Synchronization of WebSEAL data across multiple servers

You can use the WebSEAL server sync command to synchronize the configuration of one WebSEAL server with another.

Note: You can synchronize servers of the same type only. The WebSEAL server type is either a:
  • WebSEAL running on an appliance.
  • WebSEAL running on a standard operating system.
You can use the following list of server task commands for various tasks, including:
  • Synchronizing one replicated WebSEAL server with another of the same type.
  • Migrating one WebSEAL environment to another (for example, from test to production).
server sync
Used to synchronize the configuration of the supplied WebSEAL server to the current WebSEAL server. The server sync command invokes the other commands on this list for a complete synchronization operation. The data that can be synchronized includes configuration entries, the junction database, and selected data files, but not the object space or policy. Configuration entries and data files to be synchronized can be customized in the WebSEAL configuration file. For details, see server task server sync.
server restart
Used to restart the WebSEAL instance. For details, see server task server restart.

The following list describes the flow of communication for the server sync command:

  1. The server sync command is issued from the administration console.
  2. The request for data is issued from the WebSEAL server as a new server task command.
  3. The source WebSEAL server gathers the data for synchronization and sends it to the target WebSEAL server.
  4. The target WebSEAL server applies the data retrieved.

The request for data is issued from the WebSEAL server that is processing the server sync task. Data is pulled from one WebSEAL server to another with authorization automatically applied by the Security Access Manager server task framework. By using an existing communication channel, there is no need to open up more ports for the WebSEAL server.