Establish the Primary/Backup Failover Relationship Between Two B Series Appliances

Failover Page Configuation

BeyondTrust failover enables automatic synchronization of data between two B Series Appliances, creating a simplified, two-way process. To start automatically synchronizing site data between two B Series Appliances, you must first establish a trusted relationship between them. On the B Series Appliance you intend to be primary, go to /login > Management > Failover.

To configure a valid connection, both B Series Appliances must have identical Inter-Appliance keys. Please see the /login > Management > Security page to verify the key for each B Series Appliance.

Establishing the relationship between the two B Series Appliances occurs on the Failover page of the B Series Appliance intended to be the primary B Series Appliance. The addresses that are entered here will establish the relationship and allow either B Series Appliance to connect to each other at any time. The New Backup Site Connection Details tell the primary B Series Appliance how to connect to the B Series Appliance that will become the backup B Series Appliance. The Reverse Connection Details to this Primary Site are given to the backup B Series Appliance and tell it how to connect back to this primary B Series Appliance. You must use a valid hostname or IP address and TLS port number for these fields. When all of these fields are set, click the Establish Relationship button to attempt to establish the relationship.

Whenever possible, BeyondTrust recommends using the unique IP address of each B Series Appliance when configuring these settings.

Failover Status

Once the relationship has been established, extraneous tabs are removed from the backup site.

If you are on the primary B Series Appliance, you will see Failover page sections indicating Primary Site Instance. If you are on the backup B Series Appliance, you will only see Failover page sections indicating Backup Site Instance. The Backup Settings section refers to settings enabled only when the site instance you are on is the backup site instance.

On the primary B Series Appliance's Failover page, the top of the page displays the address and status of the host/primary site and the peer/backup site, as well as the date and time of the last status check. Select Status History to expand or collapse a table of status events that have occurred.

When you establish a new failover relationship, an initial data synchronization automatically occurs. It takes about 60 seconds for the first data sync to begin.

Failover synchronization syncs all user accounts, all /login configuration settings, files in the file store, logs, and recordings. All of this information which exists on the backup B Series Appliance will be overwritten by that which resides on the primary B Series Appliance.

If the primary B Series Appliance is the primary node in an Atlas cluster, the backup B Series Appliance will automatically become the new backup primary node in this cluster.

Synchronization itself may take anywhere from a few seconds to a few hours, depending on the amount of data that needs to be synchronized. The Failover page will list the last date and time of data synchronization when synchronization is completed.

Backup Site Instance Status

Later, you will set up a schedule for automatic data syncs. However, you may also click the Sync Now button to force synchronization and pull the most current information from the primary B Series Appliance into the memory of the backup B Series Appliance.

To manually switch B Series Appliance roles, click Become Backup from the primary site or Become Primary from the backup site.

If you want to synchronize data from the peer B Series Appliance prior to swapping roles, select the checkbox next to the Become Primary or Become Backup button. If this option is selected, all users on the existing primary B Series Appliance will be disconnected during the data sync, and no other operations will be available until the swap is complete.

On the primary site instance, you also have the option to become the backup even if the peer B Series Appliance cannot be contacted. If this option is unchecked, failover will be canceled if both B Series Appliances cannot be kept in sync in terms of their failover roles (one primary and one backup).

For example, if you know the current backup B Series Appliance is online but cannot be reached by the primary due to a network connection issue, you may wish to check this option to make the primary the backup before the network connection is restored. In this example, you would also need to access the current backup and make it the primary.

If you want to break the relationship so that the primary B Series Appliance is no longer linked to the backup B Series Appliance, click the Break Failover Relationship button. Data will no longer be synchronized between the two, and if the primary B Series Appliance goes offline, the other B Series Appliance will not take over.

This will not remove configuration settings and session data that has already been copied from the primary to the backup.

Backup Site Instance Configuration

From Primary Site Instance Configuration, control the shared IP address the site instance uses in the event of a failover by selecting the checkbox for the failover IP address. If you change the relationship between the sites, the checked IP addresses will disable when a primary site becomes a backup, and will enable when a backup becomes a primary site. You should manually mirror the setting on the peer site, as the setting is not shared. Select Save Changes when finished.

Backup Settings

From Backup Settings, configure how the B Series Appliance should behave when in the backup role. These settings must be configured on both the primary and backup B Series Appliances.

Enable or disable backup operations, such as data-syncs and automatic failovers.

Set how long the primary site must be unreachable before failover occurs.

Set how often data should automatically synchronize, as well as the maximum bandwidth that can be used for data syncs.

Enable or disable automatic failover. If disabled, failover must be performed manually.

In order to use BeyondTrust's built-in automatic failover, your two B Series Appliances must be on the same subnet. If you wish to use automatic failover with B Series Appliances on different networks, you must use the failover API.

You also may enter IP addresses for the backup site to check to determine whether the backup's inability to reach the primary is because the primary is offline or because the backup has lost its network connection.

For more information about failover settings, please see Best Practices for Primary and Backup Environments.

After failover is configured, the primary B Series Appliance will send an email alert if no backup B Series Appliance pulls its data for a given length of time. This allows you to be aware if relationships have been disrupted. To activate this alert email, enter connection parameters for a working SMTP server on the primary B Series Appliance's /login > Management > Email Configuration page. The next synchronization will copy the settings to the backup.

If the backup B Series Appliance determines that the primary B Series Appliance is down, it will send a series of emails to the B Series Appliance administrator notifying them of the failure and counting down the time until automatic failover will occur. The backup B Series Appliance will attempt to reach the primary for the length of time specified by the Primary Site Instance Timeout. If it is unable to reach the primary during this time, then the backup will enable the shared IP and will assume the role of primary if automatic shared IP failover is configured; otherwise, you must configure failover manually. As soon as the switch is made, you can resume normal support activity. All requests to your support site will be served by the backup B Series Appliance.