SA Server 2.0 Application Note : Evidian SafeKit 7.0.4, Failover
ii Preface All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information. Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights of or concerning any of Gemalto s information. This document can be used for informational, non-commercial, internal and personal use only provided that: The copyright notice below, the confidentiality and proprietary legend and this full warning notice appear in all copies. This document shall not be posted on any network computer or broadcast in any media and no modification of any part of this document shall be made. Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided AS IS without any warranty of any kind. Unless otherwise expressly agreed in writing, Gemalto makes no warranty as to the value or accuracy of information contained herein. The document could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Furthermore, Gemalto reserves the right to make any change or improvement in the specifications data, information, and the like described herein, at any time. Gemalto hereby disclaims all warranties and conditions with regard to the information contained herein, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Gemalto be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with the use or performance of information contained in this document. Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall Gemalto be held liable for any third party actions and in particular in case of any successful attack against systems or equipment incorporating Gemalto products. Gemalto disclaims any liability with respect to security for direct, indirect, incidental or consequential damages that result from any use of its products. It is further stressed that independent testing and verification by the person using the product is particularly encouraged, especially in any application in which defective, incorrect or insecure functioning could result in damage to persons or property, denial of service or loss of privacy. Copyright 2008 Gemalto N.V. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of Gemalto N.V. and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners. GEMALTO, B.P. 100, 13881 GEMENOS CEDEX, FRANCE. Tel: +33 (0)4.42.36.50.00 Fax: +33 (0)4.42.36.50.90 Printed in France. Document Reference: September 20, 2007
Contents Preface... iii Who Should Read This Book... iii For More Information... iii Contact Our Hotline... iii Overview... 3 Main steps...3 Architecture and Prerequisite... 3 Global Architecture...3 SafeKit principe...3 Gemalto SA Server installation...3 Evidian SafeKit installation...3 Gemalto SA Server configuration...3 Evidian SafeKit configuration...3 Evidian SafeKit First Run...3 Starting the PRIM server...3 Starting the SECOND server...3 Server Failover Switch... 3 SafeKit Scripts... 3 List of Figures Figure 1 - Cluster Architecture...3 Figure 2 - Cluster Initial state...3 Figure 3 - Cluster switch state...3 Figure 4 - Cluster data synchronization...3 Figure 5 - SA server Installation folder...3 Figure 6 - SA installation mode...3 Figure 7 - SafeMonitor Server Admin...3 Figure 8 - SafeKit Module Install...3 Figure 9 - SafeKit Node Ip address...3 Figure 10 - SafeKit Cluster IP address...3 Figure 11 - SafeMonitor Expert Configure...3
Preface This document shows a fail over cluster configuration for Gemalto SA server using Evidian SafeKit product Who Should Read This Book This document contains technical description. Therefore Gemalto SA server product and Evidian Safe kit administration knowledge is required and global system administration skill will ease the reading. For More Information For more information on Evidian SafeKit, see the consult Sites: Site http://www.evidian.com/safekit/index.php Description Evidian SafeKit web Site Contact Our Hotline If you do not find the information you need in this manual, or if you find errors, contact the Gemalto hotline at http://support.gemalto.com/. Please note the document reference number, your job function, and the name of your company. (You will find the document reference number at the bottom of the legal notice on the inside front cover.)
1 Overview This document describes how to integrate Gemalto SA server and Evidian Safekit in order to setup a fail over cluster. Caution: Consequently, this document should not be considered as an instruction manual on how to configure your system. To have a full infrastructure working you need: You need two computers running Microsoft windows 2003 server o <IP SA SafeKit01> represents the IP of the first SA server : 10.10.280.41 o <IP SA SafeKit02> represents the IP of the second SA server : 10.10.280.41 o <IP SA Safekit Cluster> represents the cluster virtual IP : 10.10.238.44 o <SA firebird folder> represents the folder where the database is stored o <SA service name> represents the name of SA service : saserver80 Main steps In order to have the platform running here are the main steps that will be describes in this document: 1. SA server installation a. Choose a specifiv installation folder b. Switch to SA service startup to manual 2. SafeKit installation 3. Safekit configuration a. Use a configuration sample b. Modify the sample to fit the real architecture 4. SafeKit startup
2 Architecture and Prerequisite This section will describe the architecture to setup and the way to do so. Global Architecture Here is the architecture that is going to be describes in this document Figure 1 - Cluster Architecture Both servers are running Microsoft windows 2003 R2 sp1 server, and the client PC access the SA server web using the <IP SA Server Cluster>.
