DR Primary Sites Scenario 3 – Loss of a Worker U-Series Appliance

DR Primary Sites Scenario 3 - Loss of a Worker U-Series Appliance

U-Series Appliances connect independently to the database and contain the web interfaces and processes that allow end users to interoperate with the solution. Typical use case scenarios are:

  • User: Requesting a new password release or RDP/SSH session
  • Admin: Approving user requests
  • Admin: Monitoring and remote control of user session activity
  • Admin/Auditor: Searching and replaying user sessions

In the event that a U-Series Appliance fails or becomes unavailable for any reason (network outage, etc.), the user may be automatically redirected via load balancer to an alternate U-Series Appliance configured with similar roles. In the example shown above, the Workers are configured with the following roles:

Scanners are given specific jobs to action. If an alternate scanner is configured, the job is resubmitted on next job execution.

Users that are logged in when loss of service occurs are redirected via load balancer to an alternate U-Series Appliance. Depending on SSO authentication technologies implemented, the user may or may not be prompted for a password on failover. Given that the user's browser is connecting to the VIP/listener of the load balancer, the user should be redirected to the same session they were in when the failover event happened.

Any sessions that are in process are halted. When the user is redirected to an alternate proxy, a new RDP/SSH/Application session is established with their target host. If the failover event is catastrophic, and the original U-Series Appliance is unrecoverable, any session video recording files that were in process when the event occurred are lost. To safeguard historical recordings, we recommend you implement an archive server zero-retention strategy as indicated below. Keystrokes (if applicable) are sent to the database directly and are largely not affected.

If a password management queue agent becomes unavailable, an alternate agent continues to service password requests / messages from the central database queue. Queue Agents may be configured such that they service only requests for specific groups of accounts. In this manner, loss of an agent in New Jersey results in the alternate New Jersey agent taking over the request processing.