Methods to Configure Failover Between BeyondTrust Appliances
BeyondTrust customer clients and representative consoles are built to attempt connection to the BeyondTrust Appliance at a specific address. In order to stop the clients from connecting to the normal primary BeyondTrust Appliance and instead connect to the backup BeyondTrust Appliance, a network change must be made in order to reroute the traffic to its new destination. There are currently three methods supported to achieve this goal, each with advantages and disadvantages.
|Shared IP||In this configuration, the hostname of the support site and IP address that is used to represent it remain constant. Both BeyondTrust Appliances share that IP in the /appliance interface, but only the BeyondTrust Appliance that is acting as primary has that IP enabled. The backup BeyondTrust Appliance will not use that IP unless it becomes primary.||No network equipment configuration change. Links and processes referencing your support site domain or IP address will be adjusted properly based on roles and will be served by the backup BeyondTrust Appliance. Once the backup appliance is redefined as the primary and the shared IP is enabled, the backup appliance will take the place of the primary. Does not suffer from the propagation time lag as a DNS entry change would.||Potential for IP conflict if the shared IP is enabled on both BeyondTrust Appliances. If both appliances are online and conflicted, go back to /login > Management > Failover and reconfigure the settings so that the roles are accurately set.|
|DNS Swing||Change the DNS entry for your support site from the IP address for the primary BeyondTrust Appliance to the IP address of the backup BeyondTrust Appliance. Since DNS changes must propagate through your network, this change might require some time.||Links and processes referencing your support site domain do not need to be changed and will be served by the backup BeyondTrust Appliance. Can be used in sites that are on different subnets.||Requires a change to networking equipment configuration that coordinates with changes to the failover roles in the /login interface. The DNS entry change will take some time to propagate depending on the DNS record time to live. Until the new DNS entry is propagated, users and representatives may not be able to reach the site.|
|NAT Swing||Change the routing of requests for the support site at the NAT device from the primary BeyondTrust Appliance to the backup BeyondTrust Appliance.||Links and processes referencing your support site domain or IP address do not need to be changed and will be served by the backup BeyondTrust Appliance. Does not suffer from the propagation time as a DNS entry change would. Can be used in sites that are on different subnets.||Requires a change to networking equipment configuration that coordinates with changes to the failover roles in the /login interface.|
When the primary BeyondTrust Appliance in a failover cluster fails and the backup appliance takes the primary role, any connection agents for the primary appliance dynamically connect with the new primary; regardless of the failover method. No restart of the client or its host is needed; however, it is important that DNS, network, and firewall systems allow traffic from the connection agent(s) to the backup appliance in addition to the primary. These agents use the HTTPS protocol over TCP 443 to make their connections.
To configure a valid connection, both appliances must have identical Inter-Appliance keys. Go to /login > Management > Security to verify the key for each appliance.