Deployment Methodology for DR

BeyondTrust Password Safe can be deployed in many different configurations to scale from single site installations to multi-site, geographically dispersed environments. This document focuses on active/active deployment using U-Series Appliances.

In an Active/Active deployment, U-Series Appliances contain all components necessary to deploy the solution including SQL Server database, Scanner, BeyondInsight, and U-Series Appliance management components (backup/HA/U-Series Appliance administration etc).

Microsoft SQL Server 2014 Always On availability groups may consist of a primary replica, and up to 8 secondary replicas in either synchronous-commit or asynchronous-commit mode. Replicas are also supported in both Azure and AWS environments. A typical deployment model, comprising an asynchronous replica in the cloud, provides access to password data in the event that all on-prem components become unavailable.

SQL Server has a single master model, therefore only one replica has write access at any one time; however, replicas may be located in multiple locations for the event of database failover.

A cold spare appliance can be connected to an active/passive cluster, as part of restoring a backup of the primary. However, by default, the restored machine is configured to be in an HA pair.

  • If the DR scenario requires this machine to run independently, turn off HA.
  • If the DR scenario involves restoring a second machine to pair it with, that must be set up again. The restore process does not automatically pair HA.