As of version 5.2, Audit Server has the ability to be configured as a "hot-spare" backup to a functioning Audit Server. This function is ideal for use in Disaster Recovery sites or for providing
redundancy in normal operation.
How it works
To configure Audit Server replication, a functioning Audit Server on the network is chosen as the Primary Audit Server. This server is considered to be running in Normal Mode.
You may then designate one or more other Audit Servers to act as Secondary Server(s) to the Primary by configuring the Standby Mode options and enabling Standby Mode.
While in Standby Mode, Audit Server will continually replicate all of its settings and data from the Primary Audit Server on the schedule you specify.
This results in the Secondary Audit Server being ready to take over audit duties should the Primary become unavailable.
If the Primary is offline, the Secondary Audit Server can be brought online by disabling Standby Mode, either manually or automatically (see below).
When a machine is brought out of Standby Mode, it will immediately begin auditing using the Primary's list of audited machines on the Primary's schedule. If the Primary machine is online
(or comes back online) while the Secondary is in Normal Mode, both the original Primary and the Secondary machines will be auditing the same set of machines simultaneously.
This can result in collected audit data (such as drift logs) being split unpredictably between machines. To avoid this, take care to be running only one Audit Server in Normal mode at a time.
When you set a machine in Normal mode to Standby mode, replication of all data from the Primary begins immediately. This will result in irretreivable data loss of any previously collected data on the Audit Server entering Standby mode.
! ! ! All data and configuration changes on the Secondary will be overwritten ! ! ! by the Primary's data when the Secondary enters Standby Mode.
BE SURE TO BACKUP ALL COLLECTED DATA ON THE SECONDARY MACHINE TO ARCHIVAL STORAGE BEFORE (RE)ENABLING STANDBY MODE
Network port: For replication to occur, you will need to allow traffic over the DT Alert Sharing port (default 9910 TCP) to pass any intervening routers/switches/firewalls.
You may enable and configure the port by changing the values on the Advanced Real-Time Alert Configuration dialog.
Specify the name or address of the Audit Server that will be the Primary.
Replicate every minutes (range 1-99999)
Indicate how often you want the Secondary to replicate data from the Primary.
Keep old files and reports, even if they no longer exist on the primary
This setting keeps all files replicated from the Primary, even if they are later removed from the Primary. This option maintains the most data, but may result in disk space issues,
since data will continue to accumulate.
Delete files and reports that have been expired or deleted on the primary
This setting seeks to make the Secondary match the Primary as closely as possible, including replicating file deletions.
Automatically resume Normal Mode after: sequential replication failures
This option allows the Secondary Audit Server to automatically switch to Normal Mode if the designated Primary Server is unreachable for a certain number of replication attempts, thereby
providing auto-failover capability. If this option is unchecked, you must manually disable Standby Mode to change to Normal Mode.
Any inability to replicate with the Primary will be considered a failed replication attempt regardless of the actual cause. Network problems, credentials issues, DNS lookup
failures, etc. can all result in failed replications, even though the Primary machine may not actually be down.
If you enable this option, you should be prepared for the possibility that the Secondary Audit Server may come online and begin auditing under those circumstances.
There is no ability to automatically "fail-back" when the Primary comes back online. You should try to avoid running both the Primary and Secondary systems in Normal Mode simultaneously
(see the Important note above).
Audit Server in Standby Mode needs administrative rights to be able to replicate settings and data from the Primary Audit Server. Enter the necessary information in this section of the dialog.
Typically, you will need to use an account with administrative access to the remote systems.
Click the Test button to verify that your credentials are correct and that replication can proceed.