As of Version 7.4, Secret Server supports clustering the web servers. This feature requires Enterprise Plus Edition.
Setting up Clustering
Upgrading in a Clustering environment
- Have Secret Server upgraded\installed and running on the primary server.
- Enable Clustering by going to Administration, Server nodes.
- Copy the entire web application folder from the primary node to the secondary node. Follow the steps in the Installation Guide for setting up the application pool and virtual directory in IIS. Note If you use DPAPI encryption for your encryption.config file, you will need to transfer the un-DPAPI-encrypted version of the file to the secondary node. You can turn on DPAPI encryption from that server node locally after Secret Server is running. This setting can be found under ADMIN > Configuration > Security.
- Ensure the server has the same date time as the primary server.
- Once the secondary server is running navigate to Secret Server on that node to go through the DB Connection reset page for connecting to the database. Instructions for how to do this are in Step 2 of this KB article.
- Activate licenses for the new node (this can be done on either server once the database connection is established on the secondary node).
- Configure your load balancer for the two sites and to have sticky sessions to prevent a user from bouncing between server on each request.
Note: Before ANY UPGRADES
see the KnowledgeBase article Upgrading Secret Server - Single Instance & Web Clustering
for important steps to ensure your data is backed up.
Making a server in your cluster the primary:
- Perform a backup of the primary server.
- Stop all but the primary web server
- Perform the upgrade as with a single instance
- Once upgraded and working, copy the web application folder (without the database.config) to all secondary servers
- Start Secondary Server and confirm they still work
Clustering Error Conditions:
- On the server you will make the primary node, navigate to Secret Server locally.
- Log in as an administrator, and click Server Nodes from the Administration menu.
- Click the Make Current Node Primary button.
- Refresh the Clustering Log on that page to ensure the change is in effect.
- Encryption configs don't match - see this KB article
- Server Dates don't match - if the dates on the web servers do not match the audit records could be bad. The fix is to set the servers to the same time.
- Version does not match - If a secondary node is not properly updated from the primary node after an upgrade, that node will not run because the application version does not match the database. The fix is to copy the application folder (minus the database.config) to replace the files on the secondary server