Skip to content

High Availability Deployment

Requirements

In order to set up your high availability deployment, you will need:

  • Two physical or virtual servers with the 12Port application installed
  • A standalone SQL database (MS SQL, MySQL, Oracle, PostgreSQL)
  • An application load balancer

Replicated Tenant Setup

The 12Port application supports replication on the scope of an individual asset tenant. To begin setting up a HA deployment, we will create an asset tenant with a shared database. This tenant will be replicated across two 12Port server nodes and will be accessible through either node.

First Node Setup

Note

This guide assumes that you will be creating a new, empty asset tenant for the replication procedure. If you already have an asset tenant with an external database that you would like to use in your HA deployment, you may skip this section.

Log into the 12Port application on your first server node. Create your base tenant administrator account. You will then be prompted to create an asset tenant on this server node. To create a tenant that can be replicated later, there are a few important options to set on this page. First, ensure that Tenant Update Type is set to "Create Standalone." Additionally, you must provide the connection details of your external SQL database. Set Database to your database variant, replace the server, port and database name in the DB URL field, and enter the username and password.

Add Asset Tenant Form

More information about the remaining tenant options can be found in the initial setup guide.

Once you have entered the necessary information, you can test your database connection by clicking Test in the top right of the page. Click Save to finish creating the new tenant.

Obtaining the Tenant Key Ring

When you create the tenant on the second node, you will need to provide the key ring from the tenant on the first node so that both nodes are able to encrypt and decrypt tenant data on the shared database. To access the key ring:

  1. Log into the base tenant of the first 12Port server node with an administrator account.
  2. Navigate to Management > Tenants, find the entry of the tenant you would like to replicate, and click the expansion arrow to show more details.
  3. From the Key Ring field, click the Access Secret button. You will then be able to display the key ring and copy it to your clipboard.
  4. Save the key ring to a secure location.

Tenant Key Ring

Second Node Setup

Log into the 12Port application on your second server node. Follow the same procedure used to set up the first node until you reach the Add Tenant page. Note that the base tenant administrator user on this node does not need to be the same as on the first node since base tenant data will not be replicated. On the Add Tenant page, enter the same information as in the first node for the Name, Issuer, and Database fields, but set Tenant Update Type to "Create With Shared Database." Choosing this update type will cause a Key Ring field to appear at the end of the page. Paste the key ring you obtained from the first node into this field.

Add Asset Tenant Form

You may then click Test in the top right of the page to verify that your database is reachable and click Save to finish creating the new tenant.

Creating a Local User

Since the base tenant accounts that were used to create the asset tenant exist outside the local scope of the asset tenant, they are not replicated between the server nodes. Although the asset tenant can be accessed directly on each node with the base tenant administrator account on that node, attempting to access the replicated asset tenant with one of these accounts through the load balancer will result in synchronization issues. Before continuing, you should create a local administrator user if one does not already exist. This will be necessary in order to access and manage the replicated tenant through the load balancer.

To add a user to the local directory, you will need to log into the asset tenant on one of the server nodes directly using the base tenant administrator account. Then, navigate to Management > Users, click Add, and complete the Add User form.

You can grant administrator privileges to this new user by navigating to Management > Space Roles, clicking Grant, searching for the user in the local directory, and enabling the Administrator option. Click Grant once again to save the new privileges for this user.

Load Balancer Configuration

To complete your HA deployment, you will need to configure a load balancer to receive and proxy connections to the two 12Port server nodes hosting your replicated tenant. The following articles contain specific configuration instructions for several common load balancer variants:

  • NGINX Configuration
  • Apache Configuration
  • AWS Load Balancer Configuration
  • Azure Load Balancer Configuration