The Failover Monitoring page lets you configure Gateway's interactions with the Address Manager replication failover system. From Gateway, you can configure the credentials for signing in to the Address Manager server and any SSL certificates needed for communicating with different Address Manager servers in the replication failover cluster.
This feature is usable only if the Address Manager server into which Gateway is logged is configured for Database Replication. This system is an optional configuration in Address Manager where a database replication failover can take place when the Primary Address Manager server goes down. Upon failure of the Primary server, a Standby server is promoted to the Primary role and the current Primary server is converted to a Standby role. After failover completes, the new Primary Address Manager server resumes operations of the previous Primary server. The Failover Monitoring feature in Gateway lets Gateway monitor the Address Manager server's health to make sure that Gateway can switch to the new Primary instance should failover occur.
From the Failover Monitoring page, you can:
Configure Failover Monitoring settings in Gateway so that Gateway can use your Address Manager replication cluster. Settings will be saved in memory.
Run failover cluster discovery so that Gateway knows which Primary and Standby Address Manager servers are members of the cluster.
Upload specific certificates for individual Address Manager servers in a replication cluster, in cases where different servers in the cluster use different SSL certificates.
Start Failover Monitoring, after it has been configured and all cluster servers have been discovered.
Stop Failover Monitoring when needed.
Credential requirements: To start monitoring, stop monitoring, or make changes to Failover Monitoring settings, you must satisfy the following:
-
When logging in through the Gateway UI, to make changes you must be logged in to Gateway as an admin user (as specified in the UDF value BlueCatGateway under the user within Address Manager).
You must also be authenticating with either an active Address Manager replication cluster (the
primary-address-manager) or any individual Address Manager server within the cluster (either primary or standby). If you are not logged in to one of those servers, you can still view Failover Monitoring settings, but can't change them. Also:
-
If Gateway is configured to use the Address Manager REST v1 API Client, the user must be an ADMIN Address Manager user (that is, an ADMIN user within Address Manager's user list).
NON-ADMIN users within Address Manager cannot change Gateway's Failover settings. However, they can view the settings as long as they are authenticating with either an active Address Manager replication cluster (the
primary-address-manager) or any individual Address Manager server within the cluster. -
If Gateway is configured to use the Address Manager REST v2 API Client, both Address Manager ADMIN and NON-ADMIN Address Manager users can change Gateway's Failover settings.
-
Configuring Address Manager Failover Monitoring settings
To configure general Failover Monitoring settings:
-
Open the Failover Monitoring window. (Click
Settings at the bottom of the navigator on the
left, expand Address Manager, then
click Failover Monitoring.)If Gateway is already monitoring an Address Manager server, Gateway displays a summary of the current failover monitoring details.
-
To start monitoring an Address Manager server, click Configure Failover Monitoring.
Note: To monitor a completely different replication cluster, you must first either restart the Gateway container, or stop failover monitoring then log in to Gateway that is authenticating with an Address Manager server that is a member of the new cluster. -
In the Configure Address Manager failover monitoring window, configure the settings to specify Gateway's monitoring of Address Manager replication failover events.
Setting Description Address Manager username
Address Manager password
The username and password for the Address Manager account that Gateway uses to log in to Address Manager.
You must enter the username and password even if they're identical to the credentials you use when logging in to Gateway. Gateway does not remember credentials after you log in, so if a failover event occurs, Gateway needs to re-enter the credentials for the replacement primary Address Manager server.
Time Interval Gateway periodically checks the health status of the primary Address Manager server. This is the time interval (in seconds) between those health checks. SSL certificate Specify the default Failover Monitoring SSL certificate to use for validation when Gateway authenticates with an Address Manager server that is configured for replication failover.
Select one of the following:
-
Use Address Manager certificate from General Configuration page: Gateway uses the SSL certificate that was uploaded to Gateway on the General Configuration page.
-
Upload an SSL certificate file: Upload a new, separate SSL certificate to use when logging in to a new primary Address Manager server.
Either drag the SSL certificate to use for Address Manager communications (a
.crtfile) onto the TLS/SSL Certificate box area, or click in the box area to browse to the file.
Note: In many cases, SSL certificates are needed only when Gateway connects to Address Manager servers by a fully-qualified domain name (FQDN) instead of an IP address. However, if you specify an IP address for the server on the General Configuration page, Gateway will try to retrieve the FQDN host name directly from the Address Manager server while discovering the Address Manager replication cluster information. If it can retrieve an FQDN, it will perform SSL validation using any provided certificates. If it cannot (and only has an IP address), certificate validation is ignored. -
After configuring the Failover Monitoring details, you can start the Failover Monitoring cluster discovery process.
Running failover cluster discovery
Before Gateway can start monitoring an Address Manager failover cluster, it needs connection details for all Address Manager servers in that cluster. It retrieves this information through a short discovery process.
To start the cluster discovery process, click Discover cluster information.
-
Gateway connects to the currently-logged-in Address Manager server and gathers details about its replication cluster. When discovery is complete, for each server, Gateway displays the State (Primary or Standby), IP address, Host name, and whether Gateway has an uploaded SSL certificate for that server.
Gateway displays an error if the connected Address Manager server is not part of a cluster.
Uploading specific certificates for individual Address Manager servers in a replication cluster
By default, Gateway uses the SSL certificate specified in the general Failover Monitoring settings for communications. In some cases, each standby server in an Address Manager replication cluster might require a different SSL certificate. For each server in the cluster, you can upload a separate SSL certificate that Gateway will use should that server become the primary in a failover scenario.
If you haven't already done so, run the failover cluster discovery process to obtain the list of servers in the replication cluster.
For more details, see Failover cluster discovery.
In the list of servers, within the entry for the server for which you'd like to upload a separate certificate, click Upload certificate.
Either drag the SSL certificate to use for Address Manager communications (a
.crtfile) onto the TLS/SSL Certificate box area, or click in the box area to browse to the file.
Starting Address Manager failover monitoring
You can start Address Manager failover monitoring only after running Failover Monitoring discovery. This step queries Address Manager so that Gateway knows which Primary and Standby Address Manager servers are members of the cluster. To perform this discovery, click Discover cluster information.
For more details, see Failover cluster discovery above.
To start Address Manager Failover monitoring, on the Failover monitoring page, click Start Monitoring.
(To open the Failover monitoring page, click
Settings at the bottom of the navigator on the left,
expand Address Manager, then click
Failover Monitoring.If monitoring does not start, check the following:
Verify that the Address Manager username and password are correct. To check them, click Edit Configuration.
If SSL certificates are used for authentication, make sure that the correct certificates are used and that they are valid. Check both the certificate uploaded to the Gateway General Configuration window (see Configuring Certificates settings), and any custom certificates used for specific Address Manager servers in the replication cluster.
After monitoring successfully starts, log out of Gateway and log back in, selecting
primary-address-manageras your Address Manager server (in the BAM Selection field). Make sure you use the same authorization credentials specified in the Failover Monitoring settings.Logging in using
primary-address-managermakes sure that the user session makes use of the Gateway failover monitoring system and continues using whatever Address Manager server is configured as the Primary upon failover. This lets any currently-running workflows that rely on Address Manager to continue functioning.Important: If users do not log in usingprimary-address-manager, Gateway Failover Monitoring will not work and Gateway will not switch to the Standby server if the Primary fails.
Stopping failover monitoring
To stop failover monitoring for any reason (such as when the Address Manager replication cluster is being changed):
On the Failover Monitoring page, click Stop monitoring.
Gateway will no longer check the replication cluster for failover events. If the current primary Address Manager server fails, Gateway will no longer automatically connect to a newly-promoted standby server.