Friday, November 22, 2019

How to perform a manual DR Failover


Created Date*
15/06/2018 17:59
Last Modified Date
15/04/2019 09:28
Article Number
000004249
Details

Q:

How do I perform a manual DR Failover?

A:

The ActivateManualFailover parameter was added in v9.6, making manual DR failovers much easier to perform in v9.6 and above.

To perform a manual DR Failover in v9.6 and above:

On the DR Vault Server:
1. Stop the CyberArk Vault Disaster Recovery service (for HA Vaults, use the Cluster management console)
2. Navigate to \Program Files (x86)\PrivateArk\PADR
3. Open and add the following line to the padr.ini:
--- ActivateManualFailover=Yes
4. Start the CyberArk Vault Disaster Recovery service (for HA Vaults, use the Cluster management console)
5. Confirm that failover has occurred by checking the \Program Files (x86)\PrivateArk\PADR\padr.log
--- Note: The following lines will be written to the padr.log when the failover process is triggered and has completed successfully:

[03/05/2018   09:53:24.939546]    ::    ITADB399I Using encryption algorithms: Advanced Encryption Standard (AES), 256 bit, RSA (2048 bit), SHA2-512 (Protocol Integrity), SHA2-512 (Files Integrity).
[03/05/2018   09:53:26.003988]    ::    ITADM114I Successfully connected to Database, Database id 0.
[03/05/2018   09:53:26.021747]    ::    PADR0103I Failover process started.
[03/05/2018   09:53:26.022375]    ::    GetPADRWorkingDirectory returned [C:\Program Files (x86)\PrivateArk\PADR]
[03/05/2018   09:53:26.022417]    ::    GetPADRWorkingDirectory returned [C:\Program Files (x86)\PrivateArk\PADR]
[03/05/2018   09:53:26.029175]    ::    PADR0024I Synchronizing vault data and metadata.
[03/05/2018   09:53:26.186176]    ::    PADR0025I Failover process ended successfully.
[03/05/2018   09:53:26.186216]    ::    PADR0067I Starting Vault service.
[03/05/2018   09:53:30.653166]    ::    PADR0017I Failover completed, PADR service is shutting down.
[03/05/2018   09:53:30.830770]    ::    PADR0022I Disaster Recovery service terminated.

6. If testing component server functionality during the failover test, confirm that the Vault.ini file for each component server contains the IP address of the DR Vault Server, and if the Production Vault is still running, make sure that either:
--- The Vault.ini contains only the IP address of the DR Vault Server
or
--- The IP address of the DR Vault Server is listed first.
----- Note: Modifying the Vault.ini will require restarting the service relevant to the Component Server (CPM, PSM, PVWA, etc.)

When the failover test is complete, confirm that any changes made have been reverted.

To return the DR Vault to a DR ready state without replicating changes made on the DR Vault while it was in a failed-over state: 

1. Stop the Vault Server using the PrivateArk Server Administration Console (For HA Vault, use the Cluster Administrator) and confirm that the Cyberark Event Notification Engine service has been stopped via the services.msc console.
2. Set the “FailoverMode” variable in \Program Files (x86)\Privateark\padr\padr.ini to No. 
3. Delete the following two entries in the padr.ini: NextBinaryLogNumberToStartAt, LastDataReplicationTimestamp 
4. Start “CyberArk Disaster Recovery service” 
5. Check \Program Files (x86)\Privateark\padr\padr.log to make sure replication is successful from Production Vault to DR Vault.

Note: on HA configurations: HA vaults should be restored from failover using solution 3466, "What Are the Steps to Initiate Replication to an HA DR cluster?"


To perform a manual DR Failover in v9.5 and below:


1. Stop the Cyber-Ark Disaster Recovery service (make sure the vault server service is down as well )
2. Verify the DB service is up
3. Open a CMD window and from c:\program files\PrivateArk\Server run the following command:
CAVaultManager SynchronizeDB /Update
4. Start PrivateArkVault Server service

No comments:

Entertainment