Filter
Top Products
Using the 700wl Series System
The communication between the two peer Access Control Servers is done via a proprietary message
based protocol over TCP/IP.
Upon restart, an Access Controller attempts to communicate with the primary Access Control Server. If
that fails, the Access Controller attempts to communicate with the secondary Access Control Server.
In the event of a primary Access Control Server failure, or failure on the network segment on which it
resides, the secondary Access Control Server will fail to receive the heartbeat message. A failover
timeout is used to determine when it is appropriate for the secondary Access Control Server to take over
management of the 700wl Series system. Depending on the nature of the failure, this may work in one
of several ways:
• If the primary Access Control Server has actually failed or gone offline, the Access Controllers it
was administering will no longer be able to contact it. They will then attempt to establish
communication with the secondary Access Control Server. This Access Control Server will become
the primary Access Control Server, and the failed Access Control Server, when it comes back online,
will be the secondary Access Control Server.
• If the loss of heartbeat is due to a failure or disruption of the network between the two Access Control
Servers rather than a failure of the primary Access Control Server itself, the Access Controllers that
reside in the same partition as the primary Access Control Server will continue to communicate
successfully with that Access Control Server. Access Controllers in the other network partition will
establish connections with the secondary Access Control Server, which will become the primary
Access Control Server to those Access Controllers.
When an Access Control Server failover occurs, authenticated clients on the various Access Controllers
will continue to have access to the network and will not be aware of the failover.
Access Control Server failover to the secondary Access Control Server is automatic. Return of control to
the primary Access Control Server is a manual process. This allows the system administrator time to
diagnose and repair the network failure or problem with the primary Access Control Server before
returning control. Once the primary Access Control Server is back on-line the two Access Control
Servers automatically synchronize their data. The system administrator can manually return control to
the original primary Access Control Server by restarting the new primary Access Control Server
(originally the secondary) to force a fail-back to the original (Preferred Primary) Access Control Server.
This is done through the Shutdown/Restart tab under the Maint navigation button.
The overall time required for a failover to occur is a function of several factors:
• The time interval specified in the Failover Timeout field in the Edit Control Server page
• The latency in the network link between the primary and the secondary Access Control Servers
If the primary and secondary Access Control Servers are located together with a hardwired link between
them, the overall failover time can be as small as one second. If they are located thousands of miles apart
then the latency time for communication between the two Access Control Servers may become
significant.
Avoiding Configuration Data Loss in a Redundant System
When setting up a redundant configuration for Access Control Server failover, there are a few situations
where it is possible to experience the loss of some configuration data.
The first situation is if you designate an Access Control Server as secondary when it still has valid
configuration data. For example, if it is actively managing an Access Controller with connected clients,
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 2-19