Administration Synchronisation
Overview
Administration Synchronisation allows the Swivel configuration allows changes on one Swivel instance to be pushed out to other Swivel instances. Changes on any Swivel instance can be configured to be sent to other Swivel instances.
One Swivel instance is configured as a Broker to show which which settings are synchronised.
Allowing the Synchronise configuration adds a Config sync type drop down menu and a Sync now button to pages that allow synchronisation.
There are 3 synchronisation settings:
- Automatic - push out changes to other Swivel instances (configured as Automatic or Manual)
- Manual - do not push out changes, but receive changes from other Swivel instances
- Disable Sync - do not push out or receive changes
What can be Synchronised
The following may be synchronised
- Swivel Administration console Policy>General settings
- Swivel Administration console Policy>PIN and OTC settings
- Swivel Administration console Policy>Password settings
- Swivel Administration console Policy>Self-Reset settings
- Swivel Administration console Policy>Helpdesk settings
- Swivel Administration console Policy>Console Login settings
- Swivel Administration console Policy>Mobile Client settings
- Swivel Administration console Policy>Banned Credentials settings
- Swivel Administration console Policy>Reporting settings
- Swivel Administration console Repository>Groups settings (new Groups requires a Sync)
- Swivel Administration console Repository>Attributes settings
What cannot be Synchronised
The following settings (among others) are not synchronised
- CMI configuration (Networking, backup, etc)
- Webmin configuration
- Swivel Administration console Transport>General
- Swivel Administration console Transport>Transport_Name
- Swivel Administration console Repository>Repository_Name
- Swivel Administration console RADIUS>Server
- Swivel Administration console RADIUS>NAS
Prerequisites
Swivel 3.9.7 onwards
Firewall rule to allow synchronisation, see Firewall Appliance Configuration The Swivel appliance firewall is automatically updated as part of the Swivel core patch release version patch.3.10.2.1950.swivel onwards to allow access on port 61616.
Configuration
Synchronisation Administration Settings
Synchronise configuration: default No, Options Yes/No
Broker IP: IP address of the Broker. You need to designate one Swivel appliance as the broker, and use the IP of that for all appliances.
Broker port: default 61616, the port to be used for sharing configuration information
Act as Broker: default No, Options Yes/No, define a Swivel instance as the broker from which configuration information can be read
Broker checking frequency (seconds): default 60, time interval to reconnect if connection is lost from the broker
| Swivel Synchronisation setting | Action on Apply | Action on Sync Now ψ | Apply from other Swivel server | Sync now from other Swivel server ψ |
| Manual | no settings pushed out | push all settings in page | receive changes | receive all settings in page |
| Automatic | push all changes | push all settings in page | receive changes | receive all settings in page |
| Disable Sync | No Synchronisation | Disabled | No change | No change |
ψ Note where groups are synchronised with Sync now, the settings are synchronised, but groups not on the target will not be created.
Synchronisation Administration additional Broker Setting
The broker additionally has the following setting:
Config sync checking frequency (seconds): default 60 seconds, this how often the synchronisation state is checked. The broker will send information about configurations with a sync type Manual or Automatic and show the sync status compared to the broker in the status screen.
Synchronisation settings
The settings that can be synchronised have an option for;
Config sync type', Default Disable sync, options: Disable sync, Manual, Automatic
Disable sync - There is no synchronisation
Manual - Changes applied will not be synchronised, but the appliance will be able to receive synchronisation messages and they will be applied when the Sync now button is used.
Automatic - the changes applied on that Swivel instance will be applied to other Swivel instances who are configured as Manual or Automatic. A Synchronisation data have been sent will be displayed.
Synchronisation Status
The status page shows the synchronisation status of the Swivel instance. Entries are listed as either Synchronised or Not Synchronised for that Swivel instance.
Testing
On configuration a successful synchronisation will display a Connected message.
The Status page will show the status for Broker or or connected to the broker:
State local sync broker Active
Configuration sync state connection Connected
Check connectivity with telnet to the broker
telnet 172.16.1.97 61616 CacheEnabledSizePrefixDisabled MaxInactivityDurationInitalDelay'TcpNoDelayEnabledMaxInactivityDurationu0TightEncodingEnabledStackTraceEnabledPuTTYPuTTYConnection closed by foreign host.
Standard Startup Messages
From Swivel version 3.10.3
Standard Non Broker Startup
Sync connection broker established, topic: PINsafe.Sync.Config.State
Subscriber created on topic: PINsafe.Sync.Config.State
Sync connection broker established, topic: PINsafe.Sync.Config
Subscriber created on topic: PINsafe.Sync.Config
Publisher created, topic: PINsafe.Sync.Config
Standard Broker Startup
Sync connection broker established, topic: PINsafe.Sync.Config.State
Publisher created, topic: PINsafe.Sync.Config.State
Sync connection broker established, topic: PINsafe.Sync.Config
Subscriber created on topic: PINsafe.Sync.Config
Publisher created, topic: PINsafe.Sync.Config
Sync broker has been started
Known Issues
Troubleshooting
Configuration fails to synchronise
Ensure that the Broker is running and can be contacted
Ensure Port and IP address details are correct
Under Synchronisation Administration>Configuration, set Synchronise configuration to No, Apply, set to Yes and Apply, then test
Config sync type' drop down menu and Sync now are missing. These are only enabled when the Synchronisation Administration>Configuration Parameters is set to Yes
Error Messages
Error establishing connection:
A connection cannot be made to the Administration Broker. Has a firewall rule to allow synchronisation been configured, see Firewall Appliance Configuration, are there any network devices blocking configuration? The Swivel appliance firewall is automatically updated as part of the Swivel core patch release version patch.3.10.2.1950.swivel onwards to allow access on port 61616.
Error starting sync broker
If a Swivel instance is connected to another broker, it is not possible to start the broker.
Error establishing connection 192.168.1.10: 61616
The Broker may be starting up, restarting or not running
