Technical Notes

Configuring Replication in Reflection for the Web 9.5 or Higher
Technical Note 2174
Last Reviewed 20-Aug-2008
Applies To
Reflection for the Web 2008 (All Editions)
Reflection for the Web version 9.5 through 9.6
Reflection Administrator version 9.5 or higher
Summary

Beginning in Reflection for the Web 9.5, you can use Reflection management server replication when setting up load balancing. This technical note describes how to configure the Master and Slave servers, and provides the steps for managing the servers' certificates.

Note: For information about load balancing in versions 9.1 or earlier, see Technical Note 1510.

Overview

Server replication enables you to synchronize multiple Reflection management servers by propagating configuration and session changes made on one server to all of the servers in a replication group. Internally, Replication uses a Master and one or more Slave servers. Externally, the replication group appears as a group of synchronized peers.

When configuring replication, you may choose to use HTTP or HTTPS as your server-to-server communication transport. If you choose HTTPS, you must manage the servers' certificates as described in Managing Certificates. If you choose HTTP, you may skip the following section and proceed to Configuring Replication.

Note: In a replication environment, the only security settings that are replicated are those configured on the Tools > Security Setup > Security tab. Settings configured on the Secure Shell, Certificates, Credential Store, and Security Proxy tabs are not replicated.

Managing Certificates

If you select HTTPS as your transport option, replication requires that the Master server have each Slave web servers' certificates installed to the Master's Management Server trusted certificate store, and that each Slave server has the Master web server's certificate installed to the Slave's Management Server trusted certificate store. You can do this one of two ways:

• Import the certificate of the signing authority who issued the individual signed certificates.
• Import the individual server's signed certificates.

Using CA-signed Certificates

If the web servers are using CA-signed certificates (such as from VeriSign or Thawte), the certificates are probably already installed in the Reflection Management Server’s Trusted Certificate Store. You can check this by launching the Administrative WebStation on one of your web servers.

1. Go to Security Setup > Certificates tab.
2. Scroll down to "Administer Reflection Management Server Trusted Certificate List."
3. Click "View or modify certificates trusted by the Reflection management server."
4. Review the certificates listed under Trusted Root Certificate Authorities. Carefully inspect the expiration date and the Issued To and Issued By fields to verify that your certificates are listed.

If you find the certificates in this list, skip the rest of this section and proceed to Configuring Replication.

Importing Server Certificates

If the web server’s certificates are not CA-signed, you will need to import them using the following steps as a guide.

If you have the web servers’ certificates available in file(s), copy the file(s) to the \ReflectionData\certificates folder and then proceed to Step 3—Importing into Reflection.

If you do not have the web servers’ certificates already in file(s), follow the three-step process described below: first, locate the server certificate and import it to your browser’s certificate store, then export the certificate from your browser store to a file, and finally, import the Reflection Master (or Slave) web server certificate into the Reflection Management Server Trusted Certificate Store.

Note: The following steps describe importing a Slave web server certificate to a Master server using Internet Explorer. (You may use another browser to perform the steps, but the dialog boxes and steps may differ slightly.) To import a Master web server certificate to a Slave server, simply reverse the Master/Slave references.

Step 1—Importing Slave Server Certificates

1. Launch Internet Explorer on the Master server.
2. Connect to the Slave web server using HTTPS, for example:

3. To open the Certificate dialog box, either
   1. Click the View Certificate button if a Security Alert dialog box opens.
   2. Or, double-click the lock in the status bar.

4. Click Install Certificate and follow the prompts to install the Slave web server's certificate to the Master server's browser's certificate store.

Step 2—Exporting the Master Server’s Certificate

1. On the Master server's browser, click Tools > Internet Options > Content tab and click Certificate.
2. Locate and select the certificate you just installed and click Export. The Certificate Export Wizard opens.
3. Select the DER encoded binary X.509 option. (Note that Base64 format is also acceptable.)
4. Browse to the certificate folder under \ReflectionData\ and enter a file name. (Note the file name for future use.)
5. Click Save, Next, and then Finish.

