Management and Configuration Guide (Includes ACM xl) 2005-12
ProCurve Secure Access 700wl Series Management and Configuration Guide 2-19
Using the 700wl Series System
When connectivity is restored, the Access Control Servers will again exchange heartbeat messages and
the preferred primary will reclaim its role as the primary Access Control Server.
Failover Time Interval
The overall time required for a failover to occur is a function of several factors:
• The time interval specified in the Failover Timeout field in the Edit Access Control Server page
• The latency in the network link between the primary and the secondary Access Control Servers
If the primary and secondary Access Control Servers are located together with a hardwired link
between them, the overall failover time can be as small as one second. If they are located thousands of
miles apart then the latency time for communication between the two Access Control Servers may
become significant.
Avoiding Configuration Data Loss in a Redundant System
When setting up a redundant configuration for Access Control Server failover, there are a few situations
where it is possible to experience the loss of some configuration data.
The first situation is if you designate a Access Control Server as secondary when it still has valid
configuration data. For example, if it is actively managing an Access Controller with connected clients,
or has some other configuration information you would prefer not to lose. The act of making it a
secondary Access Control Server in an active redundant peer relationship will cause its configuration to
be overwritten by the Primary Access Control Server configuration. This situation can be avoided by
backing up the configuration of the peer Access Control Server, and double-checking your peer
configuration before enabling redundancy.
The second situation where data loss may occur is if a failover event occurs before the initial data
synchronization between the redundant Access Control Servers has completed. In this case, the
secondary Access Control Server will not have complete information to be able to take over as a fully
functional primary Access Control Server. Because synchronization happens quickly the likelihood of
data loss for this reason is small.
The third situation involves a loss of connectivity between the primary and secondary Access Control
Servers. In this situation there is no power failure of the Preferred Primary, instead the Secondary does
not detect a heartbeat message from the Preferred Primary and promotes itself to primary. Now there
are two primary Access Control Servers managing the 700wl Series system. If an administrator attempts
to access the Preferred Primary and cannot due to the loss of connectivity affecting that connection, then
the administrator will assume there was a failover and will access the secondary Access Control Server
now assumed to be the primary. If the administrator makes changes to the primary Access Control
Server (previously secondary) the changes will be lost when the Preferred Primary resumes control.
Configuration changes should only be made to the Preferred Primary. If a failover occurs, diagnosing
and repairing the reason for the failover should be performed before any configuration changes are
made.
Bandwidth Management
700wl Series system provides bandwidth rate limiting on a per-client basis. Each client may use
bandwidth as necessary up to the upstream or downstream limit set by the Access Policy currently in