Configure SafeNet Authentication Service for High Availability
A site is defined as an instance of the SAS server. The number of permitted sites is determined by the license installed on the primary SAS server.
Regardless of the architecture, establishing multiple SAS sites follows the same implementation process. The primary SAS server must be installed, configured, and capable of processing authentication requests prior to configuring additional SAS sites. Changes or additions must be configured on the primary SAS site prior to configuring any other SAS site(s), including:
-
Database connection
-
Export of the site key file and configuration file
-
Import of the site key file and configuration file into the replica site
-
Ensure that the Primary server SQL database is using host names or IP addresses
To configure SAS sites (not the database) for high availability, ensure that:
-
The database currently used by SAS can be reached by all additional SAS sites.
-
The required ports are open from the additional SAS sites to the database server.
For more details, see System Requirements section. -
The SAS HA Controller Service is enabled on only one of the servers.
To ensure the same, refer to the note section of Step 3 – Add Additional SAS Sites.
Before a replica SAS site can be configured, ensure that SAS is installed on the secondary server. A site file and file key must be generated and exported from the primary SAS server. This is done at the System Level.
Add a secondary SAS site requires the following steps:
Step 1: Export SAS Site
To export an SAS site:
-
Log on locally to the primary SAS server.
-
Select the System tab.
-
Click the Setup module.
-
Click the Site link.
-
To save the file key, click the Save button in the File Key section and save the file to a secure location.
-
To save the site file, click the Save button in the Site File section and save the file to a secure location.
-
Copy the file key and site file to the replica SAS site.
Step 2: Import SAS Site
To import the SAS site:
-
On the replica SAS server, log on using a local administrator account.
-
On the System tab, expand the Setup module, and click the Site link.
-
Under the Site Import section, click Choose File to locate and select the SAS BSC file.
-
Open the FileKey.txt file and copy the key within the file.
-
Paste the key into the File Key field, and click Import Site.
To connect MySQL database, MySQL Connector is required. If it is already not installed on your system, a screen is displayed, with a download link and steps to guide you during the installation. During installation, ensure that you choose either Typical or Complete installation.
If any version of the MySQL Connector is already installed, you have to manually remove it before installing MySQL Connector 8.0.32. On installing the MySQL Connector, the Administrator is logged out of the application, and needs to login again to complete the rest of the configurations.
Step 3: Add additional SAS Sites
To add additional SAS sites:
Repeat the steps described above, Step 1 - Export SAS Site and Step 2 - Import SAS Site.
Note
Before reconfiguring
database in secondary SAS, you need to perform the following steps to
disable the HA Controller service on secondary SAS.
1. Set HAModeEnable to FALSE in the registry.
2. Set HAServiceURL to “” (blank) in the registry.
Both the above values can be found at the HA Service registry key,
available at the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\CRYPTOCard\BlackShield ID
While
trying to import user data from a primary SAS instance to secondary SAS
machine(s), if the site import setup is lost, please import the complete
site again from the primary SAS instance.
You may be directed to database configuration page on the secondary SAS
machine(s) if the setup is lost. Please never configure the database
here. This leads to modifications on the primary SAS instance,
and loss of all user data.
SAS servers can be
distributed over different data centers with different time zone
configurations. This may create an issue during the site import
process.
Before site import, it is advised to ensure that the display time on all
SAS machines is synchronized.