Configuring Address Manager API for failover - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

The Failover API option allows you to enable an externally automated failover when the primary Address Manager fails. Automated failover APIs ensures that the DDI infrastructure is readily available and allows control, offering options for both manual and automated primary Address Manager server failover when an outage is detected.

If you enable the Failover API option, you can use the following Address Manager APIs:

  • GET bam/v1/health
  • PUT bam/v1/promote
  • PUT bam/v1/managed-servers/takeover
  • PUT bam/v1/managed-servers/{id}/takeover

For more information on these APIs, refer to the Address Manager API Guide.

Note: The failover API feature requires certificates for both the server (Address Manager) and the client. Users can configure the failover API with self-signed certificates, or certificates from a certificate authority. The client certificate chain and server certificate chain are validated independently, and do not need to come from the same certificate authority. The root and intermediate certificates required to verify the client certificate must be uploaded to Address Manager through the Upload Trusted Certificate field. Ensure that the client also has the necessary root and intermediate certificates to verify the server certificate received from the Address Manager server.

To configure Address Manager API for failover:

  1. Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
  2. Under General, click Service Configuration.
  3. From the Service Type drop-down menu, select Failover API.
  4. Under General Settings, complete the following:
    1. Enable Failover API Service: Enables the API during failover. This option is selected by default.
    2. Upload Trusted Certificate: Upload a Java keystore file (.jks) containing the root and any intermediate certificates required to verify the client certificate used in the failover API call. When the Address Manager server receives the client certificate, it verifies the certificate using this trust store certificate chain.
    3. Upload SSL Server Certificate: Upload a PKCS certificate file (.p12) containing the Address Manager server's private key and the server certificate.
  5. Click Upload.
  6. Click Update.