The Failover API option allows you to enable an externally automated failover when the primary Address Manager fails. Automated failover APIs ensures that the DDI infrastructure is readily available and allows control, offering options for both manual and automated primary Address Manager server failover when an outage is detected.
If you enable the Failover API option, you can use the following Address Manager APIs:
- GET bam/v1/health
- PUT bam/v1/promote
- PUT bam/v1/managed-servers/takeover
- PUT bam/v1/managed-servers/{id}/takeover
For more information on these APIs, refer to the Address Manager API Guide.
Note: The failover API feature requires certificates for both the server (Address
Manager) and the client. Users can configure the failover API with self-signed
certificates, or certificates from a certificate authority. The client certificate
chain and server certificate chain are validated independently, and do not need to
come from the same certificate authority. The root and intermediate certificates
required to verify the client certificate must be uploaded to Address Manager
through the Upload Trusted Certificate field. Ensure that the client also has
the necessary root and intermediate certificates to verify the server certificate
received from the Address Manager server.
To configure Address Manager API for failover:
- Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
- Under General, click Service Configuration.
- From the Service Type drop-down menu, select Failover API.
-
Under General Settings, complete the following:
- Enable Failover API Service: Enables the API during failover. This option is selected by default.
- Upload Trusted Certificate: Upload a Java keystore file (.jks) containing the root and any intermediate certificates required to verify the client certificate used in the failover API call. When the Address Manager server receives the client certificate, it verifies the certificate using this trust store certificate chain.
- Upload SSL Server Certificate: Upload a PKCS certificate file (.p12) containing the Address Manager server's private key and the server certificate.
- Click Upload.
- Click Update.