Symantec Access Management

Hi,

I have a question regarding multi-write-group-hub settings in CA Directory. As per documentation, it is recommended that we designate one DSA in each multi-write group as a Hub.

Excerpt from document:

"When running multiwrite groups with MW-DISP recovery, we recommend configuring a DSA from each multiwrite group to act as a hub for the group of which it is a member. Use this approach rather than allowing each DSA to choose hubs from other groups."

Query:

I want to know if we use hub configurations for two active data centers, how do we seamlessly handle replication failover in this scenario?

Example
Group1 : data dsa1 (hub) , data dsa2 (no-hub)

Group 2: data dsa3 (hub),  data dsa4 (no-hub)

A write request coming on Group1 DSA Hub will be replicated to Group 2 Data Hub (dsa3). However if Hub in group2 is down how do we seamlessly make other data dsa (dsa4) as hub ?

Regards,

Neeraj Tati

HI Neeraj,

This is working as design. Only HUB <-> HUB replication will take place when MWHs are explicitly defined for each MWG.

Thanks,

Hitesh

Hi Hitesh,
I am fine with Hub to hub replication but there should be an automated failover to other available node in different data center who can become a HUB. Do you see any issues with it?

The problem I am facing due to this is:

if I have only 2 nodes in one data center which is used by an application who is only responsible for write operation but have 24 nodes in a different data center which is used by different applications who only want to read the data from these 24 nodes ( Application is divided into 12 sites and have a logical grouping of 2 ldap nodes for isolation purpose).

If I want to use Multi-write replication, the write master in Data center 1 has to send replication request to every single node which makes the list very huge ( for e.g. 3 write data centers i.e. 6 nodes and 24 read nodes = 30 nodes).

Whereas if I could create an additional replication cluster having two nodes doing the job of HUB and replicating data with these 24 read nodes.

At present if HUB node is down, write data center can not automatically failover to other node to treat it as HUB.

If you know of any alternatives through CA configurations, would like to hear from you.

Thanks.

Hi Neeraj,

In that case, you might want to go without MWH and simply rely on MWG. When done so, the system picks a HUB for you from a defined MWG. Should the 'picked' HUB goes offline for any reason, the system will (internally, under the covers) promote another DSA in the same MWG to be a hub. All this happens behind the scene without any user interference.

Thanks,

Hitesh

Hi Hitesh,

That's something interesting.

Let me try to expand your statement for me to understand it clearly and please correct me if I am wrong.

Are you saying?

Group 1 : node1,node2,

Group2 : node3,node4,node5,node6

If a write request comes to node1 and if I haven't defined any specific MWH.

Q. Will node1 pick only one of the node from group2, consider it as hub and assign the job of replicating the entry with other nodes to the one that was picked?

My understanding was that if write request comes to node1, node1 will send replication request to every single node in all the groups. Correct me if I am wrong here.

Thanks for all your inputs here.

Regards,

Neeraj Tati

Hi Hitesh,

I just tested it in my local machine. And your statement holds true. 

The order in which I defined DSAs of other multi-write group. Node who received a write update will pick first DSA from .dxg file and choose it as a hub. And then chaining effect takes place. That dsa which was selected as hub will replicate entry with all its peer in that multi-write group.

I also tried shutting down that DSA. it's seamlessly picking up 2nd DSA from .dxg file and marking it as HUB and remaining process is same.

Well, this clears some air for me. I have better clarity now. 

Thank you so much for your inputs. Much appreciated.

Regards,

Neeraj Tati