Symantec Identity Management

Expand all | Collapse all

Identity Suite DR_Enabled with External Database

Jump to Best Answer
  • 1.  Identity Suite DR_Enabled with External Database

    Posted 01-20-2020 10:33 PM
    Hi Team,
    Identity Suite 14.3 VAPP
    Have anyone try setup DR_Enable with external database(MS-SQL) ?
    Can share the experience ?

    regards,
    William


  • 2.  RE: Identity Suite DR_Enabled with External Database

    Posted 01-21-2020 10:48 AM
    Are you looking for general recommendations on the process, or are you having some specific problems with it?

    Our documentation on this is as follows:

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/virtual-appliance/installing-virtual-appliance/deploying-redundant-system-without-starting-any-services.html

    ------------------------------
    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 3.  RE: Identity Suite DR_Enabled with External Database

    Posted 01-21-2020 07:49 PM

    Hi Catherine, i already read the documentation before i post the question.

    The documentation did not mention clearly how to handle situation where we are using external database (MS-SQL/Oracle)  in DR env.
    (i have separate DR database servers and PROD database servers).

    Q1. As i understand, on first setup DR, we config DR_Enable=true on DR vir_appliances, then external DB what do we need to configure ?

    Q2. If DR appliance to become new "Production" env, then we config DR_Enable=false on DR appliance, then old "Production" do we need to config anything ?

    Q3. Let said, DR appliance no longer need to be "Production", we switch back to old "Production".
    Then on DR appliance we switch back to DR_Enable=true, then "Production" env, do we need to config anything ?
    (including MS-SQL, any configuration to be done?)

    Documentation, just mentioned how to turn "on" as DR mode. But there is no further explanation.

    regards,
    William




  • 4.  RE: Identity Suite DR_Enabled with External Database
    Best Answer

    Posted 01-22-2020 11:43 AM
    Please refer to this document for some additional information:
    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=140530

    ------------------------------
    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 5.  RE: Identity Suite DR_Enabled with External Database

    Posted 27 days ago
    Edited by William Cheang 27 days ago
    Hi Catherine,
    Based on this URL(https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=140530), i understand more about DR_enable, thanks.
    Based on what i understand now(with DR env),there is that there is only 1 Database for Prod and it is also share with DR env.

    Let said in Prod env, we have VAPP_Node1, VAPP_Node2 and a external MSSQL db.
    Then in DR env, customer also provide the same set as DR_VAPP_node1, DR_VAPP_Node2 and a external DR_MSSQL db.
    In this case, how should we create the DR env using DR_enable=true ?

    regards,
    William


  • 6.  RE: Identity Suite DR_Enabled with External Database

    Posted 01-23-2020 02:59 AM
    Dear William,

          We are also looking for the proper documentation/ideas about DR installation and configuration. So if we use same production database for DR also, what about user store and provisioning store? We need to create new user store and provisioning store or existing primary store details?

       So please help me out here.

    Thanks,
    Jeevan


  • 7.  RE: Identity Suite DR_Enabled with External Database

    Posted 27 days ago
    Hi Jeevan,
    If u read the documentation given in this thread, u will understand that, there is no need to create new userstore or provisioning store.
    DR_VAPP_node will join to ur existing Production env as a node. the DR node will configured with userstore and provisioning store.

    regards,
    William


  • 8.  RE: Identity Suite DR_Enabled with External Database

    Posted 27 days ago
    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=140530

    I am following below doc for deploying a redundant system for IG and IP Vapps

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-2/virtual-appliance/installing-virtual-appliance/deploying-redundant-system-without-starting-any-services.html

     

    1. dr_enabled file is not present on any of the Virtual appliances neither on already existing servers nor newly deployed ones.
    2. If we have to create this file where do we need to create it, on new servers or existing one
    3. do we need to perform DR site installation with same database details as the existing one or different DB details(we are using a VIP for DB)
    4. The document has mentioned that the database used for the disaster recovery site is READ-ONLY but what if we are using the primary site database details during installation.

     

     

    Release : 14.2

    Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

    1. dr_enabled file is not present on any of the Virtual appliances neither on already existing servers nor newly deployed ones.


    >Correct, you need to create the dr_enabled files.



    2. If we have to create this file where do we need to create it, on new servers or existing one


    >The dr_enabled files needs to be created on the new servers that will be used for disaster recovery.



    3. do we need to perform DR site installation with same database details as the existing one or different DB details(we are using a VIP for DB)


    >Yes, when installing the DR servers specify the same DB details as the existing, primary one. You want the DR servers to point to the same, existing database.

     

    4. The document has mentioned that the database used for the disaster recovery site is READ-ONLY but what if we are using the primary site database details during installation.


    >The document means to say that the DR servers will not be able to write to the database when dr_enabled is set to TRUE.

     

    During the installation of the DR servers it is ok for the new servers to access the primary database.

     

    When DR is enabled (dr_enabled is set to TRUE), none of the DB-dependent services will run on the DR servers, therefore the DR servers are essentially in a standby mode. It is more accurate to say the DB cannot be written to from the DR servers, or the DR servers are in READ-ONLY mode, rather than saying that the DB itself is in READ-ONLY mode.

    What are the steps during DR: is it like creating dr_enabled file on primary site with true and deleting this file from the DR site after taking care of DB replication for the redundant site and switch the DB VIP to point to DR site DBs.

    During normal operations when the primary servers are working okay, your DR servers can remain online with the dr_enabled file set to TRUE.

    When a DR scenario occurs and there is a problem with the primary server(s) you will...

    A. Ensure that all primary servers are shut down so that there is no task processing activity on any Primary site server. 

    B. Switch over to the DR servers by removing the dr_enabled file or editing TRUE to FALSE to allow the DB-related services to startup.

    C. Perform any required front end VIP switching over to the DR site.

    The use of dr_enabled on DR or Primary servers is discretionary depending on your need for quick switchover from Primary to DR to Primary. The main requirement is that only one site at a time should be processing tasks. All other DR procedures, including the use of dr_enabled, are flexible should be created according to your own needs.