Reset Search
 

 

Article

HOW TO Configure High Availability (HA) in Identity Engines Ignition Server

« Go Back

Information

 
TitleHOW TO Configure High Availability (HA) in Identity Engines Ignition Server
Objective
How to configure High Availability (HA) in Identity Engines Ignition Server
Environment
  • Identity Engines Ignition Server
  • High Availability
Procedure

High Availability (HA) is the pairing of two standalone Ignition server nodes in a fault tolerant cluster to serve RADIUS, TACACS, SOAP and SAML requests.

  1. Via Dashboard, log into the 'primary' Ignition node.
This node is to be considered the primary node for which its configuration is mirrored to the secondary node.
  1. Click Configuration -> Actions -> Create HA Link as shown below.

  1. After selecting the option, the HA Configuration Wizard displays as below:

  • 'Admin port IP address' is the Admin interface IP address of the node on which currently logged in.
  • 'HA port IP address' is the HA interface IP address of the node.
  • 'HA Port net mask' bit is the subnet mask as a bit count.
  • 'HA port number' is the port number to be used for HA traffic.
  1. Click "Next".
  2. The HA Configuration Wizard prompts for the following:

  • Enter username, password and Admin IP address of the second server.
  1. Click "Next".
  2. The HA Configuration Wizard window appears with two nodes. Select primary server and click "Next".

  1. The HA Configuration Wizard prompts to create a Virtual Interface.

If "Yes" is selected a new window prompts to enter the details as shown below:

  • 'Name' is the name of the VIP to be displayed in virtual interface tab.
  • 'Virtual Host ID' is the integer between '1' to '255'.
  • Enter any password so that the nodes in this virtual interface group should use to secure their communications.
  • Enter the VIP IP address and subnet mask. This is the IP address that provides the highly-available Ignition Server services (RADIUS and/or SOAP API). This address must be unique. It must not be the address of an Ethernet interface. The virtual IP address must be on the same subnet as the physical interfaces to which it is bound.
  • Bind the port on which VIP binds to the Ignition server. Avaya recommends that end user bind the VIP to the Service Port. They cannot apply a VIP to the HA port. The VIP is intended to serve RADIUS and SOAP API requests only.
  • Select this checkbox to enable the virtual interface.
  • Click "Next"
  1. The HA Configuration Wizard provides a summary and requests confirmation to continue. Click "Next".

  1. Click "Finish". The Configuring HA window appears and starts setup between primary and secondary node.

 

Additional notes
In a typical deployment connect both virtual ports to the same Layer 2 switch as this provides support for High-Availability environments. Make sure that the port network connections comply with the following rules:
  • The two ports must be on the same local network (same broadcast domain) without a Layer 3 switch in between so that they can be joined later to form a VIP.
  • The port subnet must be reachable from authenticators and Ignition Dashboard.
  • The network of the these connection must be a high-throughput, high-reliability, low-latency network as the HA link carries data to be replicated between the Ignition Servers in real time.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255