Attachmate Worldwide  |   Contact Us  |   NetIQ.com
Home » Support » Solution Library

Technical Notes

Configuring Verastream AADS Failover on UNIX
Technical Note 10048
Last Reviewed 25-Apr-2008
Applies To
Verastream Host Integrator version 5.5 or higher
Summary

This technical note describes how to install and configure multiple Verastream Host Integrator (VHI) Authentication Authorization and Directory Services (AADS) servers to achieve failover support in a UNIX environment.

AADS Failover Environment

The Authentication Authorization and Directory Services (AADS) component of Verastream authorizes client access to Session Servers and provides security and directory services for Verastream installations. AADS tracks servers and domains and is required for Verastream to run.

With an AADS failover configuration, the AADS servers replicate information with each other. If one of the active AADS servers fails or is taken off-line, any other AADS server associated with the Host Integrator installation can provide AADS services, with no loss of data or compromise to security. Thus, a failover configuration provides fault tolerance for production environments.

A typical Verastream production environment has two server systems with both AADS and Session Server components installed.

Figure 1: Typical Verastream production environment Figure 1: Typical Verastream production environment

AADS and Session Server components have separate failover mechanisms. AADS failover is implemented during installation and is described in this technical note. Session Server load balancing (which also provides Session Server failover) is configured after installation and addressed separately in Technical Note 10052.

AADS failover is based on standard IP name resolution functionality, which allows an alias name to be mapped to multiple IP addresses.

Installing Verastream with AADS Failover Support

To configure Verastream for AADS failover support, you need to perform the steps presented in the following sections:

I. Create One Common Name for Your AADS Servers
II. Install the Primary AADS Server and Session Server
III. Install Additional Servers
IV. Add AADS Common Name to Administrative WebStation Login Page

I. Create One Common Name for Your AADS Servers

Create one common (symbolic) name for all of your AADS Servers by editing the DNS or the hosts file on each machine that will have Verastream server and client components installed (including connectors used by client applications). The hosts file is typically located in the /etc directory. Each machine that will have the AADS Server installed should be listed by its unique IP address, but each IP address must be assigned the same common name. For example, in your hosts file or DNS server you might have the following entries:

10.0.0.1 my_aads
10.0.0.2 my_aads
10.0.0.3 my_aads

Each IP address refers to a machine with Verastream AADS Server installed. Whenever AADS services are requested, a request for my_aads is made and the DNS or hosts file returns the list of IP addresses associated with that common name. Connections to the AADS server will attempt to contact the first host on the list. If no response is received, the second AADS server is tried, and so forth.

Note the following:

  • DNS configuration is strongly recommended over editing Hosts files. On some Linux/UNIX systems, name lookup with a Hosts file will not return multiple addresses.
  • It is strongly recommended that you use a consistent order (primary AADS server first, etc.). If you are editing hosts files, the entries should be the same on all systems in the Verastream environment. If you are configuring DNS, the DNS server should not return results in round-robin or random order.

II. Install the Primary AADS Server and Session Server

Follow these steps to install Verastream in a typical production environment (both primary AADS Server and Session Server are installed).

Note: You cannot change your AADS configuration after you install Verastream. Before proceeding, you should be certain of the computer name and AADS common name. Future changes require uninstalling and reinstalling all servers in the Verastream installation environment.

  1. Start the Verastream installation. You must be logged in as root. For more information on running install.sh, refer to the Installation Guide.
  2. After the vhi.tar file is unpacked, you will be prompted to display and accept the license agreement.
  3. When you see the prompt "Is this to be the first AADS in a new installation?," enter yes.
  4. At the prompt AADS name, enter the host name of this system. You will then be prompted to confirm the name.

Note: This is the unique host name, not the common name created in section I above.

  1. After the primary AADS certificate is generated, and the AADS service is started, you will see the prompt "Please enter the name of your existing AADS." Enter the AADS common name you created in section I above. (This is used to install the Session Server component.)
  2. After accepting the AADS certificate fingerprint, you will see the prompt Server name. Enter the host name of this system. You will then be prompted to confirm the name.

Note: This step seems redundant, but it is required to configure and register the Session Server component.

  1. AADS security has not been enabled on the AADS, since it was just installed. When prompted for userid just press Enter.
  2. Complete the installation (starting Session Server).

