Get Started!

XTAM High Availability (HA) option is deployed using two or more XTAM nodes with the same software connected to a single database and balancing HTTP traffic using a Load Balancer or Virtual IP technologies. XTAM HA option allows the system to continue operating in case one of the nodes malfunctions. In addition to that, XTAM HA option when deployed using a load balancer scenario improves overall system performance by splitting the load across multiple nodes.

Xton Access Manager High Availability Option

High Availability Option Concepts

Below is a basic network diagram that should provide a visual to the following content in this article.  It demonstrates a load balanced instance of XTAM, using two XTAM nodes with a replicated database and file share.

XTAM High Availability Two Nodes HA

High availability farm could be deployed to either a series of Unix or Windows servers, using IIS (Windows), Apache (Unix) or any other load balancer software.  For the purpose of this article, we will describe a deployment using Windows servers and IIS for load balancing.

Server 1:  Hosts Database server.  Both XTAM nodes A and B will be configured to use this Databse instance as their database.

Server 2:  Hosts IIS and configured for load balancing.  All user traffic (internal and external) will enter this server and be sent to either XTAM node A or node B.  SSL certificate will be deployed to IIS for security. Read more about advanced network load balancer deployments in Front-End Server Architecture article.

Server 3:  Hosts XTAM node A.

Server 4:  Hosts XTAM node B.

The following describes the basic configuration of each server, not the order of operations in which they should be deployed.  Database server should be setup before XTAM nodes A and B for example.

High Availability Option Setup

1
Database Server

Install or use an existing Database server database.

Both XTAM nodes will be configured with identical database parameters.

2
IIS Load Balancer

Install Windows Server and IIS.  Configure IIS as needed including SSL certificates and bindings.  Once configured, ensure that you can reach IIS from both internal and external locations.

Run XtamSetup.exe and select only the “Load Balancer” option (this does not count towards your number of licensed nodes).  This will install and configure both the ARR and URL Rewrite modules.  The setup process will configure some of the following settings, so if they are already present in IIS, simply double check and move to the next option.

  • Create a new server farm.  Add a server for XTAM node A and XTAM node B using their static IP address and port 8080.
  • Create a new default rewrite URL rule with the following settings
    • Match URL
      • Matches the Pattern, Using Wildcards, Pattern: *
    • Conditions
      • None
    • Server Variables
      • None
    • Action Properties
      • Scheme: http://
      • Server farm: [name of your Server Farm]
      • Path: /{R:0}
  • Configure your Server Farm with Server Affinity set to Client Affinity enabled.
  • Configure your Server Farm Proxy Buffer Settings:
    • Response buffer (KB): 1
    • Response buffer threshold (KB): 0
  • Restart IIS
3
XTAM node A

Install Windows Server and assign a static IP.  Reference this IP when configuring the Server Farm in your IIS load balancing.

Run XtamSetup.exe and choose the following options:

  • Directory Service
  • Application GUI
  • Job Engine
  • Session Manager
  • Federated Sign-In (optional)

When prompted for a database connection, enter the values for your Database server instance.

Configure your AD integration using AD server, user and password.

Complete installation and save your password information to a file.

4
XTAM node B

Install Windows Server and assign a static IP.  Reference this IP when configuring the Server Farm in your IIS load balancing.

Run XtamSetup.exe and choose the following options:

  • Directory Service
  • Application GUI
  • Job Engine
  • Session Manager
  • Federated Sign-In (optional)

When prompted for a database connection, enter the values for your Database server instance.

Configure your AD integration using AD server, user and password.

Complete installation and save your password information to a file.

Update the XTAM master password on node B with the one from node A by issuing the following command from the command line in $XTAM_HOME folder:

bin\PamDirectory SetMasterPassword web "{MASTER PASSWORD FROM NODE A}"
bin/PamDirectory.sh SetMasterPassword web "{MASTER PASSWORD FROM NODE A}"
5
Setup Federated Sign-In Component in Multi-Node configuration

Wehn using Federated Sign-In Component for the user authentication, synchronize this module on both nodes by copying the following parameters from $XTAM_HOME/web/conf/catalina.properties file from XTAM Node A to XTAM Node B and restart management service on the Node B

cas.ticket.registry.jpa.crypto.signing.key=VALUE
cas.ticket.registry.jpa.crypto.encryption.key=VALUE

cas.tgc.crypto.encryption.key=VALUE
cas.tgc.crypto.signing.key=VALUE

cas.webflow.crypto.signing.key=VALUE
cas.webflow.crypto.encryption.key=VALUE
6
Setup Local User Directory Replication

When using XTAM local users and groups, setup up replication between local user directory services on Nodes A and B.

  1. On XTAM Node A, open a command prompt and navigate to the XTAM installation directory
  2. Execute the following command replacing the values with those of XTAM Node B:
    • {ads.remote.server} :  The host name or IP of XTAM Node B (make sure port(s) 10636 and 10389 are open)
    • {ads.remote.password} :  The “Directory Password” of XTAM Node B that was generated during installation
    bin\PamDirectory.cmd ADSReplicate web {ads.remote.server} {ads.remote.password}
    
    bin/PamDirectory.sh ADSReplicate web {ads.remote.server} {ads.remote.password}
    
  3. On XTAM Node B, open a command prompt and navigate to the XTAM installation directory
  4. Execute the following command replacing the values with those of XTAM Node A:
    • {ads.remote.server} :  The host name or IP of XTAM Node A (make sure port(s) 10636 and 10389 are open)
    • {ads.remote.password} :  The “Directory Password” of XTAM Node A that was generated during installation
    bin\PamDirectory.cmd ADSReplicate web {ads.remote.server} {ads.remote.password}
    
    bin/PamDirectory.sh ADSReplicate web {ads.remote.server} {ads.remote.password}
    
  5. Wait a few minutes for the replication to complete and then refresh your browser.
Categories: xton

Mark Klinchin

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

xton

XTAM API Python Example

This article provides a small example of Python script calling XTAM REST API. The example access XTAM REST API to retrieve current user information and XSRF REST API token. Then the example demonstrates the functions Read more…

xton

XTAM Search Query Options

Xton Access Manager (XTAM) can quickly find records that match XTAM search criteria. By default, XTAM search query finds records by record name, description and a host name on a record. However, XTAM also uses Read more…

xton

XTAM API VBScript Example

Below is a small example of calling XTAM API using VBScript. Majority of this example are the functions that parse JSon responses from XTAM API and encode parameters. Scroll down to the section “XTAM API Read more…

Copyright © 2019 Xton Technologies, LLC. All rights reserved.