Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 19 Fault Tolerance : Configuring Fault-Tolerant Servers

Configuring Fault-Tolerant Servers
Shared State
To configure an EMS server as a fault-tolerant secondary, set these parameters in its main configuration file (or on the server command line):
server    Set this parameter to the same server name in the configuration files of both the primary server and the secondary server.
ft_active    In the configuration file of the primary server, set this parameter to the URL of the secondary server. In the configuration file of the secondary server, set this parameter to the URL of the active server.
When a server configured for fault tolerance starts, it attempts to connect to its peer server. If it establishes a connection to its peer, then it enters the standby state. If it cannot establish a connection to its peer, then it becomes the active server.
While a server is in the standby state, it does not accept connections from clients. To administer the standby server, the admin user can connect to it using the administration tool. Standby servers started with a JSON configuration file cannot be administered.
Authorization and Fault-Tolerant Servers
EMS authorization interacts with fault tolerance. If authorization is enabled and the two EMS Servers are configured for fault tolerance, then both servers in a fault-tolerant pair must be configured as follows:
The tibemsd.conf file for each server must have the same server name and password (the server and password parameters must be the same on each server).
The user name and password in the users.conf file for each server must match the values of the server and password parameters in the tibemsd.conf file.
If the two EMS Servers are not sharing a users.conf file, make sure that you create a user with the same name as the EMS Server, and set the user's password with the value of the "server" password.
For example, you have two EMS Servers (Server 1 and Server 2) that are named "EMS-SERVER" and are to use a password of "mySecret", but which do not share a users.conf file. To set the user names and passwords, start the EMS Administration Tool on each server, as described in Using the EMS Administration Tool, and do the following.
From the active (Server 1), enter:
   set server password=mySecret
   create user EMS-SERVER password=mySecret
From the standby (Server 2), enter:
   set server password=mySecret
   create user EMS-SERVER password=mySecret
From the active (Server 1), enter:
   set server authorization=enabled
From the standby (Server 2), enter:
   set server authorization=enabled
SSL
You can use SSL to secure communication between a pair of fault-tolerant servers.
Parameters in the main configuration file (tibemsd.conf) affect this behavior. The relevant parameters all begin with the prefix ft_ssl.
The server initializing a secure connection to another server uses the ft_ssl parameters to determine the properties of its secure connection to the other server. The receiving server validates the incoming connection against its own ssl_ parameters. For more information about ft_ssl parameters, see Fault Tolerance Parameters. For more information about ssl_ parameters, see SSL Server Parameters.
See Also
Chapter 18, Using the SSL Protocol
Reconnect Timeout
When a standby server assumes the role of the active server during failover, clients attempt to reconnect to the standby server (that is, the new active) and continue processing their current message state. Before accepting reconnects from the clients, the new active server reads its message state from the shared state files.
You can instruct the server to clean up state information for clients that do not reconnect before the time limit specified by the ft_reconnect_timeout configuration parameter. The ft_reconnect_timeout time starts once the server has fully recovered the shared state, so this value does not account for the time it takes to recover the store files. See ft_reconnect_timeout on page 220 for details.
Unshared State
When configuring a fault tolerant pair that does not share state, you must ensure that both servers use identical configurations. This is especially important for these configuration settings:
Destinations  Both servers must support the same destinations.
Routes  Messages must be able to arrive at the endpoints, using equivalent or identical routes across servers.
Access Control  Access control must be setup identically in both servers, so that the users.conf, groups.conf, and acl.conf file settings match.
SSL  When SSL is deployed, both servers must use the same certificate(s).

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved