IBM Support

Configuring Failover in Secure Proxy Adapters

Technical Blog Post


Abstract

Configuring Failover in Secure Proxy Adapters

Body

SSP adapters normally only determine when a backend connection is down when a connection is attempted to that destination.  However, SSP has the capability to automatically detect when a back-end connections is down, and stop the listener on the SSP front end.  This will prevent incoming connections from being made and allow Load Balancers, and other devices that monitor services and hardware, will see that they're down and stop routing connections to them.

 

Failover properties are entered one at a time in the Adapter Properties tab.  These are done on a per-adapter basis, so these properties will need to be entered for each adapter for which you want fail over enabled.

 

failover.conn.timeout            15
failover.debug                true
failover.detection.enabled        true
failover.detection.mode            continuous
failover.poll.interval            15

 

Details on the failover settings:

 

failover.detection.mode—Determines the mode used to poll the Sterling External Authentication Server and outbound nodes. Set this property to continuous to poll the Sterling External Authentication Server and outbound nodes at the same interval defined in the outbound and Sterling External Authentication Server perimeter servers. Set the property to standard to detect that outbound or Sterling External Authentication Server nodes are down only when a connection is attempted. Default=standard.

 

failover.detection.enabled—Enables failover detection. Set this property to true to enable failover detection. Default=false.

 

failover.poll.interval—To configure polling frequency, in seconds. Default=5.

 

failover.conn.timeout—To identify how much time is allowed to make a connection, before the connection fails. Default=15.

 

failover.ea.ping.profile —Name of the profile sent to Sterling External Authentication Server to detect if LDAP is available. By default, a profile called sspDUMMYprofile is sent. Change this property to use an actual profile name to extend health check to the LDAP server. Define a profile with this name in Sterling External Authentication Server.

 

failover.debug—To enable debug logging for failover. By default, debug logging is disabled. To enable debug logging for failover, set this property to true. Output is written to the file called failover.log in the /logs directory.

 

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4PJT","label":"IBM Sterling Connect:Direct"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11123365