Use High Availability with U-Series Appliances

High availability (HA) is designed to work in an active / passive configuration. At any time, one of your two servers has the role of the active node, while the other is the passive node. When the passive server detects that the active server has failed, then the passive is promoted to active, and the active is demoted. Setting up high availability for your appliances involves the following steps using the High Availability wizard:

• Configuring pairing between your primary appliance and a secondary remote partner appliance.
• Enabling pairing between partner appliances, which overwrites the database on the secondary partner with the primary partner's database.
• Managing the high availability partnership settings and operations once configured and enabled.

Configure High Availability Using the Wizard

To configure high availability for your appliances using the wizard, follow the below steps:

1. Log in to the U-Series Appliance website on the primary server.
2. From the left menu, under Business Continuity, click High Availability.
3. Select the remote appliance you want to pair your primary appliance with from the grid. If you need to register a new appliance:
   • Click the go to Appliance API Keys link above the grid.
   • Select the Register Remote Appliance tab.
   • Paste in the full encrypted registration code value obtained from the remote appliance and provide a description.
   • Click Register Remote Appliance.
   • The appliance is now listed in the grid for you to select as a pairing partner.+

4. The pairing process begins and the status of each step involved in the process displays on the screen. Click Next once all steps are successful, as indicated by green check marks.

5. On the Partner Configuration Complete screen, click Next to continue with configuring the settings for the pairing. Alternatively, click Reset if you must reverse the pairing and start over.

6. On the Pairing Settings screen, we recommend keeping the default settings. Click Next.

If the primary and secondary appliances both have SQL, click the Override Default Settings option to select pairing the databases and services, or to pair only services. If either appliance is SQL free, you can only pair services.

7. Click Set on the pop-up message to enable the pairing between partners. This overwrites the database on the secondary appliance with the primary appliance's database.

8. The Synchronization and Activation screen displays indicating the status of each step involved in this process. Click Next once all steps are successful, as indicated by green check marks.

9. On the Pairing Complete screen, click Next.

10. You are taken to the High Availability Status page where you can:
    • View the status of the mirroring between the appliance pairs and heartbeat details. Warning banners display at the top of the page for any of the following conditions:
      • SQL mirroring is configured and one database is not in a synchronized state.
      • The last heartbeat that failed is more recent than the last heartbeat that succeeded.
      • A heartbeat on secondary appliance is more than 4 minutes old.
    • Manage basic and advanced settings for the pairing, such as:
      • Changing the failover threshold.
      • Setting max time for contacting a partner on start up.
      • Setting how often the passive appliance emails the administrator when a failover has occurred.
      • Setting how often background settings are synced from the active to the passive partner.
    • Manage the operation of the high availability:
      • Suspend: You might want to pause mirroring if you want to perform maintenance tasks on the database server. Click Suspend to pause mirroring. A failover cannot occur when the database is in a suspended state. Click Resume to start mirroring again.
      • Swap High Availability Roles: Click this button to change the passive server to the active server. This is useful for testing high availability. Click the button again to restore the server partners to their original roles. Note that data loss can occur if databases are not synchronized.
      • Turn off High Availability: Click this button to reset the U-Series Appliances to the initial setup state and remove all high-availability configuration settings established between U-Series Appliances. You might want to do this if you want to set up new high-availability pairs.

Use a Load Balancer in an Active / Passive Configuration

When setting up an active / passive pair, you might want to configure a load balancer that acts as a DNS redirector. Configure the load balancer between two U-Series Appliances so that it can determine which U-Series Appliance is active and which is passive. The load balancer then sends the traffic to the active U-Series Appliance.

You can use the following endpoint API to configure the load balancer. Refer to your load balancer documentation to ensure that it is configured to use the endpoints.

GET https://<ApplianceAddress>/UVMInterface/api/HighAvailability

The code above returns an object with one member:

{
string Role;
}

You can set the formatting of the requested return value in the Content-Type request header.

Content-Type: application/json;charset=UTF-8

The available values for Role are:

• Off: High Availability is not turned on.
• Active: The U-Series Appliance is in active mode.
• Passive: The U-Series Appliance is in passive mode.

Medium Availability Mode for High Availability can no longer be configured as of release 4.1. If this was setup, it will continue to work after upgrading to release 4.1, but new deployments do not have this option.

Prepare for Disaster Recovery

If you are using high availability as a disaster recovery solution, review the following points as a guide to restoring roles:

• Determine if the active server has failed. Confirm the role of the live server (the primary).
• If a failure has occurred on the primary, investigate and resolve issues on the primary.
• After a failover to the disaster recovery server (the secondary), you can restore roles on the active server's website.

Verify Connectivity between Servers

From the High Availability Status page, verify that the communication between U-Series Appliances is active. The Mirror State should show as Synchronized. The Last Heartbeat Transmission Succeeded and the Last Heartbeat Transmission Failed are indicated under Details.

Check the Database Status after a Failover

In all scenarios, we strongly recommend investigating the cause of the failure. We do not recommend resuming database mirroring until issues are resolved.

The following database status indicators might display after a failover:

• DISCONNECTED: Failover was catastrophic, and the server is completely unavailable or unreachable. Turn off high availability and investigate the issues with the failed server. After the failed server is cleared for use, turn on high availability and synchronize the databases.
• EXPOSED: The other server is still available and possibly still healthy, but the failover was serious or lengthy enough to disable high availability. After the failed server is cleared for use, turn on high availability and synchronize the databases.
• SUSPENDED: The interruption was of a minor or transient nature. While it might be possible to restore connectivity without disabling high availability, we recommend that you turn off high availability and investigate the issues with the server. After the failed server is cleared for use, turn on high availability and synchronize the databases. Optionally, contact BeyondTrust Technical Support to see if mirroring can be restored.

Restore Roles after a Failover

After a failure has been identified and resolved on a U-Series Appliance, you can restore the roles to the initial state. Log in to the U-Series Appliance, and then from the left menu, under Business Continuity, click High Availability. Then click Swap High Availability Roles.

Review Database Metrics

On the High Availability Status page, review information about earlier database synchronizations and the size of the current database.

You can then determine from these values how long a synchronization between servers might take.

Also, check the status of the BeyondInsight mirror state to ensure that synchronizations are occurring between the active and passive servers.

Database Mirror States