cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Product Manager
Product Manager

Multi-Subnet Failover (WAN/DR) Deployment

High Availability 2.0 provides the first peek into supporting redundancy for Orion across subnets. This was previously referred to WAN deployment or Disaster Recovery with the Failover Engine, but under High Availability we refer to this simply as a multi-subnet failover configuration. In other words, this provides the same automated, near instantaneous, failover and recovery mechanisms as High Availability does in its first release, but extends that functionality to support pollers spread across different subnets. Those could be different sites, a dedicated disaster recovery location, or possibly even the cloud.

HIGH AVAILABILITY REQUIREMENTS

  • High Availability 2.0 Installer (Built-in and located under [Settings -> All Settings -> High Availability Deployment Summary -> Setup A New HA Server -> Get Started Setting Up a Server -> Download Installer Now]
    • High Availability 2.0  Can be used only with product modules running with Orion Core 2017.3
  • Two servers running Windows Server 2012 or later
    • Both primary and secondary servers must reside on different subnets for multi-subnet failover
      • Primary and secondary servers which reside on the same subnet can be used for same-subnet failover using a traditional VIP
    • Windows or BIND DNS Server credentials for configuring the virtual hostname
    • Windows Server OS version, edition, or bitness need not match between primary and secondary servers.
    • Primary and secondary servers may be optionally joined to a Windows domain
    • High Availability supports the following configurations of primary and secondary servers.
      • Physical to Physical
      • Physical to Virtual
      • Virtual to Virtual
      • Virtual to Physical
  • A separate server running SQL 2012 or later.
    • This server does not need to reside on the same subnet as either the primary and secondary Orion server
    • Any Microsoft SQL edition may be used, including SQL Express
    • Bonus points for utilizing a SQL Cluster

pastedImage_4.png

PRIMARY SERVER INSTALL

When installing the Primary Orion server you will follow the normal 'Advanced' installation process that you would for any other Orion product. Ensure not to select the 'Express' install option during installation, as a separate server running Microsoft SQL 2012 or later is required. When the Configuration Wizard runs you will be prompted to provide the Username, Password, and IP address of the SQL server you will be using for the installation.

SECONDARY SERVER INSTALL

Once the primary server is up and running using the NPM 12.2 installer, you will need to perform a similar installation on the secondary server using the separate High Availability installer which can be downloaded from within the Orion web interface under [Settings -> All Settings -> High Availability Deployment Summary -> Setup A New HA Server -> Get Started Setting Up a Server -> Download Installer Now].

Download the High Availability Secondary Server Installer

All Settings.png
High Availability Settings.png
High Availability Deployment Summary.png
pastedImage_7.png
Evaluate High Availability.png
pastedImage_9.png

Next, execute the installation by double clicking on the "SolarWinds-Orion-Installer.exe" downloaded or copied to the secondary server.  Enter the IP address of fully qualified domain name (FQDN) of your main Orion server, along with 'Admin' or equivalent credentials used to log into the Orion web interface and click 'Next'. On the following step of the Wizard, select the additional server role you wish to install. Since this will be a High Availability Backup for the main Orion server, select 'Backup Server for Main Server Protection' and click 'Next'.

Enter IP of Main Orion Server & Provide 'Admin' Credentials

Select Server Role to Install

pastedImage_0.pngpastedImage_1.png

Once the Installation completes the Configuration Wizard will be started. When prompted to provide information regarding the SQL server database, ensure you utilize the same SQL instance and SQL database that was chosen for the primary Orion server.

The following video, while arguably boring to watch, demonstrates the secondary server installation process.

CLUSTER POOL CREATION

As soon as both the primary and secondary servers are installed, return to the Orion web interface under [Settings -> All Settings -> High Availability Deployment Summary]. There you will be able to join the two servers into a multi-subnet failover pool.

Click 'Set up High Availability Pool"
Setup High Availability Pool.png
Enter a Virtual Hostname and click 'Next'
Pool Properties.png
Select your DNS Server Type
DNS Settings.png
Microsoft DNS

Enter the IP Address of your DNS Server, the DNS Zone (E.G. solarwinds.com) and administrative credentials to the DNS server to create the shared virtual hostname

Microsoft DNS.png

BIND DNS

If you are running BIND DNS, enter the IP address of your BIND DNS server, the DNS Zone, your TSIG secret key name, and the TSIG shared secret key value.