Architecture and Prerequisite 3 SafeKit principe Service Management Here is a brief summary of mechanism that will rule the cluster switch. SafeKit manage the clustered service. Therefor it is Safekit that start and Stop clustered services. In failover mode the clustered service is started on the primary machine and stopped on the backup machine. Initial State Figure 2 - Cluster Initial state First state the Safe kit cluster is ready. Therefore : On both machine the SafeKit Service is running and the heart beat doesn t indicate any problem. SafeKit has start SA server service on the Primary server The SA server service on the failover machine is stopped. The <IP SA Safekit Cluster> is assigned to the Primary server
4 Architecture and Prerequisite Failover state Figure 3 - Cluster switch state If a problem occurs on the SA server service then SafeKit : Detect it Start the SA server service on the backup machine Assign <IP SA Safekit Cluster> to the backup server
Architecture and Prerequisite 5 Data Management Figure 4 - Cluster data synchronization In order to synchronize data between machines of the cluster, a folder will be declared on all clustered machines. Please note that this folder MUST have the same path on all clustered machines. Safekit services synchronize these folders.
6 Architecture and Prerequisite Gemalto SA Server installation In order to simplify the SafeKit configuration, SA server installation will be done as follow: 1. At introduction click on Next 2. Accept the license and click on Next 3. Choose Typical and click on Next 4. At the installation folder click on Choose and if needed create a folder with no space in the folder name. In this example saserver on c:\. Figure 5 - SA server Installation folder 5. The SA server folder is now c:\saserver. Therefore the <SA firebird folder> is c:\saserver\datastore. Click on Next 6. Enter your license and click on Next 7. In our example we did not choose HTTPS. Click on next 8. We don t have a HSM so just click on Next
Architecture and Prerequisite 7 Figure 6 - SA installation mode 9. Choose DB mode and click on Next 10. Click on install and finish the rest of the installation Sakekit will start and stop SA server service. So once Installation is over saserver80 service startup has to be set to manual. 1. Click on start, choose administrative tools and click services 2. Right-click on saserver80 service and choose Properties
8 Architecture and Prerequisite 3. Change the startup type to Manual and click OK 4. Close the service windows. SA server is installed on both machines using the exactly the same installation process IMPORTANT Services on both servers MUST have the same name. The SA service name is defined during installation process. In our example it is saserver80 because the TCP 80 port was available. If the port would have been used by another process then the SA service would have been installed on another TCP port and the service name would have been saserver< TCP port number>. Evidian SafeKit installation Safe kit is installed on both machines using the default process. Please refer Evidian SafeKit documentation.
Architecture and Prerequisite 9 Gemalto SA Server configuration No more specific configuration has to be done on SA server. Evidian SafeKit configuration Safekit monitor In order to configure Safekit you have to use Safekit monitor. Create an icon on your desktop with the following target <Safekit installation Folder>\web\htdocs\safekit\safemonitor\safemonitor.jar The Safekit monitor icon is : Once done double-click on the icon Under SafeKit monitor : 1. In Server Admin Tab a. Declare both server Figure 7 - SafeMonitor Server Admin
10 Architecture and Prerequisite b. In apache.safe section put Saserver as name and click Install Figure 8 - SafeKit Module Install c. This is the result 2. In Quick Configure Tab Figure 9 - SafeKit Node Ip address a. Fill out the First Server IP addr field with <IP SA SafeKit01> b. Fill out the Second Server IP addr field with <IP SA SafeKit02> Figure 10 - SafeKit Cluster IP address c. Fill out both Server Ip addr and Checker configuration with <IP SA Safekit Cluster>
Architecture and Prerequisite 11 3. In Expert Configuration tab a. Modify start_prim.cmd file : i. Find the line starting with : net start <apache service name> ii. And replace <apache service name> by : <SA service name> iii. You can modify also message body after any printi command Please find in annex A the start_print.cmd file used for architecture. b. Modify stop_prim.cmd file : i. Find the line starting with : net stop <apache service name> ii. And replace <apache service name> by : <SA service name> iii. You can modify also message body after any printi command Please find in annex A the stop_print.cmd file used for architecture. c. Modify userconfig.xml file : i. Add the following section <rfs> <replicated dir="<sa firebird folder>" mode="read_only"/> </rfs> Please find in annex A the userconfig.xml file used for architecture. d. Save all the modification e. Deploy the configuration an all cluster nodes f. Compile it Evidian safekit configuration is over
