High availability settings - Platform - BlueCat Gateway - 25.3.0

Gateway Administration Guide
ft:locale
en-US
Product name
BlueCat Gateway
Version
25.3.0

Below are detailed descriptions of status values, fields, and settings for Availability groups on its main and Configuration page.

Tip: To view Availability group settings for the current instance of BlueCat Gateway, click Settings at the bottom of the navigator on the left, then click High availability.

To edit Availability group settings for the current Gateway instance, click the Edit configuration button at the bottom of the page. When you're done, click Save.

High availability details

While the current node is a member of an Availability group, the High Availability page displays a summary of High Availability settings.

The box at the top of the page displays status information for the current Gateway instance and the Availability group that it belongs to, if any.

Field Description
Node role

The role of the current instance (node) of Gateway in its Availability group. This can be one of the following:

  • Primary: The current instance is the Primary node for its group. This is the active instance that runs Gateway scripts and operations.
  • Secondary: The current instance is the Secondary or standby node for its group.
  • Not in a group: The current instance is not in an Availability group.
Connection to DNS

The status of the connection that this instance of Gateway has with its DNS server.

  • Connected: The connection between the node and its DNS server is functioning normally.
  • Disconnected: The connection between the node and its DNS server is interrupted.
  • Not applicable: The node has locally-configured Availability group configuration information, but the node information has been removed from the DNS server.
Last heart beat Time (UTC) The UTC timestamp for the last heartbeat received from the Primary server.
Last update (UTC) The UTC timestamp of the last time High availability settings were updated for the Availability group.

Availability group

Primary node

Secondary node

 The IPv4 addresses of the Primary and Secondary members of this Availability group. The address of the Primary instance is also the address for the Availability group as a whole.
Tip: Click an address to open the instance of Gateway on that node.

Configuration settings

Settings in the Configuration panels on the High Availability page summarize the current configuration of the Availability group and its nodes. To edit these settings for the current Gateway instance's Availability group settings, click the Edit configuration button at the bottom of the page.

Note: Some settings can be changed only on the Primary node.

Availability group settings

Field/Option Description
Scheme

The communication scheme used by the Availability group and its nodes. This can be HTTP or HTTPS.

Note: We recommend using an HTTPS scheme where possible.
Important: Both the Primary and Secondary nodes must use the same scheme. To change the scheme, you must disband the group and recreate it.
FQDN

The fully qualified domain name (FQDN) used to create the DNS host record that maps to the IP address of the Primary Gateway instance.

In the case of a failover (typically when the Secondary Gateway node determines that the Primary node has failed), the Secondary Gateway node will change the IP address in the host record to point to itself. This makes sure that the DNS server always resolves requests made to the FQDN to an active Gateway instance within the Availiabity group.

If this host record does not exist, Gateway will create it.

Note: To change the FQDN, you must disband the group and recreate it.
Port The port used for HTTP/HTTPS communications between members of the Availability group. By default, this is 80.
Important: Both the Primary and Secondary Gateway instances must use the same port. To change the port, you must disband the group and recreate it.
FQDN TTL

The Time-to-live (TTL) for the host record in the DNS server for the Availability group, in seconds. This value tells a cache how long it can store the host record before refreshing the search to get an answer from the name server.

By default, the FQDN TTL is 30.

TSIG key settings

TSIG key settings specify settings for the Transaction Signature (TSIG) used by members of the Availability group.

Field/Option Description
Key name

The name of the TSIG key to use for members of the Availability group.
Algorithm The encryption algorithm used by the Availability groups TSIG key. You can choose from the following:
  • hmac-md5
  • hmac-sha1
  • hmac-sha256
  • hmac-sha512
Note: The hmac-md5 algorithm has known attacks and vulnerabilities. We recommend hmac-sha256 or hmac-sha512 where possible.
Secret (Available only when editing settings) The contents of the TSIG Secret key. The length depends on the chosen algorithm.

Failover settings

Failover settings configure the heartbeat and timeout behaviour for the Availability group.

Field/Option Description
Heartbeat interval

The time between health reports sent by the Primary Gateway node (in seconds).

By default, this is 20 seconds.
Standby check interval

The time between checks made by the Secondary Gateway node to see if the Primary node is still active (in seconds).

By default, this is 30 seconds.
Failover period

How long the Secondary Gateway node waits after a heartbeat before deciding that the Primary Gateway node has failed (in seconds).

If this timeout is exceeded, the Secondary node attempts to take over. We recommend using a multiple of the Standby check interval.

By default, this is 60 seconds.