Create a Gateway Administrator Cluster
The FileXpress Gateway Administrator server performs the following functions:
- Provides the web-based Gateway Administrator user interface for managing users and transfers.
- Authenticates users when they log on to the Transfer Client and communicates user and transfer site information to the FileXpress Proxy services.
- Stores user and transfer site information in the FileXpress database.
To maintain high availability of these services, you can configure a Gateway Administrator cluster. Data in the FileXpress database is automatically replicated across all servers in the cluster.
Setting up a cluster
To configure a cluster, you need to enable clustering on an initial Gateway Administrator server, copy required configuration files to each system you want to add to the cluster, then use the ConfigServer command line utility to add each member to the cluster. These procedures are detailed below.
There is no special master server in a cluster. Any existing cluster member can be used to add a new cluster member.
Before you begin
- Install FileXpress Gateway Administrator on the computers that will be part of your cluster. Every computer in the cluster must be resolvable in DNS. Members of a cluster communicate using DNS names. If DNS names are not resolvable, cluster members will not be able to provide data replication to other members of the cluster.
- If you use Post Transfer Actions, configure file storage on an SFTP server. If the FileXpress Gateway Proxy is used as the file storage server, and it is installed on the same system as one of the Gateway Administrator instances, actions will not run reliably.
Gateway Administrator cluster support is disabled by default in order to reduce the attack surface of the system. To enable cluster support, you need to edit the Gateway Administrator properties file as follows.
To enable clustering in the Gateway Administrator properties file
- Locate the container.properties file on the initial cluster server. The default location is:
C:\Program Files\Attachmate\FileXpress\Gateway\GatewayAdministrator\conf
- Set the following values and save the edited file.
rmi.port.ssl = 43000
replication.enabled= true
directory.replication.port=8846
- Restart the Gateway Administrator service.
Before you add a new Gateway Administrator server to a cluster, you need to copy some required configuration files to the new server. These files are not replicated automatically. If you have an existing Gateway Administrator that is already configured with users and transfer sites, use this as the initial cluster member.
To copy required files to new members of the cluster
- Locate the following files on the initial cluster server (or any server already added to the cluster) and copy them to each Gateway Administrator instance that you are adding to the cluster. This step is required because these files are not replicated.
These files are installed to the following location by default:
C:\Program Files\Attachmate\FileXpress\Gateway\GatewayAdministrator\
Files
Notes
conf\*.*
Replace all files in the conf directory on the new instance with the files from the configured Gateway Administrator server. This directory includes the container.properties files, and other files that might contain customized logging settings.
etc\servletcontainer.jks
-or-
This is the default self-signed server certificate. If you have not installed a certificate signed by a commercial Certificate Authority, copy this file to the other servers.
Your commercial certificate in a .jks, .p12, or .pfx file
If you have replaced the default self-signed server certificate with a certificate signed by a commercial Certificate Authority, copy the CA-signed certificate to the location specified in container.properties under servletengine.ssl.keystore.
- Restart the Gateway Administrator service on the server to which you copied the files.
After you have enabled clustering and copied required files to a new server, you can use the ConfigServer utility to add the new server instance to the cluster. This initiates data replication between the added server and the cluster.
To use the ConfigServer utility to add a server to the cluster
- If there is a firewall between members of the cluster, open ports 43000 and 8846 on these computers.
- If you have an initial FileXpress Gateway Administrator server that is already providing transfer services to users, back up your data for this server.
- From any system with Gateway Administrator installed and clustering enabled, open a command window using the "Run as administrator" option (Start > All Programs > Accessories, right-click Command Prompt > Run as administrator).
- Navigate to the FileXpress Gateway bin folder. For example:
cd C:\Program Files\Attachmate\FileXpress\Gateway\GatewayAdministrator\bin
- Run configserver.bat using the following syntax:
configserver -clusterserver <clusterserver> -clusteruser <admin> -clusterpassword <password> -instanceserver <instanceserver> -instanceuser <admin> -instancepassword <password> -command addserver
Replace the items in brackets with your values for each of the following arguments:
clusterserver
The DNS name of a server that is already a member of the cluster. If you are creating a new cluster and you have a Gateway Administrator server that is already configured, use this server as the clusterserver.
clusteruser
A user who can log on to Gateway Administrator running on clusterserver. This user must have System setup rights.
clusterpassword
The password for clusteruser.
instanceserver
The DNS name of the unconfigured Gateway Administrator server instance that you are adding to the cluster.
instanceuser
A user who can log on to instanceserver. This must be a user with System setup rights. If you are adding a newly installed server, you can use the default "admin" account.
instancepassword
The password for the user account in the new instance. If you used the default "admin" account in a new installation that you have not yet logged into, use "secret" as the password.
You should see a message similar to the following:
Server instanceserver.mydomain.com has been added to the cluster clusterserver
Depending on the FileXpress database size and the bandwidth between the servers, it might take between 30 seconds to 30 minutes for the added server to come back up. Once the added instance comes back up, it will have the same data as the other members of the cluster. Afterwards, any changes in any member of the cluster will be propagated immediately to the other members of the cluster.
Data replication in a Gateway Administrator cluster
After data is received by one member of a cluster, it starts replicating to all of the other servers in a cluster. This process starts about half a millisecond after the data is received. If there is a data conflict, then the last change is replicated throughout the cluster. For example, if a password for a user is changed on one Gateway Administrator and a different password is set for the same user on a different Gateway Administrator in the same cluster, then the latest password change will be replicated to all members of the cluster.
If a server instance in a cluster is down, then the data replication will occur both to and from that server as soon as it comes back up. If the network connection between server instances of a cluster goes down, a best practice is to restore the network connection prior to making configuration changes in any Gateway Administrator instance in order to minimize the risk of data conflicts.
 |