“Failure is not an Option” – Gene Krantz, NASA
Late last year I had a chance to work on a project that centered on the use of the SAP Virtual Directory. One of the things that we needed to do was make sure that the Virtual Directory configuration would be available in a Fault Tolerant manner to comply with general best practices and specific High Availability requirements from the customer. The good news is that Virtual Directory has built in functionality to provide this via the Failover Group Configuration.
To demonstrate this I created a simple scenario where had three systems, two of which represented basic virtualization of a data source, and one other system that held the failover configuration. In this example I virtualized the HR Data sample data that comes with SAP IDM. I’ve provided a basic diagram below. I’ve prepared a quick “architecture view” here:
To demonstrate the difference between the configurations I named one Alpha, and the other Beta. We will be able to use this later on when we demonstrate that failover is actually occurring.
The next step was configuring the Failover Group. This isn’t too hard to build, as all you need to do is set up “Single” data sources to Alpha and Beta (This time as LDAP data sources) Open the Groups, and then the Performance & Availability node. From there, right click and select New and set up the Failover Group as I have done below, again, I did this on a third VM just to make sure everything in our test scenario was properly segregated. I have posted the configurations on SourceForge so that you can have a starting point on the configurations. There’s a quick and dirty README there as well.
You’ll probably need to fiddle around a bit to get the groups enabled, but it can be done. I found that clicking on the source entry, and then clicking on the related “Enabled” box worked best, but you’ll probably need to play with it a touch to get it working. (Note to the Development team, this is an area of the interface that could use some tweaking, at least in VDS 7.2)
Once this is done, make sure that all of the configurations are running and try it out. I did some testing using an LDAP browser (Apache Directory Studio, can’t recommend it highly enough). During the first run, I pointed my LDAP browser at the failover configuration and saw Alpha.
Then I went in and stopped the Alpha configuration. I didn’t do anything fancy, just stopped VDS config. Then just wait 15 seconds or however long you reconfigured the “Servers marked as unavailable are not used for” setting. (VDS team, this could written more clearly as well) Now go back and try your LDAP browser again. You’ll notice the read probably takes a little longer now and you might also get a Root DSE warning. You can disregard it. We’re getting this message since we are combining two LDAP schemas via the read of Alpha and Beta.
That’s pretty much it. I know more needs to be done with it. What would you like to see? Heck, join the project and make your own changes! Look for some more open source fun coming soon!