Configuring Address Manager API for failover - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

The Failover API option allows you to enable an externally automated failover when the primary Address Manager fails. Automated failover APIs ensures that the DDI infrastructure is readily available and allows control, offering options for both manual and automated primary Address Manager server failover when an outage is detected.

If you enable the Failover API option, you can use the following Address Manager APIs:

  • GET bam/v1/health
  • PUT bam/v1/promote
  • PUT bam/v1/managed-servers/takeover
  • PUT bam/v1/managed-servers/{id}/takeover

For more information on these APIs, refer to the Address Manager API Guide.

Note: The failover API feature requires certificates for both the server (Address Manager) and the client. Users can configure the failover API with self-signed certificates, or certificates from a certificate authority. The client certificate chain and server certificate chain are validated independently, and do not need to come from the same certificate authority. The root and intermediate certificates required to verify the client certificate must be uploaded to Address Manager through the Trust store field. Ensure that the client also has the necessary root and intermediate certificates to verify the server certificate received from the Address Manager server.

To configure Address Manager API for failover:

  1. Select the Settings tab in the sidebar, then select Service configuration.
  2. Under Server management and configuration, locate the Failover API service panel and select Edit service.
  3. Check the Enabled check box to enable the Failover API Service.
  4. Under Certificate, upload the X.509 Address Manager server certificate in .pem, .cer, .cert, or .crt format.
  5. Under Private key, upload the private key of the Address Manager server in .pem or .key format.
  6. Under Trust store, upload a Java keystore file (.jks) containing the root and any intermediate certificates required to verify the client certificate used in the failover API call. When the Address Manager server receives the client certificate, it verifies the certificate using this trust store certificate chain.
  7. In the Trust store password field, enter the password for the truststore file.
  8. Select Save.