III. Install Additional Servers

Follow these steps to install each additional AADS Server and Session Server.

Note: You cannot change your AADS configuration after you install Verastream. Before proceeding, you should be certain of the computer name and AADS common name. Future changes require uninstalling and reinstalling all servers in the Verastream installation environment.

  1. Start the Verastream installation. You must be logged in as root. For more information on running install.sh, refer to the Installation Guide.
  2. After the vhi.tar file is unpacked, you will be prompted to display and accept the license agreement.
  3. When you see the prompt "Is this to be the first AADS in a new installation?," enter no.
  4. At the prompt AADS name, enter the host name of this system. You will then be prompted to confirm the name.

Note: This is the unique host name of this additional AADS server, not the primary AADS name or the common name created in section I.

  1. At the prompt "Please enter the name of your existing AADS," enter the AADS common name you created in section I above. This will be used to link the additional AADS server with its peer(s).

Note: If the peer AADS server cannot be contacted, verify that your DNS or hosts file is configured (as described in section I above) and the primary AADS service is running (as described in Technical Note 10054).

  1. After confirming the primary AADS certificate fingerprint, you will see a userid prompt. If security is enabled on the AADS server, enter a user ID and password that belongs to the Administrator profile. Otherwise, just press Enter.
  2. After the additional AADS certificate is generated, and the AADS service is started, you will see the prompt "Please enter the name of your existing AADS." Enter the AADS common name you created in section I above.

Note: This step seems redundant, but it is required to register the Session Server component with the AADS failover support environment.

  1. After confirming the AADS certificate fingerprint, you will see the prompt Server name. Enter the host name of this system. You will then be prompted to confirm the name.

Note: This step seems redundant, but it is required to configure and register the Session Server component.

  1. You will see a userid prompt. If security is enabled on the AADS server, enter a user ID and password that belongs to the Administrator profile. Otherwise just press Enter.
  2. Complete the installation (starting Session Server).

Note: In the future, if you uninstall a Verastream server in your installation environment, first use the unregister_server.sh and unregister_aads.sh scripts while the remaining AADS server(s) are running. Refer to the Installation Guide for additional information.

IV. Add AADS Common Name to Administrative WebStation Login Page

When the installation is complete, prior to logging into the Verastream Administrative WebStation console, follow the steps below to add the directory server.

  1. Because the installer does not start the Administrative WebStation server, you will need to start this service manually (e.g., atstart -start all).
  2. Open a web browser with VHI_Administrative_WebStation_Login.html located in your VHI bin directory (or http://localhost:9642/apptrieve).
  3. In the top toolbar, click the DIRECTORY SERV button.
  4. In the Server Name field of the Set Directory Server panel, enter the AADS common name you created for your AADS installation in section I above, and then click Add Server.
  5. Verify the fingerprint, and then click Submit.
  6. Click Save.

Note: When logging into Administrative WebStation, use the AADS common name for the Directory Server. After logging in, all the Verastream servers in the failover environment will be displayed.

Additional Tips

  • Using AADS common name versus specific server names:

In order for failover AADS to function properly, always use the AADS common name where specifying a Directory Server in Administrative WebStation, Session Monitor, and client applications connecting via a domain.

However, when deploying models (using activatemodel and deactivatemodel commands), use the specific Session Server host names.

  • Updating hosts files throughout your environment:

If you implemented the AADS common name by editing hosts files, remember to update all systems where Verastream server and client components are installed (including connectors used by client applications).

  • Starting your AADS servers:
    • In an AADS failover environment, it is recommended that you stagger startup of the AADS servers (separated by 5 minutes or so) to avoid any possible inter-communication circular wait condition.
    • AADS servers within an installation environment automatically replicate configuration data. If an AADS has been stopped, make sure it is started last during an installation restart to avoid data corruption.
Related Technical Notes
10049 Configuring Verastream AADS Failover in Windows
10052 Configuring Verastream Host Integrator Server Load Balancing
10054 How to Verify Verastream Servers are Running
10060 What is Verastream AADS?
40999 Verastream Host Integrator Technical Notes

Did this technical note answer your question?

Yes    No    Somewhat     Not sure yet

Additional comments about this tech note:

Need further help? For technical support, please contact Support.