Management and Configuration Guide (Includes ACM xl) 2005-12
2-18 ProCurve Secure Access 700wl Series Management and Configuration Guide
Using the 700wl Series System
will keep the secondary Access Control Server synchronized with the primary Access Control Server. A
“heartbeat” message between the primary and secondary is used to keep the secondary Access Control
Server informed that the primary is functioning.
The communication between the two peer Access Control Servers is done via a proprietary message
based protocol over TCP/IP.
Upon restart, an Access Controller attempts to communicate with the primary Access Control Server. If
that fails, the Access Controller attempts to communicate with the secondary Access Control Server.
Access Controller Behavior After a Failover
In the event of a primary Access Control Server failure, or failure on the network partition on which it
resides, the secondary Access Control Server will fail to receive the heartbeat message. A failover
timeout is used to determine when it is appropriate for the secondary Access Control Server to take over
management of the 700wl Series system. Depending on the nature of the failure, this may work in one
of several ways:
• If the primary Access Control Server is in the process of being upgraded or rebooted or experiences
a loss of power, the Access Controllers it was administering will no longer be able to contact it. They
will then attempt to establish communication with the secondary Access Control Server. This Access
Control Server will become the primary Access Control Server, and the failed Access Control Server,
when it comes back online, will be the secondary Access Control Server.
• If the loss of heartbeat is due to loss of network connectivity between the two Access Control
Servers rather than a failure of the primary Access Control Server itself, the Access Controllers that
reside in the same partition as the primary Access Control Server will continue to communicate
successfully with that Access Control Server. Access Controllers in the other network partition will
establish connections with the secondary Access Control Server, which will become the primary
Access Control Server to those Access Controllers.
When a Access Control Server failover occurs, authenticated clients on the various Access Controllers
will continue to have access to the network and will not be aware of the failover.
Returning Control to the Primary Access Control Server After a Failover
Access Control Server failover to the secondary Access Control Server is automatic. Return of control to
the primary Access Control Server is a manual process, except if the cause of the failover is due to a
network partition.
In most cases a failover occurs because the preferred primary Access Control Server is in the process of
being upgraded, rebooted, or is taken offline. When the preferred primary Access Control Server
completes the process and is back on-line, it recognizes the secondary Access Control Server as the
acting primary. The manual process of returning control to the primary Access Control Server allows
the system administrator time to diagnose and repair the network failure or problem with the primary
Access Control Server before returning control. Once the primary Access Control Server is back on-line
the two Access Control Servers automatically synchronize their data. The system administrator can
manually return control to the original primary Access Control Server by restarting the new primary
Access Control Server (originally the secondary) to force a fail-back to the original (Preferred Primary)
Access Control Server. This is done through the Shutdown/Restart tab under the Maint navigation
button.
In the case where there is a loss of connectivity between the primary and secondary Access Control
Servers, the two Access Control Servers will act as the primary in their respective network partitions.