BIND.png

Summary

Once complete, review the summary and click "Create Pool"

Summary.png

Success

When done, you will have pooled two Orion servers together across multiple subnets into a redundant, high availability pool

Setup Complete.png

The following short video walks through this process in under a minute.

110 Replies
Level 16

aLTeReGo​ Another silly query i have, but setting up HA first time so wanted to ensure everything is correct..

I installed primary server and now for secondary do i need to download the installer from customer portal under HA? or i can go with evaluation version first-> download it and then apply all licenses later?

0 Kudos

It shouldn't matter where you obtain the Scalability Engines Installer. Whether you download it from within the Orion web interface or from the Customer Portal, either should work equally well. I will say that depending upon which hotfix version you have applied to your Orion server, the one in the Customer Portal may be a later version than the one in the Orion web interface.

0 Kudos

I missed to ask one point..

Once i am ready with Primary setup with hotfixes, i will download the installer from console or portal and follow the steps.

But do i need to separately apply the hotfix on the pool member(in this case its my backup server for primary) before i add them to the pool?

0 Kudos

HotFixes are applied to all scalability engines (HA Backups, Additional Polling Engines, and Additional Web Servers) the same way you install and upgrade them. This is all handled through the Scalability Engines Installer that can be downloaded through the Orion web interface or your Customer Portal. Once you've applied the hotfixes to your Primary/Main Orion server, simply run the Scalability Engines Installer on your HA/APE/AWS servers. The hotfixes will be downloaded from the Primary/Main Orion server and applied to your scalability engine.

Perfect, that makes it clear....

0 Kudos
Level 16

aLTeReGo

Need your input on below points if possible:

1. Do we need to make any specific configuration at device end like SNMP, WMI, ICMP etc for Virtual Hostname? I have devices including SAN switches, ESX hosts/Vcenter, Windows ad Linux servers.

2. I also see below text in HA documentation about local admin. May i know this is for which account?

"We recommend a local administrator account configured for WMI access. For non-local administrator accounts, we recommend an administrator account with full DACL and remote WMI management enabled."

And with respect to 2nd point i found below reference link in success center so does this mean i need admin creds of the DNS server? If yes then this is only required while configuring the HA pool and not anytime after that, correct? In case the creds are changed by them do we need to re-configure in Solarwinds?

OR it is safe to create another account which should have rights as mentioned in this link?

https://support.solarwinds.com/Success_Center/Orion_Platform/Required_DNS_Permissions_to_set_up_a_Hi...

0 Kudos

pratikmehta003 

Need your input on below points if possible:

1. Do we need to make any specific configuration at device end like SNMP, WMI, ICMP etc for Virtual Hostname? I have devices including SAN switches, ESX hosts/Vcenter, Windows ad Linux servers.

I can't speak to your particular environment. If you have locked down devices with access control lists, firewalls, or local security policies to only communicate with the IP address of one Orion server, you will need to add the IP address of the secondary server also. That will ensure that when failovers occur, the secondary server can still connect to and communicate with those monitored devices. Similarly, if you have devices configured to send syslog, SNMP traps, or Netflow to your Orion server, you will want to configure those devices to send to both the primary and secondary servers by their IP address. Alternatively, if DNS has been configured on your devices you can configure those devices to send to the virtual hostname, though most customers prefer to device multiple export destinations on their devices. One for the primary, and the other for the secondary Orion server in the pool.

pratikmehta003  wrote:

2. I also see below text in HA documentation about local admin. May i know this is for which account?

"We recommend a local administrator account configured for WMI access. For non-local administrator accounts, we recommend an administrator account with full DACL and remote WMI management enabled."

And with respect to 2nd point i found below reference link in success center so does this mean i need admin creds of the DNS server? If yes then this is only required while configuring the HA pool and not anytime after that, correct? In case the creds are changed by them do we need to re-configure in Solarwinds?

OR it is safe to create another account which should have rights as mentioned in this link?

https://support.solarwinds.com/Success_Center/Orion_Platform/Required_DNS_Permissions_to_set_up_a_Hi...

If you're using a virtual hostname with Microsoft DNS, the virtual hostname entry is updated whenever a failover occurs via WMI. By default, only local or domain Administrators are allowed to communicate with a machine remotely via WMI. This is usually the easiest option. Alternatively, you can create a least privilege user account following the steps outlined in the KB article you reference above, which will walk you through assigning the minimum permissions required to update the virtual hostname.

