H.8 Enabling Agent To Operate In High Availability Environment With Secondary Network Interface Card For Audit Vault Server

Use this procedure to enable Agent to operate in high availability environment with secondary NIC for Audit Vault Server.

In configurations with high availability enabled it is necessary to first enable the data network for the agent on the primary and the secondary Audit Vault Server. This topic contains the necessary steps to enable Agent to operate in high availability environment with secondary NIC.

Note:

The user must use the same port for the primary and secondary network interface card while configuring the secondary card for High Availability.

Note:

In case you are performing an upgrade to 12.2.0.4.0, follow these steps first:

  1. Log in as administrator and execute the upgrade task on Audit Vault Server appliance.

  2. Upgrade each AVS appliance to 12.2.0.4.0 and follow high availability upgrade procedure.

  3. Follow steps from the note below to enable agent data network on secondary Network Interface card.

Note:

To enable agent data network on the preconfigured HA setup, perform the following:

  1. Enable the agent data network on the primary Audit Vault Server (AVS1).

  2. Execute Audit Vault Server switchover.

  3. Enable the agent data network on the new primary Audit Vault Server AVS2.

To enable Agent to operate in high availability environment with secondary NIC for Audit Vault Server, follow these steps:

  1. Both the appliances in the configuration must be updated with the new auxiliary network interface information from the other appliance. On both the primary and secondary Audit Vault Server appliances execute the steps mentioned in Enabling Agent Connectivity On Secondary NICs for Audit Vault Server. This enable the Agent on the auxiliary interface.
  2. In the primary appliance, add the address of the newly defined auxiliary interface of the secondary appliance. Open the configuration file of the primary appliance:

    vi /usr/local/dbfw/etc/dbfw.conf

  3. Scroll to the bottom of the file and add the following:

    # The address of the network interface defined for the agent on the secondary AVS.

    SECONDARY_NIC_1_ADDRESS_HA=”<IP address>”

  4. On the secondary appliance, add the address of the newly defined auxiliary interface of the primary appliance.
  5. Open the configuration file of the secondary appliance:

    vi /usr/local/dbfw/etc/dbfw.conf

  6. Scroll to the bottom of the file and add the following:

    # The address of the network interface defined for the agent on the primary AVS.

    SECONDARY_NIC_1_ADDRESS_HA=”<IP address>”

  7. Execute the following commands on AVS1 and AVS2 after updating the configuration:

    /usr/local/dbfw/bin/priv/configure-networking

    /usr/local/dbfw/bin/os_manager execute_script update_connect_string_ip.sh

  8. Configure the resilient pair between the AVS1 and AVS2 Audit Vault Servers. It is necessary to define routes for the agents to access the original networks in case they use the default gateway device.

    See Also:

    Adding User Content To System Configuration Files for more information on configuring the required routes, if the agents are on a different subnet than the Audit Vault Server.

  9. The agent must be redeployed to the host.

    Result: The agent is now able to communicate with the primary Audit Vault Server on the newly defined Network Interface Card.