Failover Dynamics and Options with BeyondTrust
BeyondTrust failover enables synchronization of data between two peer appliances, creating a simplified process for secure swap from a failed appliance. Two appliances host the same installed software package for a single public portal site You can check this from the /login admin web interface. If the _Product Version_and_ Product Build_ match, the same site software package is installed. DNS directs support traffic of the site to one of these peer appliances, the primary appliance, where all settings are configured. The backup appliance synchronizes with the primary, according to your settings configured in the appliance /login interface.
This document describes how to use a second Secure Remote Access Appliance as a backup and failover device for a support site and how to switch operations to the backup appliance in a disaster recovery situation. There are three network configuration methods available with BeyondTrust failover for redirecting network traffic so that your support site remains available:
- Shared IP
- DNS Swing
- NAT Swing
Configuration details regarding each of these methods follow in this document, and detailed failover steps are also covered. Your Secure Remote Access Appliances have a peer relationship, so implementing the Shared IP failover configuration with automatic data synchronization enabled is recommended. Both appliances must be on the same IP subnet to support Shared IP failover; therefore, it may be necessary to use DNS or NAT swing failover methods. Failover can be further managed and automated using the BeyondTrust API. The pros and cons of each option are covered in more detail later in the best practices.