-
Title
How to configure TPAM HA for failover -
Description
With the Quest One Total Privileged Access Management (TPAM) High Availability (HA) appliances, what options exist to direct users to the Replica appliance when access to the Primary is no longer successful due to environmental issues?
-
Cause
Example Scenario:
Connection to the datacenter where the Primary appliance is located has failed or is no longer available. The Replica appliance in datacenter 2 has failed over and is now running in "Primary" mode. How can users access the Replica if the Replica is running on a different IP Address? -
Resolution
WORKAROUND 1
Create a DNS Entry for the TPAM appliance. For Example:
- Primary IP is 1.1.1.1
- Replica IP is 1.1.1.2
- DNS entry ‘TPAM.domain.com’ is created and points to 1.1.1.1
- Users connect to TPAM with the URL https://tpam.domain.com/par (https://tpam.domain.com/par)
- When Primary is no longer available and has failed over to the replica, the DNS entry can be manually re-configured to 1.1.1.2WORKAROUND 2
Utilize the PAR Appliance System Status page. The TPAM appliance Status page (https://tpamappliance/status) was created as a means of verifying the current status of the appliance at a glance.
The status page can be parsed by some 3rd party load balancing solutions to direct the user's requests appropriately based on the current running mode of the appliance. Should the Primary appliance become unresponsive, the 3rd party software can redirect users to the Replica appliance.
Please review the Configuration & Administration Manual listed under PAR Appliance Status for more information.