Hi Jeevan,
The documentation has been updated with simpler and more comprehensive way now. Please refer
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/virtual-appliance/installing-virtual-appliance/deploying-redundant-system-without-starting-any-services.htmlQuoted from the documentation:
"
To deploy the Virtual Appliance without starting any services, you must create dr_enabled file at /opt/CA/VirtualAppliance/custom location and add a single line TRUE to the file.
This functionality is relevant for Disaster Recovery sites, which serve as a "hot-standby" for a primary site, with the following assumptions:
-
All the Virtual Appliance servers are part of the same cluster.
- The dr_enabled files must be created only on the new servers that will be used for disaster recovery, and not on the existing primary server.
- The following components in the Disaster Recovery site are continuously replicated from the primary site:
User Store
Provisioning Directory
Database (external implementation by the customer or Services)
- When dr_enabled is set to TRUE, none of the following database-dependent services will run on the Database Recovery servers, therefore the Database Recovery servers are essentially in a standby mode.
CA Identity Manager
CA Identity Governance
CA Identity Portal
"
So the straight answer to your question is, you should have made the DR vApp part of the cluster. With this configuration the replication of CA Directories (User Store and Provisioning Directory) will be auto-configured and the replication will happened without any manual configuration required.
------------------------------
Regards,
Widjaja
====================
Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.
Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at
enterprisestudio@hcl.com.
https://www.hcltech.com/enterprise-studio------------------------------
Original Message:
Sent: 04-09-2020 05:59 AM
From: jeevanreddy singireddy
Subject: Identity Suite DR_Enabled with External Database
Dear William,
Sorry for the late update and thanks for your update. Still We are trying to configure for DR site in one of our customer place. I hope you have successfully configure this DR site.
So we are facing some issues while doing DR site. So can you please explain brief in this. how we can do this configuration DR site using existing primary database.
And If we install DR Vapp, there also userstore and provstore will be deployed and how the replication(User store and prov store) will happened from Primary to DR?
So please help in this.
Thanks,
Jeevan
Original Message:
Sent: 01-29-2020 09:23 PM
From: William Cheang
Subject: Identity Suite DR_Enabled with External Database
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=140530
I am following below doc for deploying a redundant system for IG and IP Vapps
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-2/virtual-appliance/installing-virtual-appliance/deploying-redundant-system-without-starting-any-services.html
- dr_enabled file is not present on any of the Virtual appliances neither on already existing servers nor newly deployed ones.
- If we have to create this file where do we need to create it, on new servers or existing one
- do we need to perform DR site installation with same database details as the existing one or different DB details(we are using a VIP for DB)
- The document has mentioned that the database used for the disaster recovery site is READ-ONLY but what if we are using the primary site database details during installation.
Release : 14.2
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
1. dr_enabled file is not present on any of the Virtual appliances neither on already existing servers nor newly deployed ones.
>Correct, you need to create the dr_enabled files.
2. If we have to create this file where do we need to create it, on new servers or existing one
>The dr_enabled files needs to be created on the new servers that will be used for disaster recovery.
3. do we need to perform DR site installation with same database details as the existing one or different DB details(we are using a VIP for DB)
>Yes, when installing the DR servers specify the same DB details as the existing, primary one. You want the DR servers to point to the same, existing database.
4. The document has mentioned that the database used for the disaster recovery site is READ-ONLY but what if we are using the primary site database details during installation.
>The document means to say that the DR servers will not be able to write to the database when dr_enabled is set to TRUE.
During the installation of the DR servers it is ok for the new servers to access the primary database.
When DR is enabled (dr_enabled is set to TRUE), none of the DB-dependent services will run on the DR servers, therefore the DR servers are essentially in a standby mode. It is more accurate to say the DB cannot be written to from the DR servers, or the DR servers are in READ-ONLY mode, rather than saying that the DB itself is in READ-ONLY mode.
What are the steps during DR: is it like creating dr_enabled file on primary site with true and deleting this file from the DR site after taking care of DB replication for the redundant site and switch the DB VIP to point to DR site DBs.
During normal operations when the primary servers are working okay, your DR servers can remain online with the dr_enabled file set to TRUE.
When a DR scenario occurs and there is a problem with the primary server(s) you will...
A. Ensure that all primary servers are shut down so that there is no task processing activity on any Primary site server.
B. Switch over to the DR servers by removing the dr_enabled file or editing TRUE to FALSE to allow the DB-related services to startup.
C. Perform any required front end VIP switching over to the DR site.
The use of dr_enabled on DR or Primary servers is discretionary depending on your need for quick switchover from Primary to DR to Primary. The main requirement is that only one site at a time should be processing tasks. All other DR procedures, including the use of dr_enabled, are flexible should be created according to your own needs.
Original Message:
Sent: 01-29-2020 09:22 PM
From: William Cheang
Subject: Identity Suite DR_Enabled with External Database
Hi Jeevan,
If u read the documentation given in this thread, u will understand that, there is no need to create new userstore or provisioning store.
DR_VAPP_node will join to ur existing Production env as a node. the DR node will configured with userstore and provisioning store.
regards,
William
Original Message:
Sent: 01-23-2020 02:59 AM
From: jeevanreddy singireddy
Subject: Identity Suite DR_Enabled with External Database
Dear William,
We are also looking for the proper documentation/ideas about DR installation and configuration. So if we use same production database for DR also, what about user store and provisioning store? We need to create new user store and provisioning store or existing primary store details?
So please help me out here.
Thanks,
Jeevan
Original Message:
Sent: 01-21-2020 07:48 PM
From: William Cheang
Subject: Identity Suite DR_Enabled with External Database
Hi Catherine, i already read the documentation before i post the question.
The documentation did not mention clearly how to handle situation where we are using external database (MS-SQL/Oracle) in DR env.
(i have separate DR database servers and PROD database servers).
Q1. As i understand, on first setup DR, we config DR_Enable=true on DR vir_appliances, then external DB what do we need to configure ?
Q2. If DR appliance to become new "Production" env, then we config DR_Enable=false on DR appliance, then old "Production" do we need to config anything ?
Q3. Let said, DR appliance no longer need to be "Production", we switch back to old "Production".
Then on DR appliance we switch back to DR_Enable=true, then "Production" env, do we need to config anything ?
(including MS-SQL, any configuration to be done?)
Documentation, just mentioned how to turn "on" as DR mode. But there is no further explanation.
regards,
William
Original Message:
Sent: 01-21-2020 10:48 AM
From: Catherine Sullivan
Subject: Identity Suite DR_Enabled with External Database
Are you looking for general recommendations on the process, or are you having some specific problems with it?
Our documentation on this is as follows:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/virtual-appliance/installing-virtual-appliance/deploying-redundant-system-without-starting-any-services.html
------------------------------
------------------------------
And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.
Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
Original Message:
Sent: 01-20-2020 10:32 PM
From: William Cheang
Subject: Identity Suite DR_Enabled with External Database
Hi Team,
Identity Suite 14.3 VAPP
Have anyone try setup DR_Enable with external database(MS-SQL) ?
Can share the experience ?
regards,
William