High availability overview
High Availability (HA) can be set up in a variety of ways. A basic Core HA setup contains a minimum of a Primary Core server (also referred to as original, main, or active) running in an Active state. This server is paired with a Secondary Core server (also referred to as standby, passive, or inactive) that is in a Standby state. The Secondary checks the state of its paired Primary through a process called "heartbeat" (configured during HA Standby setup).
The Secondary server periodically synchronizes with its paired Primary server, ensuring it has the latest changes as the Primary. The synchronization process frequency is configurable and automated. When the synchronization process detects any changes in the Primary, the Secondary replicates the changes. When it detects that the Primary is unresponsive, it initiates a failover process. Depending on how the system was configured for failover, the Secondary could continue to operate in a standby state, but most often it is configured to swap roles with the Primary server so that the Secondary server is in an active state while the Primary server is inactive.
HA scenario terminology
Terminology is important when discussing HA because while the server names are static (Primary/Secondary), the states can swap (Active/Standby).
The following tables describes the modes and states for Core servers in an HA environment.
HA Scenario |
Mode |
State |
Primary server is up. |
Primary |
Active |
Secondary |
Standby |
|
Primary server is down. |
Primary |
Not Available |
Secondary |
Automatically promoted to Active and starts responding to requests. |
|
Primary is up again. The administrator must manually sync Primary from Secondary |
Primary |
Swaps roles with the Secondary and returns to an Active state. |
Secondary |
Returns to Standby state. |
HA best practice recommendations
We recommend the following best practices for successfully setting up HA.
-
The Primary and Secondary Core servers must have:
- the same network access
- identical resources (CPU, RAM, Ivanti software, and so on)
-
The replication process should not be set more frequently than 60 minutes.
-
Both Core servers need to have the exact same clock time.
-
Never power down either server while HA is syncing.
-
HA Status/Modes should be periodically monitored to ensure it matches expected configuration.
-
When setting up the Secondary server, it is recommended to keep the default settings under the Fail Over Controls section.
-
Configure all notifications under Notification Settings on the Secondary server. For example, email notification, sync completion and failure notification.
-
Periodically review the Sync History log (located on the Secondary server under Last Sync Status) and look for sync failures. Any and all sync failures should be promptly addressed for proper HA operations.
-
Periodically review the Sync History log (located in the Secondary server under Last Sync Status) and look for sync completion times. Use these completion times to review existing Run Every XXX Minutes interval to ensure syncs are not overlapping and there is adequate idle time between syncs.
-
Ensure that any time you change any setting in the HA configuration window on the Secondary, the StartTime setting is reviewed to ensure it matches desired StartTime in relation to when it was saved. For example, if the StartTime is set for 1:00 pm and you make a change to any additional settings at 2:00 pm and save the configuration, the sync process will execute at 1:00 pm the following day. After the first StartTime executes the Run Every value takes over from this starting time.
Core Replication Details
The following Core elements are replicated when a Standby Core server replicates from a Primary Core:
-
Admin Portal complete database included:
- Users & Devices
- Apps
- Policies & Configs
- Settings
- Logs & Events
-
System Manager Portal NOT included, except:
- Device certificates and Server SSL certificates
- System Manager local users
-
All Atlas data is replicated when Atlas is enabled
-
Note that Atlas must be enabled on both the Primary and Secondary servers to work
-
Atlas-only server replication is also supported for those installations where Atlas is set up on its own server and High Availability is required
-
-
Additional application and system files required by the Core to ensure consistency and data integrity.
When failover occurs, any number of scenarios can take place depending on how an HA environment is configured. The following scenarios are described in the following sections: