The S-Series can be configured in a Microsoft (MS) Windows Server Failover Clustering environment to ensure high availability of the application.
The following prerequisites are required:
1. Configured MS Windows Server Cluster with at least 1 additional shared storage;
2. S-Series is installed on each cluster node;
3. The S-Series dat folder, which is where the database file for the S-Series is located, is configured to point to the S-Series database file that is located on the shared storage;
4. S-Series Service should be running on one node. All other nodes where the S-Series is installed the service should be stopped.
High level Architecture
The diagram below describes how the S-Series can be configured in an MS cluster environment to ensure high availability. The S-Series needs to be installed on each node (Node 1 and Node 2 below) with the S-Series database file stored on a shared storage.
This section will describe the steps to be carried out to deploy the S-Series into a MS clustered environment where two nodes are used. It will be expected that the MS clustered environment is already setup and functional. This document does not provide the steps to setup an MS cluster environment.
1. Install the S-Series on each of the nodes;
2. Stop the S-Series service (vSEC:CMS Service) on each node;
3. In the shared storage location create a folder called dat which will be used to store the database for the S-Series;
4. Copy the files of the S-Series dat folder into the dat folder created in step 3 above. It will be necessary to change the permissions on the dat folder of the S-Series in order to access this folder;
5. Once the files are copied into the dat folder on the shared storage, delete the dat folder on each of the S-Series installations on each of the nodes;
6. Configure the S-Series database file on each node to point to the shared storage. In order to point each S-Series dat folder to the shared storage a symbolic link will needs to be configured. For example, if the shared storage resides at the location '\\shared_storage' then run the following command from a command prompt to configure the symbolic link:
C:\>mklink /d "C:\Program Files (x86)\Versasec\vSEC_CMS S-Series\dat" "\\shared_storage\dat"
7. Start the S-Series service on one of the nodes.
8. From the Failover Cluster Manager right click your cluster and select Configure a Service or Application. Follow the wizard instructions and from the Select Service or Application dialog select Generic Service. Select the vSEC:CMS Service and follow the wizard instructions to complete.
9. If you are using the Operator console service then it will be necessary to add this service to the cluster. From the Failover Cluster Manager go to the node that is active and under Service and Applications right click the service that you added in step 8 above and select Add a resource. Select Generic Service and select vSEC:CMS - Operator Console Service. Follow the wizard to complete the setup.
10. If you are using the User Self-Service then it will be necessary to add this service to the cluster. From the Failover Cluster Manager go to the node that is active and under Service and Applications right click the service that you added in step 8 above and select Add a resource. Select Generic Service and select vSEC:CMS - User Self Service. Follow the wizard to complete the setup.
11. This completes the setup.
Important: If the S-Series is already operational and is being moved into a clustered failover setup then it will be necessary to copy the contents of the dat folder of the operational S-Series to the location of dat folder on the shared storage.
Important: The Windows service account that the vSEC:CMS service uses needs to have permissions to read/write to the dat folder on the shared storage.
Failover Cluster and User Self-Service
In setups where user self-service is configured it will be necessary to have an operator configured that will perform administration key operations for user's using the self-service application. These operators can either be in the form of a token or an encrypted key store.
If the operator is in the form of a token then an operator must logon to S-Series to re-activate User Self-Service after the instance has moved from one node to another.
If the operator is in the form of an encrypted key store then the failover mechanism will be performed without any requirement for an operator to log on and re-activate the User Self-Service. Therefore, in this setup the failover will occur seamlessly.
Important: It will be necessary to fully configure the user self-service connection on the S-Series on both nodes.