0 Kudos

Yes i agree on 1st point that it will depend on the environment. I will make sure that necessary pointers are made for Virtual hostname.

On the second point, let me see if i can get the admin creds from customer. Currently my id is part of admin grp but i dont think it will have necessary role to update DNS.

If i cannot get admin then i will go for the second suggestion you mentioned.

Thanks again for prompt response 🙂

0 Kudos
Level 12

Can you speak to how DNS Servers should be considered as a part of the HA configuration?

I'm talking specifically to the fact that the wizard only allows one dns server be specified per pool.

Our current HA implementation is made up of 3 pools across 3 data centers.  Each active has a standby in an alternate data center.  (only 2 data centers are considered absolutely critical)

There are 8 DNS servers in our environment spread across the 3 data centers. 

Quite simply, which DNS server to we use to configure in the HA wizard?

Do we configure the DNS server thats "opposite" to the active server in the pool?

ryan.davis26  wrote:

Quite simply, which DNS server to we use to configure in the HA wizard?

Provided the DNS servers are replicating, or are in an HA configuration of sorts, deciding which DNS server to update shouldn't matter. As a general rule, I prefer to update the closest/local DNS server to the pool, but that' not a hard & fast requirement.

Do we configure the DNS server thats "opposite" to the active server in the pool?

You could certainly do that, yes. Alternatively, you can update multiple DNS servers if so desired. While this should not be necessary given that DNS has its own redundancy options, it is in fact possible to do. Below is a link to an example PowerShell Script Microsoft has posted which can be executed as an Alert Action when a failover occurs, similar to our OOTB alert to update the HA virtual hostname on Amazon Route53.

https://gallery.technet.microsoft.com/scriptcenter/Update-DNS-records-with-da10910d

The script utilizes the DNSCMD.EXE command line utility which is built into every windows server. If it’s not already installed, you can add it from the “Server Manager” list, select Features > Add Features > Remote Server Administration Tools > Role Administration Tools > DNS Server Tools.

DNSCMD.jpg

Level 12

Running into an issue configuring the permissions for DNS; wondering if you would be able to speak a little more to the permissions required, as I am not a DNS expert.  Our team did provide admin access to the individual A records that they created but that does not appear to be sufficient.  Thank you.

0 Kudos

You can follow the instructions outlined in the following KB article to grant a least privileged user account permissions to update the DNS record. This KB article references IPAM, but the steps are identical for HA.

Grant non-domain administrator account rights for IPAM DNS Monitoring - SolarWinds Worldwide, LLC. H...

0 Kudos

Awesome, thanks for the help.  Will check that out.  I presume then there is no technical reason a "least privileged user account" shouldn't work with Orion HA?

0 Kudos
Level 12

Can you help me understand the "Virtual hostname"?  Is that only known internally to solarwinds or is that the actual name of the record in DNS?

0 Kudos

The virtual hostname is optional. It is a DNS name which is dynamically updated which is typically used for accessing the Orion web interface. it ensures that users are always directed to the 'active' member in the pool.

So, thinking about this a little more, doesn't that make it a requirement?  If the virtual hostname is the record in DNS, doesn't that mean traps have to point to that record as well to avoid trap disruption in a failover?

0 Kudos

For some customers prefer not to deal with DNS for one reason or another. They instead frontend the Orion server with a network load balancer like an F5. For Syslog and Traps, they configure their devices to send to both members of the pool. So in those cases, a virtual hostname is completely optional.

0 Kudos

aLTeReGo

Are there any use cases available of folks using F5 load balancer for Solarwinds HA? And does this require Solarwinds to be Active- Active mode?

0 Kudos

Many Orion HA customers utilize Load Balancers in lieu of a virtual hostname. HA is still active/passive. The Load Balancer simply watches to see which server is 'alive' (usually through health checks) and directs traffic to the active member.

0 Kudos

So if F5 is used then do we still need HA configuration to be done at

application level?

On Fri, Jun 29, 2018, 12:42 AM aLTeReGo

0 Kudos

Absolutely! HA is the heart of what makes the redundancy possible. The virtual hostname and/or VIP are simply convenience features for those customers who don't own or don't have access to a load balancer in their environment. Redirection is only a very small part of what HA provides.