Administration Synchronisation

From Swivel Knowledgebase
Revision as of 12:52, 11 May 2017 by Admin (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Overview

Administration Synchronisation allows the Swivel configuration allows changes on one Swivel instance to be pushed out to other Swivel instances. Changes on any Swivel instance can be configured to be sent to other Swivel instances.

One Swivel instance is configured as a Broker to show which which settings are synchronised.

Allowing the Synchronise configuration adds a Config sync type drop down menu and a Sync now button to pages that allow synchronisation.

There are 3 synchronisation settings:

  • Automatic - push out changes to other Swivel instances (configured as Automatic or Manual)
  • Manual - do not push out changes, but receive changes from other Swivel instances
  • Disable Sync - do not push out or receive changes


What can be Synchronised

The following may be synchronised

  • Swivel Administration console Policy>General settings
  • Swivel Administration console Policy>PIN and OTC settings
  • Swivel Administration console Policy>Password settings
  • Swivel Administration console Policy>Self-Reset settings
  • Swivel Administration console Policy>Helpdesk settings
  • Swivel Administration console Policy>Console Login settings
  • Swivel Administration console Policy>Mobile Client settings
  • Swivel Administration console Policy>Banned Credentials settings
  • Swivel Administration console Policy>Reporting settings
  • Swivel Administration console Repository>Groups settings (new Groups requires a Sync)
  • Swivel Administration console Repository>Attributes settings


What cannot be Synchronised

The following settings (among others) are not synchronised

  • CMI configuration (Networking, backup, etc)
  • Webmin configuration
  • Swivel Administration console Transport>General
  • Swivel Administration console Transport>Transport_Name
  • Swivel Administration console Repository>Repository_Name
  • Swivel Administration console RADIUS>Server
  • Swivel Administration console RADIUS>NAS


Prerequisites

Swivel 3.9.7 onwards

Firewall rule to allow synchronisation, see Firewall Appliance Configuration The Swivel appliance firewall is automatically updated as part of the Swivel core patch release version patch.3.10.2.1950.swivel onwards to allow access on port 61616.


Configuration

Synchronisation Administration Settings

Synchronise configuration: default No, Options Yes/No

Broker IP: IP address of the Broker. You need to designate one Swivel appliance as the broker, and use the IP of that for all appliances.

Broker port: default 61616, the port to be used for sharing configuration information

Act as Broker: default No, Options Yes/No, define a Swivel instance as the broker from which configuration information can be read

Broker checking frequency (seconds): default 60, time interval to reconnect if connection is lost from the broker


Synchronisation settings
Swivel Synchronisation setting Action on Apply Action on Sync Now ψ Apply from other Swivel server Sync now from other Swivel server ψ
Manual no settings pushed out push all settings in page receive changes receive all settings in page
Automatic push all changes push all settings in page receive changes receive all settings in page
Disable Sync No Synchronisation Disabled No change No change

ψ Note where groups are synchronised with Sync now, the settings are synchronised, but groups not on the target will not be created.


Swivel 3.9.7 Synchroniastion Administration.JPG

Synchronisation Administration additional Broker Setting

The broker additionally has the following setting:

Config sync checking frequency (seconds): default 60 seconds, this how often the synchronisation state is checked. The broker will send information about configurations with a sync type Manual or Automatic and show the sync status compared to the broker in the status screen.


Swivel 3.9.7 Synchroniastion Administration Configuration Broker.JPG


Synchronisation settings

The settings that can be synchronised have an option for;

Config sync type', Default Disable sync, options: Disable sync, Manual, Automatic

Disable sync - There is no synchronisation

Manual - Changes applied will not be synchronised, but the appliance will be able to receive synchronisation messages and they will be applied when the Sync now button is used.

Automatic - the changes applied on that Swivel instance will be applied to other Swivel instances who are configured as Manual or Automatic. A Synchronisation data have been sent will be displayed.


Synchronisation Status

The status page shows the synchronisation status of the Swivel instance. Entries are listed as either Synchronised or Not Synchronised for that Swivel instance.


Swivel 3.9.7 Synchroniastion Status not sync.jpg


Testing

On configuration a successful synchronisation will display a Connected message.

Swivel 3.9.7 Synchroniastion Administration.JPG

Swivel 3.9.7 Synchroniastion Administration Connected.JPG


The Status page will show the status for Broker or or connected to the broker:

State local sync broker Active

Configuration sync state connection Connected


Check connectivity with telnet to the broker

 telnet 172.16.1.97 61616
 
 CacheEnabledSizePrefixDisabled MaxInactivityDurationInitalDelay'TcpNoDelayEnabledMaxInactivityDurationu0TightEncodingEnabledStackTraceEnabledPuTTYPuTTYConnection closed by foreign host.


Standard Startup Messages

From Swivel version 3.10.3


Standard Non Broker Startup

Sync connection broker established, topic: PINsafe.Sync.Config.State

Subscriber created on topic: PINsafe.Sync.Config.State

Sync connection broker established, topic: PINsafe.Sync.Config

Subscriber created on topic: PINsafe.Sync.Config

Publisher created, topic: PINsafe.Sync.Config


Standard Broker Startup

Sync connection broker established, topic: PINsafe.Sync.Config.State

Publisher created, topic: PINsafe.Sync.Config.State

Sync connection broker established, topic: PINsafe.Sync.Config

Subscriber created on topic: PINsafe.Sync.Config

Publisher created, topic: PINsafe.Sync.Config

Sync broker has been started

Known Issues

Troubleshooting

Configuration fails to synchronise

Ensure that the Broker is running and can be contacted

Ensure Port and IP address details are correct

Under Synchronisation Administration>Configuration, set Synchronise configuration to No, Apply, set to Yes and Apply, then test


Config sync type' drop down menu and Sync now are missing. These are only enabled when the Synchronisation Administration>Configuration Parameters is set to Yes


Error Messages

Error establishing connection:

A connection cannot be made to the Administration Broker. Has a firewall rule to allow synchronisation been configured, see Firewall Appliance Configuration, are there any network devices blocking configuration? The Swivel appliance firewall is automatically updated as part of the Swivel core patch release version patch.3.10.2.1950.swivel onwards to allow access on port 61616.


Error starting sync broker

If a Swivel instance is connected to another broker, it is not possible to start the broker.


Error establishing connection 192.168.1.10: 61616

The Broker may be starting up, restarting or not running