The High Availability or Endpoint recovery configuration feature in the Admin Server - Source Server Explore view (Admin > Services > select the Source Server > View > Explore > endpoint/recovery) allows administrators to map the service ID of an Endpoint server with the recovery Endpoint service ID as part of recovery configuration.
Note: Map the service IDs of multiple Endpoint servers in the form of comma separated Key Value pairs. You must enter ‘:’ in between the Key Value pairs. The Key refers to the service ID of the unavailable Endpoint server and the Value refers to the service ID of the recovery Endpoint server.
For Example: <Unresponsive EPS ServiceId-1>: <Recovery EPS ServiceId-2>, < Unresponsive EPS ServiceId-3>: < Recovery EPS ServiceId-4>
To configure the Endpoint Recovery
-
Go to Admin > Services.
The Services view is displayed.
-
Select the Source Server. Go to View > Explore.
The Explore view is displayed.
-
Click endpoint/recovery.
-
Enter the service IDs of the Endpoint servers in failover-service-id-mapping field.
Endpoint Recovery Use Case Example
The following use case provides an example of an Endpoint administrator using the High Availability feature in the NetWitness Platform to configure the Endpoint recovery.
Use Case: Endpoint Server EPS 1 turns unresponsive
Administrator Steven finds that an Endpoint server EPS 1 in the environment is not responding from a long time and the communication between the agents and the Endpoint server EPS 1 is failing. Steven navigates to the Admin Server - Source Server Explore view and selects endpoint/recovery configuration. As part of the Endpoint recovery configuration, Steven maps the service ID of EPS1 with the service ID of an active Endpoint server EPS 2.
Pre-requisites for Endpoint Recovery Configuration
Make sure the following pre-requisites are met before you perform Endpoint Recovery Configuration.
-
Before you install the recovery Endpoint server EPS 2 and perform Endpoint recovery configuration, make sure you copy the nwerootca-key.pem and nwerootca-cert.pem certificate files from EPS 1 (unresponsive Endpoint server) to EPS 2 (recovery Endpoint server). If the certificate files in EPS 1 and EPS 2 do not match, the agent fails to communicate with EPS 2 in case of EPS 1 failure.
IMPORTANT: Once you install EPS 1 on your machine, backup the nwerootca-key.pem and nwerootca-cert.pem certificate files. If you fail to do so and the EPS 1 fails due to some disaster, you cannot copy the nwerootca-key.pem and nwerootca-cert.pem certificate files in EPS 1 to EPS 2.
For more information on how to backup and copy the certificate files, see Configuring Multiple Endpoint Log Hybrids section in Install NetWitness Platform Virtual Host in Virtual Environment topic in the Virtual Host Installation Guide for 12.3.1.
-
When you replace an unresponsive relay server configured on an Endpoint server with the new relay server, make sure you re-use the same Fully Qualified Domain Name (FQDN) or IP address of the unresponsive relay as part of the relay recovery configuration.
-
You must enter the Forwarder address of the recovery Endpoint server in Endpoint Sources > Policies view immediately after mapping the service IDs of the Endpoint servers in the Admin Server - Source Server Explore view. During the failure of an Endpoint server EPS 1, if the IP address of the recovery Endpoint server EPS 2 changes, and you do not provide the Forwarder address of the recovery Endpoint in Endpoint Sources > Policies view, the agent fails to communicate with the recovery Endpoint server EPS 2.
-
The HTTPS ports of the Primary Endpoint server and the recovery Endpoint server must match during the Endpoint recovery configuration.
DNS Recovery Configuration
Note: The agent cannot establish communication through RAR mode as part of DNS Recovery. If Endpoint server is not directly reachable, the DNS recovery fails.
When all the Endpoint servers in the deployment are unresponsive, the agent searches for the recovery Endpoint server through the DNS entry. You must configure the new recovery Endpoint server in the deployment and include it in the DNS record to allow the agent to communicate with the newly added recovery Endpoint server.
To add the recovery Endpoint server to the DNS entry
-
Enter the following in DNS server.
-
Domain Name: Enter the domain name of the recovery Endpoint server in the form of <service ID>.nwrecovery.local.
For example: Domain Name must be entered in the form of 5bdv7ado-69a0-41f2- 8574-d3ffc78b9.nwrecovery.local.
Here, <service ID> is the service ID of the unresponsive Endpoint server which is variable and nwrecovery.local is a static element in all the domain names.
-
IP Address: Enter the IP address of the recovery Endpoint server as the IP address for the domain name.
-
-
Perform Endpoint recovery configuration in Admin Server - Source Server Explore view. For more information, see To configure the Endpoint Recovery.
The agent establishes communication with the newly added recovery Endpoint server.
-