Standby Members

You can designate some members of an HA group as standby members after you add them to an HA group. Standby members differ from the default active members in that they do not actively participate in the HA group unless perform any cryptographic operations

By default, all members in an HA group are treated as active so that they are kept current with key material and are used to load-balance cryptographic services. In some deployment scenarios, however, it makes sense to define some members as standby. Standby members are registered just like active members except that they are defined as “standby” after they are added to the HA group.

As depicted below, applications can be deployed in geographically dispersed locations. In this scenario, you can use Luna’s standby capability to use the HSMs in the remote data center to cost-effectively improve availability. In this mode, only the local units (non-standby) are used for active load-balancing. However, as key material is created, it is automatically replicated to both the active (local) units and standby (remote) unit. In the event of a failure of all local members, the standby unit is automatically promoted to active status. You can use this feature to reduce costs, while improving reliability. This approach allows remote HSMs that have high latency to be avoided when not needed. However, in the worst case scenario where all the local HSMs fail, the remote member automatically activates itself and keeps the application running.

NOTE   In normal operation, the HA standby units do not perform any cryptographic operations. However, the HA service must log into all units in a group (C_OpenSession/Login is performed against all members), including standby units. This is necessary because, in the case where the standby unit is called into action, it must already be up-to-date with respect to key material that is being used in the group - it cannot synchronize with HSMs that have failed or that have gone off-line. Therefore, when the HA group consists of PED-authenticated HSMs, they must all be Activated, including the standby HSM(s).

Standby Behavior

Standby members become active only to keep the group alive. In an HA group that includes more than one standby member, if all active members go down/off-line, all available standby members become active in the group. Additional standby members remain on standby until/unless they are needed.

In other words, in an HA group, the load-sharing and redundancy capability is as large as all the active members. If all active members become unavailable to the application, then the group load-sharing and redundancy falls to all available standby members.

To set an HSM to standby status:

In Configuring HA, we created an HA group with label "myHAgroup" and group number 1154438865297, with two active members, serial number 154438865297 and serial number 1238700701520.

1.Create a third member, as previously described, and add it to the HA group by specifying either its slot or serial number.

hagroup addmember -group <grouplabel> {-slot <slotnum> | -serialnumber <serialnum>}

For example:

lunacm:> hagroup addmember -group myHAgroup -slot 2
 
        Enter the password: ********
        Member 1238700701521 successfully added to group myHAgroup. New group
        configuration is:
 
         HA Group Label:  myHAgroup
        HA Group Number:  1154438865297
       HA Group Slot ID:  6
       Synchronization: enabled
          Group Members:  154438865297, 1238700701520, 1238700701521
             Needs sync:  no
        Standby Members:  <none>
 
Slot #    Member S/N                      Member Label    Status
======    ==========                      ============    ======
     0  154438865297                     HApartition00     alive
     1  1238700701520                     HApartition01     alive
     2  1238700701521                     HApartition02     alive
 
        Please use the command "ha synchronize" when you are ready
        to replicate data between all members of the HA group.
        (If you have additional members to add, you may wish to wait
        until you have added them before synchronizing to save time by
        avoiding multiple synchronizations.)
        Command Result : No Error

2.Set the member to standby status, specifying its slot or serial number.

hagroup addstandby -group <grouplabel> {-slot <slotnum> | -serialnumber <serialnum>}

For example: 

lunacm:> hagroup addstandby -group myHAgroup -serialnumber 1238700701521
 
        The member 1238700701521 was successfully added to the standby list for the HA Group myHAgroup.
 
Command Result : No Error
 

3.If you wish, check the new configuration.

hagroup listgroups

For example: 

lunacm:> hagroup listgroups
 
        If you would like to see synchronization data for group myHAgroup,
        please enter the password for the group members. Sync info
        not available in HA Only mode.
 
        Enter the password: ********
 
              HA auto recovery:  disabled
              HA recovery mode:  activeBasic
   Maximum auto recovery retry:  0
   Auto recovery poll interval:  60 seconds
                    HA logging:  disabled
            Only Show HA Slots:  no
 
         HA Group Label:  myHAgroup
        HA Group Number:  1154438865297
       HA Group Slot ID:  6
       Synchronization: enabled
          Group Members:  154438865297, 1238700701520, 1238700701521
             Needs sync:  no
        Standby Members:  1238700701521
 
Slot #    Member S/N                      Member Label    Status
======    ==========                      ============    ======
     0  154438865297                     HApartition00     alive
     1  1238700701520                     HApartition01     alive
     2  1238700701521                     HApartition02     alive
 
Command Result : No Error


Customer Support Portal

SafeNet Luna PCIe HSM 7.1 Product Documentation  13 December 2019  Copyright 2001-2019 Thales Group. All rights reserved.