Repeat this process for each slave server.

Step 3—Importing into Reflection

1. Launch the Administrative WebStation and go to Security Setup > Certificates tab.
2. Scroll down to "Administer Reflection Management Server Trusted Certificate List." Select "View or modify certificates trusted by the Reflection management server."
3. Click the Import button.
4. Enter the file name you used in Step 2, #4 above.
5. Enter a password if your certificate has one, otherwise leave it blank.
6. Enter a friendly name (a name that will help you identify which server this certificate represents).
7. Click Submit.

Repeat this process for each slave server.

Importing Master Server Certificates

Follow the same process you follow to import Slave server certificates to a Master server, but reverse the Master and Slave designations, for example, launch a browser on the Slave server and connect to the Master server using HTTPS.

Configuring Replication

You must configure the servers for their specific role: Master or Slave.

Warning: Be aware that Master server settings (including sessions, access control setup, and security settings, but excluding certificate stores) overwrite the settings on the server that you configure to be a Slave server.

Configuring replication is a multi-step process during which you must alternate between configuring Master server options and Slave server options. Follow the steps below:

Configuring the Master server:

On the Master server,

1. Click Tools > Settings > Replication tab.
2. For Server Role, select the Master option, and click Save Settings.
3. Configure the Concurrency Lock Timeout; 180 seconds is the default value.
4. To use HTTP for transport, clear the "Use HTTPS for server to server communication" check box.

5. Accept the default passphrase (which appears blank), or enter your own passphrase. Note: The Master and all Slave servers must have identical passphrases.
6. Click one of the Save Settings buttons.

Configuring the Slave server:

On the Slave server,

1. Click Tools > Settings > Replication tab.
2. For Server Role, select the Slave option, and click Save Settings.
3. To use HTTP for transport, clear the "Use HTTPS for server to server communication" check box.

• The transports for the Master and all the Slaves must be the same.
• If HTTPS is selected under "Choose management server access protocol" on the Security Setup > Security tab, then you must use HTTPS in the Replication Transport configuration.

4. Accept the default passphrase (which appears blank), or enter your own passphrase. Note: The Master and all Slave servers must have identical passphrases. If you entered your own passphrase while configuring the Master server, you must enter the same passphrase for all of the Slave servers.
5. Click one of the Save Settings buttons.
6. In the Add Replication Master Server section, enter the Master server host name, host port (80 by default for HTTP; 443 by default for HTTPS) and servlet context (rweb is the default value).
7. Click Add.

8. Click Test to verify that the Slave server can contact the Master server. Check the Test Result column for a Pass value.

Completing the Master server configuration:

On the Master server,

1. In the Add Replication Slave Server section, enter the Slave server host name, host port, and servlet context (rweb is the default value).
2. Click Add to Table.

3. Select the check box for the Slave server you just added.
4. Click Test to verify the connection between the Master and Slave. Check the Test Result column for a Pass value.

Repeat the above four steps to complete the Master server configuration for each Slave server.

For detailed information about what to do if your master server goes down, see Technical Note 2373.

Concurrent Administration

Beginning in version 9.5, concurrent administration can be used with a standalone server and in a replication environment. See Technical Note 2371 for more information.

Upgrading Replication Servers

If you have server replication enabled, you should disable it on every server with replication before you upgrade. Follow these steps:

1. In the Administrative WebStation, under Tools > Settings, click the Replication tab and select the Standalone option. Click Save Settings. Repeat this step for the Master server and all the Slave servers.
2. Upgrade all the servers.
3. Configure the Master server from Standalone back to Master role and define the Slave servers.
4. Configure the Slave servers from Standalone back to Slave role and point them to the Master server.

Related Technical Notes

1510	Overview of Load Balancing in Reflection for the Web
2330	Configuring BEA WebLogic to Work with Reflection for the Web Server Replication
2371	Concurrent Administration and Reflection for the Web
2373	Solutions If Your Master Server Goes Down
9988	Reflection for the Web Technical Notes