cancel
Showing results for 
Search instead for 
Did you mean: 
pratikmehta003
Level 16

Re: Multi-Subnet Failover (WAN/DR) Deployment

aLTeReGo

One quick query i have... if there is HA setup and i have the integration to Service Now where in i am actually using a Powershell script in the alert trigger action,to send the details to SNOW. Now, when the instance gets failed over to Secondary, will my trigger actions and alerting be in-tact?

This question could also apply when i have integration SNOW without powershell script..

This might be a very stupid question but just want to ensure i am not missing anything critical...

0 Kudos
aLTeReGo
Level 21

Re: Multi-Subnet Failover (WAN/DR) Deployment

Yes, the state of the Alerts, as well as their escalations (if any) are preserved when failovers occur. This means that the alerts will not reset or retrigger unless you've explicitly defined them to through alert escalation. Alert Acknowledgement state is also perfectly preserved throughout the failover/failback process.

0 Kudos
pratikmehta003
Level 16

Re: Multi-Subnet Failover (WAN/DR) Deployment

Great... Thanks a lot for confirming

0 Kudos
ryan.davis26
Level 12

Re: Multi-Subnet Failover (WAN/DR) Deployment

Can you speak to how DNS Servers should be considered as a part of the HA configuration?

I'm talking specifically to the fact that the wizard only allows one dns server be specified per pool.

Our current HA implementation is made up of 3 pools across 3 data centers.  Each active has a standby in an alternate data center.  (only 2 data centers are considered absolutely critical)

There are 8 DNS servers in our environment spread across the 3 data centers. 

Quite simply, which DNS server to we use to configure in the HA wizard?

Do we configure the DNS server thats "opposite" to the active server in the pool?

Highlighted
aLTeReGo
Level 21

Re: Multi-Subnet Failover (WAN/DR) Deployment

ryan.davis26  wrote:

Quite simply, which DNS server to we use to configure in the HA wizard?

Provided the DNS servers are replicating, or are in an HA configuration of sorts, deciding which DNS server to update shouldn't matter. As a general rule, I prefer to update the closest/local DNS server to the pool, but that' not a hard & fast requirement.

Do we configure the DNS server thats "opposite" to the active server in the pool?

You could certainly do that, yes. Alternatively, you can update multiple DNS servers if so desired. While this should not be necessary given that DNS has its own redundancy options, it is in fact possible to do. Below is a link to an example PowerShell Script Microsoft has posted which can be executed as an Alert Action when a failover occurs, similar to our OOTB alert to update the HA virtual hostname on Amazon Route53.

https://gallery.technet.microsoft.com/scriptcenter/Update-DNS-records-with-da10910d

The script utilizes the DNSCMD.EXE command line utility which is built into every windows server. If it’s not already installed, you can add it from the “Server Manager” list, select Features > Add Features > Remote Server Administration Tools > Role Administration Tools > DNS Server Tools.

DNSCMD.jpg

pratikmehta003
Level 16

Re: Multi-Subnet Failover (WAN/DR) Deployment

aLTeReGo

Need your input on below points if possible:

1. Do we need to make any specific configuration at device end like SNMP, WMI, ICMP etc for Virtual Hostname? I have devices including SAN switches, ESX hosts/Vcenter, Windows ad Linux servers.

2. I also see below text in HA documentation about local admin. May i know this is for which account?

"We recommend a local administrator account configured for WMI access. For non-local administrator accounts, we recommend an administrator account with full DACL and remote WMI management enabled."

And with respect to 2nd point i found below reference link in success center so does this mean i need admin creds of the DNS server? If yes then this is only required while configuring the HA pool and not anytime after that, correct? In case the creds are changed by them do we need to re-configure in Solarwinds?

OR it is safe to create another account which should have rights as mentioned in this link?

https://support.solarwinds.com/Success_Center/Orion_Platform/Required_DNS_Permissions_to_set_up_a_Hi...

0 Kudos
aLTeReGo
Level 21

Re: Multi-Subnet Failover (WAN/DR) Deployment

pratikmehta003 

Need your input on below points if possible:

1. Do we need to make any specific configuration at device end like SNMP, WMI, ICMP etc for Virtual Hostname? I have devices including SAN switches, ESX hosts/Vcenter, Windows ad Linux servers.

I can't speak to your particular environment. If you have locked down devices with access control lists, firewalls, or local security policies to only communicate with the IP address of one Orion server, you will need to add the IP address of the secondary server also. That will ensure that when failovers occur, the secondary server can still connect to and communicate with those monitored devices. Similarly, if you have devices configured to send syslog, SNMP traps, or Netflow to your Orion server, you will want to configure those devices to send to both the primary and secondary servers by their IP address. Alternatively, if DNS has been configured on your devices you can configure those devices to send to the virtual hostname, though most customers prefer to device multiple export destinations on their devices. One for the primary, and the other for the secondary Orion server in the pool.

pratikmehta003  wrote:

2. I also see below text in HA documentation about local admin. May i know this is for which account?

"We recommend a local administrator account configured for WMI access. For non-local administrator accounts, we recommend an administrator account with full DACL and remote WMI management enabled."

And with respect to 2nd point i found below reference link in success center so does this mean i need admin creds of the DNS server? If yes then this is only required while configuring the HA pool and not anytime after that, correct? In case the creds are changed by them do we need to re-configure in Solarwinds?

OR it is safe to create another account which should have rights as mentioned in this link?

https://support.solarwinds.com/Success_Center/Orion_Platform/Required_DNS_Permissions_to_set_up_a_Hi...

If you're using a virtual hostname with Microsoft DNS, the virtual hostname entry is updated whenever a failover occurs via WMI. By default, only local or domain Administrators are allowed to communicate with a machine remotely via WMI. This is usually the easiest option. Alternatively, you can create a least privilege user account following the steps outlined in the KB article you reference above, which will walk you through assigning the minimum permissions required to update the virtual hostname.

0 Kudos
pratikmehta003
Level 16

Re: Multi-Subnet Failover (WAN/DR) Deployment

Yes i agree on 1st point that it will depend on the environment. I will make sure that necessary pointers are made for Virtual hostname.

On the second point, let me see if i can get the admin creds from customer. Currently my id is part of admin grp but i dont think it will have necessary role to update DNS.

If i cannot get admin then i will go for the second suggestion you mentioned.

Thanks again for prompt response :-)

0 Kudos
pratikmehta003
Level 16

Re: Multi-Subnet Failover (WAN/DR) Deployment

aLTeReGo​ Another silly query i have, but setting up HA first time so wanted to ensure everything is correct..

I installed primary server and now for secondary do i need to download the installer from customer portal under HA? or i can go with evaluation version first-> download it and then apply all licenses later?

0 Kudos
aLTeReGo
Level 21

Re: Multi-Subnet Failover (WAN/DR) Deployment

It shouldn't matter where you obtain the Scalability Engines Installer. Whether you download it from within the Orion web interface or from the Customer Portal, either should work equally well. I will say that depending upon which hotfix version you have applied to your Orion server, the one in the Customer Portal may be a later version than the one in the Orion web interface.

0 Kudos