DR Active/Active Primary Sites Deployment
The DR Scenario Environment
In this example, the active/active scenario has three primary sites:
- Amsterdam
- New Jersey
- Singapore
Example DR Component Layout
In this example, U-Series Appliances in each of the three primary datacenters Amsterdam, New Jersey, and Singapore, are connected to a MS SQL Always On Availability Group.
Each U-Series Appliance can initially assume any mix of roles and may be reconfigured at any time after deploying into production.
This example contains U-Series Appliances that have been configured for the following roles:
U-Series Appliance - Admin Node | U-Series Appliance - A&R Node | U-Series Appliance - Worker Node |
Admin Management | Analytics | Discovery Scanner |
Admin Console | A&R Db | Password Portal |
Password Portal | SSIS | Session Recording |
Discovery Scanner | SSAS | Password Management |
Session Recording | SSRS | |
Password Management |
You can see that many more U-Series Appliances can be added, each with varying roles: Scanners, Event Servers, Password Portals, Session Managers, and Password Management. Behind load balancers, U-Series Appliances can be added for redundancy and scalability. For example, session managers configured to send recordings to archive servers can be brought down with no loss of data or functionality. As many U-Series Appliances may be added as required and pointed at the availability group.
Only one admin (manager) service is supported at any one time but this may be configured to failover to a secondary U-Series Appliance.
Microsoft SQL Always On Availability Groups may consist of a primary replica, and up to 8 secondary replicas in either synchronous-commit or asynchronous-commit mode. Replicas are supported in both Azure and AWS environments; a typical deployment model comprising an asynchronous replica in the cloud provides access to password data in the event that all on-prem components become unavailable.
In this example, an additional async commit replica has been added in a cloud environment (AWS or Azure) to provide DR capability. BeyondTrust has an AMI U-Series Appliance available (https://aws.amazon.com/marketplace/seller-profile?id=edb65982-bb22-445e-854b-c1156a5026d9), and an Azure U-Series Appliance.