Last modified Oct, 16, 2017
Set up High Availability

ScaleArc recommends a High Availability (HA) deployment of two ScaleArc appliances in order to provide uninterrupted operation. Configure one of the appliances in the pair as the primary node and the other as the secondary node. The primary node accepts connections and manages servers while the secondary node monitors the primary. In case the primary is unable to accept connections, the secondary node takes over.

This section describes how to configure high availability for ScaleArc. ScaleArc uses the Pacemaker module from clusterlabs.org to setup high availability and supports active-passive peer configuration, with active resource sync between two nodes, virtual IP migration and node failure detection.



  • Doing an HA linkup first allows the domain Join operation to occur only once on the HA primary, requiring the HA secondary to join the domain first. Once this has successfully completed, the HA primary joins. The result is simpler and less error-prone because it forces all the AD configuration on the HA pair to be identical.  
     
  • If you are configuring Kerberos for user management, set up delegation on both the machines (primary and secondary).

  • The virtual IP address technology used in the ScaleArc HA feature is not compatible with most cloud services. For  instructions on HA configuration in the various cloud services, please consult the ScaleArc Support Knowledge Base.

Prerequisites

Before you begin, ensure the following:

  • Both ScaleArc systems have the same hardware/VM configuration.
  • Both ScaleArc systems have the same license parameters.
  • Each ScaleArc appliance has a unique license key.
  • Configure virtual IP (VIP) prior to configuring HA.
  • The network configuration on both the ScaleArc systems should be similar. This will ensure that whenever a HA switchover occurs, the other node is able to host all VIPs and handle all network communication.

Add a secondary node

The following section guides you to add a secondary ScaleArc appliance to a standalone primary ScaleArc appliance.

  1. Click the Settings tab > HA Settings on the ScaleArc dashboard for the the primary unit in the HA pair. 

    Important

    Make sure the Inbound/Outbound IP addresses are using a virtual IP configuration.



     

  2. Enter as follows:



    Field/Button Description Default/User input
    Configure High Availability on The drop down list of the active network interfaces associated with the ScaleArc appliance. Refer the chart labeled Local Network Settings at the end of the screen to view the available network interfaces. Select a network interface.
    IP address The remote IP address for the selected network interface. Enter a remote IP address.



  3. Select a fencing option. The fencing device is a component of a ScaleArc high availability cluster that monitors and cuts off access to a resource (VIP’s, core engine) from a node in the cluster if it loses contact with the rest of the nodes in the cluster. If you selected the recommended fencing option:

    Do not configure ScaleArc primary or secondary machines as the witness server.

    Field/Button Description Default/User input
    ScaleArc cluster (Recommended) ScaleArc uses the Read/Write server in the selected cluster to store fencing information. This choice creates a new, logical database on the server. We recommended this approach as it is in line with the traffic flow and helps resolve a split-brain situation accurately. Select this radio button.
    Cluster A drop down of clusters on the ScaleArc appliance. Select the cluster from the drop down.



  4. If you selected the external database as a fencing option, complete as follows:



    Field/Button Description Default/User input
    External DB Server An external database server (that is not part of any ScaleArc cluster) to store its fencing information. A new logical database is created on this database server to store the fencing information. Select this radio button.
    DB Server Requires an IP address/Hostname for for the selected database server. Enter the database IP/Hostname.
    Port The server's port. Enter a port number.
    Username The username to authenticate the external database server. Enter the username.
    Password The password to authenticate the external database server. Enter the password.
  5. If you selected the SSH fencing option, complete as follows:

    Field/Button Description Default/User input
    SSH Server A SSH access to any Linux based server to store fencing information. This information is stored in files and does not require privileges on the SSH server.
    1 Select this radio button.
    2 Enter the SSH server's IP/Hostname.
    Port The server's port. Enter a port number.
    Username The username to authenticate the SSH server. Enter the username.
    Provide SSH Key The SSH key used to authenticate to the SSH server.
    1 Select this radio button.
    2 Enter the SSH key.
    Generate key using password

    ScaleArc will generate keys and sync them to the server using the password provided, post which all communication with the server will happen using the generated keys.This password is not saved.

    1 Select this radio button.
    2 Enter your password.
  6. Click the Configure HA button to commit the configuration. 

    If you have hosted ScaleArc on a virtual machine, refer to the KB article for configuration requirements specific to VM.

Set timeouts

These settings determine the interval before a token can be declared as lost or an HA partner as inactive/dead. 

  1. Click on the Timeout Settings button.



  2. Then, enter the interval as follows:

    Field/Button Description User input/Default
    Token Timeout (milliseconds)

    Token timeout is the time, in milliseconds, during which the Corosync token is transmitted around the ring. When this timeout expires, the token is declared lost. ScaleArc recommends 10 milliseconds.

    Enter a timeout period. Default is 10 milliseconds.
    Fencing Flag Capture Timeout The maximum amount of time a HA partner waits before it declares the other partner dead and acquires its resources. Enter a time interval. Default is 30 milliseconds.

Restart HA

This action should be initiated only if there are any issues with ScaleArc HA service.

  1. Click Restart.

Switch HA roles 

Once ScaleArc is in an HA mode, you can perform these actions on the primary:

  1. Delink from secondary. This will perform HA delink operation and both nodes will become standalone. All the configurations post delink will only be available in primary and secondary will have empty configuration.
    All VIPs will point to the Primary machine.

    When you delink the ScaleArc appliances, especially when the secondary appliance is down, you must unplug the secondary appliance and perform a factory reset before bringing it up, to prevent IP conflicts and configuration issues. If you have configured Kerberos and wish to delink, set the SPN again for the machine that is running as the primary.

  2. Switch to secondary. 



You can perform similar actions on the secondary appliance.

  1. Click Force to be Primary button to switch to primary.



Set up HA in the cloud

You can set up an active-active HA configuration using an external TCP load balancer. 

The steps for configuring this setup depend on the cloud provider (MS Azure, and AWS). 

On this page


Comments

    Add new comment