To improve the availability of your Intrusion Manager role, you can add a secondary server on standby. If the primary server hosting the role becomes unavailable, the secondary server is automatically used.
Before you begin
- Ensure that you have an expansion server available as a secondary server for your Intrusion Manager role. If you do not have an expansion server available, add an expansion server to your system.
- If your Intrusion Manager role is hosted on the
main server, you must first move it to an expansion
server.NOTE: If you must host the Intrusion Manager role on the main server, configuring the Intrusion Manager role failover is not enough: you must also configure the Directory failover. Role failover is managed by the Directory role, and Directory failover is managed by the Directory Manager role. For more information, see Directory failover and load balancing.
- Ensure that the Intrusion Manager role and the Intrusion Manager role database are not hosted on the same server. All servers hosting the Intrusion Manager role must have write access to the remote database server. For more information, see Connecting roles to remote database servers.
Failover is a backup operational mode in which a role (system function) is automatically transferred from its primary server to a secondary server that is on standby. This transfer between servers occurs only if the primary server becomes unavailable, either through failure or through scheduled downtime. For more information, see Role failover.
What you should know
IMPORTANT: Security Center does not handle the failover of role databases. For roles that connect to a database, the database server must be hosted on a third computer, separate from the servers hosting the role. All role servers must have read and write access to the database server. To protect your data, perform regular backups of the role database.
- From the Config Tool home page, open the Intrusion detection task.
- Select your Intrusion Manager role from the entity tree and click Resources.
Under the Servers list, click Add an item
A dialog box opens, listing all remaining servers on your system that are not yet assigned to this role.
Select the server that you want to add as a secondary server and click
The secondary server is added below the primary server. The green LED indicates which server is hosting the role.NOTE: The servers are listed in the order that they are picked if a failover occurs. When the primary server fails, the role automatically switches to the next server on the list.
- To change the priority of a server, select it from the list, and click the or buttons to move it up or down the list.
If you want the primary server to retake control after it is restored from a failover,
select the Force execution on highest priority server option.
To minimize system disruption, the role remains on the secondary server after a failover occurs, by default.
Ensure that the role is not connected to a database on the local machine.
You can determine that the database server is local to your machine if the name of the Database server starts with "(local)". If it does, rename the database server to match the remote server you prepared in advance for your Intrusion Manager role.
- Back up your Intrusion Manager role database and restore it on a server that is not hosting your Intrusion Manager role.
- Enable remote access to the Intrusion Manager role database you restored.
Change the Database server to the server hosting
your Intrusion Manager role database.
For example, REMOTESERVER\SQLEXPRESS.
- Click Apply.