Home >

Administration Guide > High Availability (HA) Mode > Client - Create HA Group

Client - Create HA Group

On your Client, use the VTL utility to configure HA.

1.Create a new HA group on the client, which consists of:

a Label for the group (do NOT call the group just "HA").

the Serial number of the primary partition.

the password for the partition.

The VTL utility also generates and assigns a Serial Number to the group itself:

bash-2.05# ./vtl haadmin newgroup -serialnum 65003001 -label myHAgroup -password userpin
New group with label "myHAgroup" created at group number 742276409.
Group configuration is:
HA Group Number:  742276409
HA Group Label: myHAgroup
Group Members:  65003001
Needs sync:  no

2.Your chrystoki.conf/crystoki.ini file should now have a new section:

VirtualToken = {
VirtualToken00Members = 65003001;
VirtualToken00SN = 742276409;
VirtualToken00Label = myHAgroup;
}   

CAUTION:  Never insert TAB characters into the chrystoki.ini (Windows) or crystoki.conf (UNIX) file.

3.Now add another member to the HA group, that member being Partition2 on Luna2:

bash-2.05# ./vtl haadmin addmember -group 742276409 -serialNum 65005001 -password userpin
Member 65005001 successfully added to group 742276409.
New group configuration is:
HA Group Number:  742276409
HA Group Label:  myHAgroup
Group Members:  65003001, 65005001
Needs sync:  no
Please use the command 'vtl haAdmin -synchronize' when you are ready to replicate data between all members of the HA group. (If you have additional members to add, you may wish to wait until you have added them before synchronizing to save time by avoiding multiple synchronizations.)

Note:  Notice the paragraph about synchronization above. The 'synchronize' command replicates all objects on all partitions across all other partitions. As there are no objects on our newly created partitions yet, we do not need to run this command. Do not use this command when recovering a group member that has failed (or was taken down for maintenance). Use the command vtl haadmin -recover -group <GROUP NAME>  

Optional Checking Steps

4.Run vtl haAdmin -show or vtl haAdmin -show -syncStatus for an overview of the HA status and configuration settings. For example:

[myworkstation]# ./vtl haAdmin -show  

================ HA Global Configuration Settings ===============
HA Auto Recovery: disabled
Maximum Auto Recovery Retry: 0
Auto Recovery Poll Interval: 60 seconds
HA Logging: disabled
Only Show HA Slots: no

================ HA Group and Member Information ================
      HA Group Label: Com_HA
    HA Group Number: 742276409
HA Group Slot #: 3
    Synchronization: enabled
      Group Members: 65003001, 65005001
   Standby members: <none>

Slot #   Member S/N  Member Label   Status
======  ==========  ============   ======
1     150346008   mypar1  alive
2      150470006   mypar2      alive

[myworkstation]#

[myworkstation]# ./vtl haAdmin -show  

================ HA Global Configuration Settings ===============
             HA Auto Recovery: disabled
  Maximum Auto Recovery Retry: 0
  Auto Recovery Poll Interval: 60 seconds
                   HA Logging: disabled
Only Show HA Slots: no

================ HA Group and Member Information ================
     HA Group Label: Com_HA
    HA Group Number: 742276409
 HA Group Slot #: 3
    Synchronization: enabled
      Group Members: 65003001, 65005001
  Standby members: <none>

Slot #   Member S/N  Member Label   Status
======  ==========  ============  ======
1      150346008 mypar1       alive
2      150470006 mypar2         alive

[myworkstation]#

5.Check Chrystoki.conf/crystoki.ini again, the VirtualToken section should now look like this:

VirtualToken = {
VirtualToken00Members = 65003001, 65005001;
VirtualToken00SN = 742276409;
VirtualToken00Label = myHAgroup;
}
VirtualToken = {
VirtualToken00Members = 65003001, 65005001;
VirtualToken00SN = 742276409;
VirtualToken00Label = myHAgroup;
}  

6.Run vtl listslots on your client, and get a slot list. You should now see:

Slots available:
slot#1 - LunaNet Slot
slot#2 - LunaNet Slot
slot#3 - HA Virtual Card Slot    

Verification Steps

7.We have the two physical slots on Luna1 and Luna2, and now a third virtual slot which points at both physical slots at once, via load balancing. To test your HA setup, run multitoken against slot 3:
./multitoken -mode rsasigver -key 1024 -slots 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3
(Each of the “3”s in the above sample invokes one thread performing the selected signing operation.)

8.Verify that the network lights on both Luna SA units are flashing. Verify that performance on multitoken is approximately 2400 signatures/second. Fewer than ten threads might be insufficient to exercise the Luna SAs fully. Therefore, experiment with additional threads until you see the expected performance.

If you are satisfied that your HA setup is working, then you can begin using your application against the HA "slot" label (which, in the example above, was "myHAgroup").  If you have included more Luna SA appliances and Partitions in your HA group, then the virtual slot assignment will differ accordingly, but that doesn't matter to your application, because the application should be invoking the label, not a particular slot-number.

HA Standby Mode [optional]

If your situation requires that some HA group members be active, while others are kept synchronized, but in standby mode, see "HA Standby [optional]".