Skip to content

Configuring High availability with MS SQL Server as the Backend Database

To configure High availability in Securden Unified PAM, you will need two or more application servers and a database server with MS SQL server installed. Securden enables the configuration of multiple application servers for high availability. You can configure any number of application servers as a measure to ensure high availability. In the event of the primary server going down, Users can connect to a secondary server.

To provide high availability for the Database, you need to set up your MS SQL server database with SQL clustering or AlwaysOn High availability groups.

Prerequisites: A primary server with Securden Unified PAM and MS SQL database should be installed and kept running. Refer to our Installation guide to install the application. You can refer to the Optional: Change Backend database to MS SQL server section in the document to set up an MS SQL Server as the backend database.

Summary of Steps

  • Step 1 Setting up a secondary server
  • Step 2 Configuring High Availability in the primary server.
  • Step 3 Downloading and Transferring the high availability package.
  • Step 4 Configuring the Secondary server.
  • Step 5 Verifying the high availability setup

STEP 1: Setting up a Secondary Server

  1. Identify a machine that would act as a secondary server. Consider the current Securden Unified PAM installation as the primary server.
  2. Install Securden Unified PAM on the chosen machine. Refer to the installation guide if you need help with the installation process.

Note

Make sure both the machines are running the same version of Securden Unified PAM. Navigate to User Details (On the top right corner) >> About >> Version to check for the current product version. Contact Securden Support for any assistance.

STEP 2: Configuring HA in the Primary Server

  1. Navigate to Admin>> High Availability in the GUI of Securden Unified PAM in the primary server.
  2. Click the ‘Configure Secondary Application Server’ button and enter the following details regarding the secondary server.
    • Server Identifier - Provide a name that helps identify the secondary application server.
    • Address - hostname/ IP address of the machine where the secondary server instance has been installed.

STEP 3: Downloading and Transferring the Download Package

  1. Once the details of the secondary server have been saved, a pop-up with the title Download and Deploy the High Availability Package will appear in which you will have an option to download the package as a zip file.

You can also download the package from the main High Availability GUI too. Navigate to Admin>>High Availability>> High availability. In this GUI you will have the download option right next to the secondary server in the server list.

  1. Transfer the downloaded zip file to the secondary server.

STEP 4: Configuring the secondary server

  1. Stop the server if it is running. Open windows service manager (run services.msc) and stop Securden PAM Service.
  2. Put the High availability package under the “/bin” directory.
  3. Open Command Prompt with administrator privileges and navigate to the“< Securden Installation folder(Secondary)>/bin” directory. Then execute the following command: ApplyHAPackage.exe-.zip
  4. Securden secondary server shares the same encryption key as the primary server. Ensure the location of securden.key as mentioned in “/conf/securden_key.location” is accessible from the secondary server. (You can open securden_key.location with any text editor)
  5. Start the service again on the secondary server. To start the service, open Windows service manager (run services.msc) and start Securden PAM service. Securden High availability setup is now ready.

STEP 5: Verifying High availability

  1. Navigate to admin>>High availability in the GUI of the primary server.
  2. Check the status column for the secondary server. If the status shows “Running”, It means high availability is available working properly.

Troubleshooting Tips

Issue: The secondary server fails to start after startup.

Solution 1:

Make sure both the machines are running the same version of Securden Unified PAM. Navigate to User Details (On the top right corner) >> About >> Version to check for the current product version. Contact Securden Support for any Assistance.

Solution 2:

Verify the location of the encryption key in the secondary server. Whenever Securden is run, the key should be accessible to the server. Otherwise, the server won’t start. Securden secondary server shares the same encryption key as the primary server. Ensure the location of securden.key as mentioned in “/conf/securden_key.location” is accessible from the secondary server. (You can open securden_key.location with any text editor)

Solution 3:

Database port (1433) of MS SQL and web server port (5959) should be accessible from the secondary server. Run the following telnet commands in your secondary server to verify the connections

Telnet 1433

Telnet 5959

If any of the ports are inaccessible, you can resolve it by creating an inbound firewall rule for that particular port in the primary server or the database server.

To add an inbound rule,

  1. Open “Windows Defender Firewall with Advanced security”
  2. Go to Inbound Rules and select New Rule. Add the following rule.
  3. Rule Type: Port
  4. Protocols and Port: TCP,
  5. Action: Allow the connection
  6. Profile: Domain, Private, Public
  7. Name(Example): TCP5959
  8. Click Finish