Introduction
vSEC:CMS can be configured in a Microsoft (MS) Windows Server Failover Clustering environment to ensure high availability of the application. This article will describe how this failover clustering can be set up in such an environment.
Prerequisites
The following prerequisites are required:
- It is mandatory that vSEC:CMS is configured to use external SQL database (MS SQL or MySQL);
- vSEC:CMS is installed on each cluster node;
- vSEC:CMS Service should be running on one node. All other nodes where the vSEC:CMS is installed the service should be stopped.
Example Deployment
In this section we will provide a simple example of how this can be setup.
The steps below are guidelines only. It is expected that the person carrying out the deployment has expertise and experience with using MS clustering. The steps below may need to be adjusted and/or changed depending on your environment.
If you use a MS CA you will already be familiar with an Enrollment Agent (EA) certificate being required to be available to vSEC:CMS. In a cluster environment you will need to ensure that the same EA certificate is available on both nodes. This can be done by issuing an EA certificate to the service account that vSEC:CMS service runs under and exporting it as a .pfx along with the private key. Then you should import the .pfx into the local certificate store of the vSEC:CMS service account on each node (for example you can use MMC to do this). Verify that on each of the nodes that the EA certificate is selected for the CAs that you use from the Options - Connections page in the Enrollment Agent section.
MS SQL Used
This section will describe the steps to be carried out to deploy vSEC:CMS into a MS clustered environment where two nodes are used and the database used is MS SQL. It will be expected that the MS clustered environment is already set up and functional. This document does not provide the steps to set up an MS cluster environment.
It will be required that at minimum you have already successfully completed the configuration steps described in the article Setup Evaluation Version of vSEC:CMS. The instructions in this document are applicable regardless of whether you are running the evaluation version or a production version.
Setup Steps
1. Install vSEC:CMS on each of the nodes. On one of the nodes you should configure all of the settings etc that is required for your environment;
2. Stop the vSEC:CMS service (vSEC:CMS Service) on each node;
3. From the fully configured node copy all the files of the vSEC:CMS dat folder into the dat folder of the other node(s). Depending on how your vSEC:CMS service is configured to run, whether the service runs under the default local SYSTEM account or it runs under a dedicated Windows account, it may be necessary to change the permissions on the dat folder of the vSEC:CMS in order to access this folder;
4. Start the vSEC:CMS service on one of the nodes.
5. From the Failover Cluster Manager right click your cluster and select Configure a Service or Application. Follow the wizard instructions and from the Select Service or Application dialog select Generic Service. Select the vSEC:CMS Service and follow the wizard instructions to complete.
6 If you are using the vSEC:CMS Operator Console Service then it will be necessary to add this service to the cluster. From the Failover Cluster Manager go to the node that is active and under Service and Applications right click the service that you added in step 5 above and select Add a resource. Select Generic Service and select vSEC:CMS – Operator Console Service. Follow the wizard to complete the setup.
7. If you are using the vSEC:CMS User Self-Service then it will be necessary to add this service to the cluster. From the Failover Cluster Manager go to the node that is active and under Service and Applications right click the service that you added in step 5 above and select Add a resource. Select Generic Service and select vSEC:CMS – User Self Service. Follow the wizard to complete the setup.
This completes the setup.