Management and Configuration Guide (Includes ACM xl) 2005-12
ProCurve Secure Access 700wl Series Management and Configuration Guide 2-17
Using the 700wl Series System
As soon as an Access Controller is configured to communicate with its Access Control Server, that
Access Controller will appear in the System Components List on the Access Control Server. By selecting
the Access Controller in this list you can perform configuration and management functions such as
setting the date and time, configuring options such as bridging, port subnets, SNMP access, and so on.
You can also initiate upgrades, and shut down or restart the unit through the centralized interface.
System-wide backups are performed from the central Administrative Interface. In addition, status
information such as client and session status, is gathered from the Access Controllers and is maintained
and displayed centrally. Log entries are also stored centrally rather than on each Access Controller.
Because configuration information for an Access Controller is maintained by the Access Control Server,
configuration changes must not be made directly on an Access Controller. Changes made directly on
the Access Controller are not reflected in the central database, and those changes would be overwritten
the next time the Access Control Server propagated configuration information to the Access Controller.
In earlier versions of the 700wl Series system, it was possible to access an Administrative Interface on
an Access Controller by pointing a web browser to the IP address of the Access Controller. This is no
longer supported—instead the Access Controller just displays a page with a link to the Access Control
Server Administrative Interface.
Enterprise Class Redundancy
The 700wl Series system supports Access Control Server redundancy and failover. Access Control
Server failover provides high availability operation for clients in case of system outages, network
failures, or other disruptions. The primary Access Control Server functions as a normal Access Control
Server, servicing the connected Access Controllers’ requests for authentication, rights administration,
and other functions. The redundant Access Control Server is synchronized with the primary Access
Control Server through a combination of database replication, message and state replication, and
configuration replication, and is kept synchronized via incremental updates.
To set up a redundant Access Control Server, the following is required:
• Two peer Access Control Servers, each running version 4.0 or later software, must exist on the
network and be mutually reachable. Integrated Access Managers cannot be used as redundant
peers.
• One of these Access Control Servers must have the
Preferred Primary Access Control Server option
checked as part of the Access Control Server setup under the System Components tab of the
Network pages. Only one of the peer Access Control Servers may have this option checked.
• Both Access Control Servers, and all Access Controllers, must be configured with the same shared
secret in order to communicate with each other.
• As Access Controllers are installed on the network, they are configured with the IP address of the
Preferred Primary Access Control Server. Access Controllers in a system with redundant Access
Control Servers receive the address of the secondary Access Control Server from the Primary Access
Control Server.
See “Configuring Failover with Redundant Access Control Servers” on page 6-14 in Chapter 6 for
details on configuring redundant Access Control Servers.
How Access Control Server Failover Works
When a redundant relationship is established, the primary Access Control Server initially replicates its
configuration state and database on the secondary Access Control Server. From then on, SQL updates