. If server #1 is not available, the IPS Service continues to use the current alternate server; the IPS Service does not traverse the entire ordered list of management servers.

 

Simple failover with static load balancing works as described in the following example:

■ Suppose you have two Tomcat servers pointing to a single database, and two agents.

■ You initially configure Agent1 with a management server list of Tomcat1, Tomcat2. You initially configure Agent2 with a management server list of Tomcat2, Tomcat1.

■ After installation completes, Agent1 should be talking to Tomcat1, and Agent2 should be talking to Tomcat2.

■ Take Tomcat1 off the network.

■ Agent1 should fail talking to Tomcat1 and switch to Tomcat2. Now both agents are talking to Tomcat2.

■ Put Tomcat1 back on the network.

■ Wait longer than the fail back interval.

■ Agent1 should fail back to Tomcat1. Agent2 continues to use Tomcat2. Everything is back to the initial state; both agents should be communicating successfully with their original Tomcat servers.

About the fail back interval

Once an agent fails away from the first server in an ordered list, the agent periodically checks if the first server is back. The agent uses a fail back interval to determine when to perform this server check. By default, the agent performs the server check every 60 minutes.

For example, suppose you configured three management servers. The primary server #1 and alternate server #2 have failed; alternate server #3 is working. When the fail back interval expires, the agent checks if server #1 is available. If server #1 is available, the agent immediately starts using server #1. If server #1 is not available, the agent continues to use server #3; it does not recheck the ordered list of servers. The agent resets the fail back interval, so it can perform future server checks.

Specifying the management server list for an agent

To use simple failover for an agent, you must provide the list of primary and alternate management servers using one of the following methods:

■ If you are installing Symantec Critical System Protection for the first time, you can provide the list of primary and alternate management servers during agent installation.

■ If you are upgrading to Symantec Critical System Protection 5.1.1 or higher, you provide the list of primary and alternate management servers using the CSP_Agent_Diagnostics detection policy or the agent config tool.

To use simple failover, you must upgrade the management server, management console, and agent to version 5.1.1 or higher.

See How to upgrade SCSP to a newer release.

The primary and alternate management server host names or IP addresses configured for a single agent must be Tomcat servers that talk to a single Symantec Critical System Protection database. Using multiple databases can result in unexpected agent behavior.

The primary and alternate management servers must use the same server certificate and agent port.

Configuration

Once you have your first SCSP Management Server and database running, you have to install the second SCSP Management Server with Tomcat component only. If the second SCSP Management Server has already been installed, you will most likely have to reinstall it to access the installation option in order to choose Tomcat component only as shown on the below screen shot:

Installing Tomcat component only

This production installation option installs only the Tomcat component. You can use this option to point multiple Tomcat servers to a single management server database on a dedicated system. The Tomcat only option is useful if you want to create a set of identical Tomcat servers for load balancing or failover.

The Tomcat only option requires that you provide the file path to the following files from an installed management server:

server.xml file

server-cert.ssl

These files are located in the default management server installation directory:

C:\Program Files\Symantec\Critical System Protection\Server\server-cert.ssl

C:\Program Files\Symantec\Critical System Protection\Server\tomcat\conf\server.xml

***************************************************************

Note: If the management server database is on a Tomcat system instead of a dedicated system, you must specify the real IP (not localhost) for the initial installation.

It means that you might have to edit the exported server.xml file and change the hostname/IP@ of the database server.

***************************************************************

To install Tomcat component only

1. Insert and display the installation CD, and then double-click server.exe.

2. In the Welcome panel, click Next.

3. In the License Agreement panel, select I accept the terms in the license agreement, and then click Next.

4. In the Installation Type panel, click Production Installation, click Install Tomcat component ONLY.

5. In the Installation Type panel, specify the file paths to server.xml and server-cert.ssl from an installed management server, and then click Next.

6. In the Destination Folder panel, change the folder if necessary, and then click Next.

The directory name must contain printable ASCII characters only. Multibyte, double-byte, hi-ASCII and non-printable ASCII characters are not supported.

7. In the Service User Configuration panel, do one of the following:

Click Use Local System Account, and then click Next.

Click Use an alternate Account, type a user name in the Username box using <domain>\<username> format, type the same password in the Password boxes, and then click Next.

8. In the Ready to Install the Program panel, click Install.

9. When the InstallShield Wizard Completed panel appears, click Finish.

Related articles

How to install SCSP with Microsoft SQL Server 2008 R2 Express Edition

SCSP - Error "Database population FAILED"

How to install SCSP agent on Windows, UNIX and Solaris

How to use the SCSP Agent Configuration Tool

How to upgrade SCSP to a newer release

How to import, create and update default policies in SCSP

Configuring Virtual Agents in SCSP 5.2 RU8

How to install the SCSP SymIDS ISAPI filter on Windows Server 2008 R2

Symantec Critical System Protection 5.2 RU9 Docs

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.