WAN Link Scenario
Before you implement the WAN Link scenario, make sure you have set up replication as described earlier in this document.
Each InTrust server must have a fast and reliable connection with the SQL server where the InTrust configuration database resides. This solution lets you work with geographically dispersed InTrust Servers that are connected over a slow WAN link.
The configuration shown below has two InTrust Servers and two identical SQL Server computers with replicas of the InTrust configuration database that are synchronized to maintain consistency.
Making InTrust Work with the Replicated Database
Install new InTrust Servers in the usual way. When prompted for location and name of the configuration database to use, specify the Subscriber SQL server and the name of the new (replicated) database. You may receive some errors such as:
Cannot update the InTrust configuration database. Reason: GETMAXVERSION: The parameter 'lineage' is not valid. The statement has been terminated. The statement has been terminated.
These errors are safe to ignore. Click Ignore and continue with the setup procedure.
Upgrading InTrust Servers in WAN Link Scenario
Upgrading InTrust organizations with the WAN link scenario implemented is specifically described in the Upgrade Guide.
SQL Server Failover Scenario
Before you implement the scenario, make sure you have made the configuration changes described in Setting Up Replication.
A common and often inexpensive approach to recovery after failure is to maintain a standby system to assume the production workload if a production system failure occurs. A typical configuration has one InTrust server and two identical SQL server computers with a copy of the InTrust configuration database. If the InTrust configuration database becomes unavailable, the InTrust server can switch to the other SQL server, as shown in the picture below:
InTrust provides the Configuration DB is down rule, which is matched when the InTrust configuration database becomes unavailable to the InTrust server. This is indicated by Event ID 6565 in the InTrust Server log. The rule has the Switch Configuration DB response action, which puts a script into a temporary folder and runs it. The script switches the InTrust server to a replica of the configuration database and restarts InTrust.
- For the response action to work correctly, the database name and access credentials must be the same for both the main and the backup configuration database.
- The rule, response action and script files used in the following procedure are located in the Scripts\Database Replication folder in your InTrust distribution
Preparing InTrust for a Failover Scenario
- Run InTrust Manager.
- Import the Configuration DB is down rule under Real-Time Monitoring | Rules | InTrust Internal Events | InTrust Server Failover.
- Import the Switch Configuration DB response action under Configuration | Advanced | Scripts using the InTrustPDOImport.exe command-line utility, which is available in the ADC Server Resource Kit, in the <InTrust_installation_folder>\InTrust\Server\ADC\SupportTools folder.
- Select a site from the list of existing InTrust sites—or create a new one—which is populated with the InTrust servers of your InTrust organization.
- Create a monitoring policy that includes the InTrust site that was specified on the previous step and the Configuration DB is down rule.
- Right-click the Configuration DB is down rule and select Properties.
- Click the Response Actions tab and make sure that the Execute script option is selected. Check that the following script parameters are specified correctly; otherwise, the default values will be applied:
- Backup configuration DB Server
Specify the <SQL server name>\<instance name> that hosts the backup configuration database. For example, "sqlserver02.domain.corp".
- Main Configuration DB Server
Specify the <SQL server name>\<instance name> that hosts the main configuration database. For example, "sqlserver01.domain.corp".
- Switch Once
This parameter can be set to "No" or "Yes". If InTrust is already working with a backup configuration database and the database has failed, "No" means that it will switch back to the main configuration database, and "Yes" means that it will not switch.
SQL Server Failover for Multiple InTrust Servers
If multiple InTrust servers share a configuration database (or a replica of a configuration database), then a few additional steps are necessary to make them switch to a standby configuration database. You can do this in one of two ways:
- Duplicate the failover configuration for each server
- Use a shared failover configuration
Duplicating the Configuration
Perform steps 1 to 3 from the Preparing InTrust for a Failover Scenario topic.
Then, for each of the InTrust servers, do the following:
- Create a site that is owned by the InTrust server, and include the server itself in this site. Name the site so that it indicates the InTrust server that uses it.
- Make a copy of the Configuration DB is down rule, and append the name of the InTrust server to its name, so that you can easily tell the similar rules apart.
- Create a monitoring policy that includes the InTrust site from step 1 and the rule from step 2. Give the policy a matching name.
- In the properties of the duplicated rule, configure the response action as explained in the Preparing InTrust for a Failover Scenario topic.
When you have done this for all InTrust servers that participate in the failover configuration, commit your changes. Now, if the main configuration database goes offline, each of the servers will independently switch to the standby database.
Using a Shared Configuration
A shared configuration is slightly easier to set up and modify.
Perform steps 1 to 3 from the Preparing InTrust for a Failover Scenario topic, and then do the following:
- Create a site that includes all of the InTrust servers you need.
- Right-click the site and select Install Agents. Note that this does not install any additional software on the InTrust servers—it just enables the hidden agent-specific functionality that is not normally used on a server.
- Create a monitoring policy that includes the new InTrust site and the Configuration DB is down rule.
- In the properties of the rule, configure the parameters of the response action as explained in the Preparing InTrust for a Failover Scenario topic.
- In the properties of the response action, on the General tab, select the Agent option.
- Commit your changes.
Now, if the main configuration database goes offline, each of the servers will independently switch to the standby database.