12 Architecture and Prerequisite Evidian SafeKit First Run Like any cluster system the first run is important. Starting the PRIM server Using Safe kit monitor, under Expert Configure Figure 11 - SafeMonitor Expert Configure Right-click on the first server of your SafeKit cluster. The following menu appears
Architecture and Prerequisite 13 Choose Prim and confirm the command. This starts the first server of the fail over cluster. The server status change to WAIT. Then wait a few second and the status of the first server switch to ALONE. Starting the SECOND server The SA server now is available at the <IP SA Safekit Cluster> address, but the fail over is not setup yet. To start the second server, using Safe kit monitor, under Expert Configure right-click on the second server and choose Second (or Start). This starts the second server of the fail over cluster. Note that the SA service is not running, but SafeKit Service is ready to start SA service in case of problem on the Prim server. The server status change to WAIT. Then wait a few second and the status of the second server switch to SECOND. Please note that the status of the first sever has switch to PRIM. The SafeKit cluster is ready. It can be tested connecting the URL: http://<ip SA SafeKit Cluster>/saserver
3 Server Failover Switch Once the SafeKit cluster is ready 1. connect the site http://<ip SA SafeKit Cluster>/saserver The SA server main page is displayed 2. then switch off PRIM server 3. Wait a few second in order for Safekit to detect the failure and to start the SA service on the second machine 4. then connect the site http://<ip SA SafeKit Cluster>/saserver once again The SA server main page is displayed
A SafeKit Scripts start _prim.cmd @echo on rem Script called on the primary and secondary servers for starting applications rem rem If needed, add new applications starting rem Execute recovery/cleanup procedures before starting rem to allow start after crash rem See also stop_both for stopping applications rem To locally apply a new start_both, stop and start SafeKit rem To remotly apply the new start_both, copy start_both on the rem remote host and stop and start SafeKit rem Logging functions rem rem use %SAFE%\safekit printi printe printw "message" rem printi: log I[nformative] message in SafeKit log rem printe: log E[vent] message rem printw: log W[arning] message rem Main program for starting set res=0 rem Applications starting calls rem Fill with your application start call rem and set res=0 if successfull rem or set res=1 if failed net start saserver80
16 SafeKit Scripts if not %errorlevel% == 0 goto stop %SAFE%\safekit printi "saserver80 started" if %res% == 0 goto end :stop set res=%errorlevel% %SAFE%\safekit printi "saserver80 start failed" rem uncomment to stop SafeKit when critical rem %SAFE%\safekit stop -i "start_both" :end stop_prim.cmd @echo on rem Script called on the primary and secondary servers for stopping applications rem started in start_both rem rem If needed, add new applications stopping functions and calls rem Execute recovery/cleanup procedures after stopping rem to allow quick restart rem To locally apply a new stop_both, stop and start SafeKit rem To remotly apply the new stop_both, copy stop_both on the rem remote host and stop and start SafeKit rem Logging functions rem rem use %SAFE%\safekit printi printe printw "message" rem printi: log I[nformative] message in SafeKit log rem printe: log E[vent] message rem printw: log W[arning] message rem Main program for stopping set res=0 rem Applications stopping calls rem rem 2 stopping mode rem - graceful stop rem call standard application stop rem - force stop (%1=force) rem kill application's processes rem rem Bounded time to execute to ensure non blocking stop: rem - 240 s for graceful stop rem - 60 s for force stop rem
SafeKit Scripts 17 rem default: no action on forcestop if "%1" == "force" goto end net stop saserver80 %SAFE%\safekit printi "saserver80 stopped" :end userconfig.xml <?xml version="1.0"?> <!-- Apache Module for SafeKit --> <!-- See Readme.txt --> <!DOCTYPE safe SYSTEM "../private/conf/safeconf.dtd"> <safe> <service mode="mirror"> <!-- Heartbeat Configuration --> <!-- Replace * SERVER1_TO_BE_DEFINED and SERVER2_TO_BE_DEFINED by IP address of your 2 servers --> <heart> <heartbeat> <server addr="10.10.236.41"/> <server addr="10.10.236.42"/> </heartbeat> </heart> <rfs> <replicated dir="c:\saserver\datastore" mode="read_only"/> </rfs> <!-- Virtual IP Configuration --> <!-- Replace * VIRTUAL_TO_BE_DEFINED by the IP address of your virtual server --> <vip> <interface_list> <interface check="off"> <real_interface> <virtual_addr addr="10.10.236.44" where="one_side_alias"/> </real_interface> </interface> </interface_list> </vip> <!-- Checker Configuration --> <!-- Replace * VIRTUAL_IP_ADDR_TO_BE_DEFINED by the IP address of your virtual server --> <check> <tcp ident="apache_80" when="prim"> <to addr="10.10.236.44" port="80" interval="120" timeout="5"/>
18 SafeKit Scripts </tcp> </check> <!-- User scripts Configuration --> <!-- See TODO in SAFE/bin scripts --> <user> </user> <!-- Monitoring Configuration --> <http/> </service> </safe>