When the backup server starts, it attempts to connect to the primary server. If it establishes a connection to the primary, then the backup server enters standby mode. If it cannot establish a connection to the primary, then the backup server assumes the role of the primary server (in active mode).
While the backup server is in standby mode, it does not accept connections from clients. To administer the backup server, the
admin user can connect to it using the administration tool.
EMS authorization interacts with fault tolerance. If authorization is enabled and the two EMS Servers are configured for fault tolerance, then both servers in a fault-tolerant pair must be configured as follows:
For example, you have two EMS Servers (Server 1 and Server 2) that are named "EMS-SERVER" and are to use a password of
"mySecret", but which do not share a
users.conf file. To set the user names and passwords, start the EMS Administration Tool on each server, as described in
Using the EMS Administration Tool, and do the following.
Parameters in the main configuration file (tibemsd.conf) affect this behavior. The relevant parameters all begin with the prefix
ft_ssl.
The server initializing a secure connection to another server uses the ft_ssl parameters to determine the properties of its secure connection to the other server. The receiving server validates the incoming connection against its own
ssl_ parameters. For more information about
ft_ssl parameters, see
Fault Tolerance Parameters. For more information about
ssl_ parameters, see
SSL Server Parameters.
When a backup server assumes the role of the primary server during failover, clients attempt to reconnect to the backup server (that is, the new primary) and continue processing their current message state. Before accepting reconnects from the clients, the backup server reads its message state from the shared state files.
You can instruct the server to clean up state information for clients that do not reconnect before the time limit specified by the
ft_reconnect_timeout configuration parameter. The
ft_reconnect_timeout time starts once the server has fully recovered the shared state, so this value does not account for the time it takes to recover the store files. See
ft_reconnect_timeout on page 197 for details.
When configuring a fault tolerant pair that does not share state, you must ensure that both servers use identical configurations. This is especially important for these configuration settings: