Filter
Top Products
Configuring the Network
Configuring Failover with Redundant Access Control Servers
Please read the section “Enterprise Class Redundancy” on page 2-18 in Chapter 2, “Configuring the
Network”
Note: Integrated Access Managers cannot be used as a peer in a redundant configuration.
The 700wl Series system supports multiple Access Control Servers for Access Control Server redundancy
and failover. Access Control Server failover provides high availability operation for clients in case of
system outages, network failures, etc. The primary Access Control Server functions as a normal Access
Control Server, servicing the connected Access Controllers requests for authentication, rights
administration, and other functions. The redundant Access Control Server is synchronized with the
primary Access Control Server through a combination of database replication, message/state replication,
and configuration replication, and is kept synchronized via incremental SQL updates.
To set up a redundant Access Control Server configuration, the following is required:
• Two peer Access Control Servers, each running version 4.0 or later software, must exist on the network,
and be mutually reachable.
• One of these Access Control Servers must have the
Preferred Primary Access Control Server option
checked as part of the Access Control Server setup under the System Components tab of the Network
pages. Only one of the peer Access Control Servers may have this option checked.
• Both Access Control Servers (and all Access Controllers) must be configured with the same shared
secret in order to communicate with each other and with the Access Controllers under their control.
• As Access Controllers are installed on the network, they should be configured with the IP address of
the Preferred Primary Access Control Server. Access Controllers in a configuration with redundant
Access Control Servers receive the address of the peer Access Control Server from the Primary Access
Control Server.
The process of configuring a 700wl Series system to use redundant Access Control Servers is as follows:
Step 1. Select one of the two Access Control Servers to function as the Preferred Primary Access Control
Server. This Access Control Server will be the one that initially manages the Access Controllers
associated with the 700wl Series system, and will be the one responsible for initiating the
redundant peer relationship with its peer Access Control Server. In addition, in case of a
simultaneous reboot of both peer Access Control Servers, the one designated the Preferred
Primary will take control of the associated Access Controllers.
Step 2. Prepare a second Access Control Server to function as a redundant peer by configuring its shared
secret to be the same as the primary Access Control Server’s shared secret. The second peer
Access Control Server must not be designated as the Preferred Primary Access Control Server.
This Access Control Server does not need to be configured beyond the basic network
configuration settings—once the process of synchronization with its peer begins, most
configuration information on the secondary Access Control Server will be overwritten by the
configuration from the primary Access Control Server.
Step 3. On the primary Access Control Server, provide a name, for the peer Access Control Server, enter
the IP address of the second Access Control Server as the Peer IP Address, check the
Preferred
Primary Access Control Server
setting, and Save these changes.
Note: You cannot enable redundancy (the check box will not be active) until a connection with
the peer Access Control Server has been established.
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 6-15