Skip to content

DC-DR Configurations and Object Synchronization in HyWorks

HyWorks v3.4-SP1 or later versions include integrated DC-DR configurations and synchronization features. This document will provide a detailed discussion of these capabilities, architecture, and configurations.

DC-DR Synchronization and Architecture

Disaster Recovery(DR) Disaster recovery (DR) refers to an organization's ability to respond to and recover from events that negatively impact business operations. The primary goal of DR methods is to enable the organization to regain the use of critical systems and IT infrastructure as quickly as possible following a disaster.

DC-DR synchronization can be described as a mechanism to copy all the objects from the primary Data Center (DC) setup to another site, which can function as a Disaster Recovery (DR) site when the primary DC goes down. The synchronized objects include various HyWorks configurations, such as virtual applications, entitlements, and shared hosted desktops.

The main purpose of DC-DR synchronization is to create a backup of the HyWorks database from the primary setup to another isolated setup, which may be located in a different geographical location. HyWorks utilizes the Microsoft Sync Framework to sync the data between these two setups in a one-way direction, specifically from the DC to the DR site. This synchronization process requires SQL connectivity between the two sites, with data flowing from DC to DR.

Active-Passive Cluster

The following image illustrates the high-level architectural diagram of DC-DR synchronization between two HyWorks deployments in a two-node active-passive mode:

DC-DR Sync in Active-Active With SQL Managed Database High-Availability

Prerequisites, Configurations, and Assumptions

  1. DC-DR sync should be configured only after high availability is configured in HyWorks or the cluster is prepared successfully.

  2. When configuring DR, synchronization starts between the two setups. Therefore, it is recommended to create the DR site from scratch, synchronize the details from the primary DC deployment site, and then proceed with further configuration changes.

  3. The data synchronization between DC and DR sites is done from secondary of deployment#1 to secondary of deployment#2 to avoid any possible load on primary servers.

  4. Once the source server (Secondary server) is designated from the DC site as a source for DC-DR synchronization, it must not be changed in the future or used to switch the DC controllers. Doing so may result in some syncing objects being left on the existing server, which will not be reconfigured on the change, and it may also have performance impacts.

    • Ensure that the designated DC server remains in secondary mode at all times; otherwise, syncing will be halted if it becomes the primary server.

  5. The DC-DR Sync Role advance setting should be set on both DC and DR sites. However, the rest of the DC-DR advance settings should be set on the DR site only.

    • On DC Site: Set DC-DR Sync Role as 1.

    • On DR Site: Set DC-DR Sync Role as 2.

    • Please refer to the following section for DC-DR Sync Role setting values: Advance settings for DC-DR sync.

  6. The license count should be the same on both the DC and DR setups since license distribution for the organization is part of the organization's object, and the license distribution details will sync on the DR site.

  7. The same session host server(s) should not be used in both of the DC and DR setups, as this could result in session mismanagement and failures.

  8. If published applications are using any command line arguments pointing to specific servers, that server should be reachable from both sites. E.g., if a browser is published to access a local web URL https://mybank.local, then this URL must be reachable from both DC as well as DR sites.

  9. DC-DR sync is supported from the DC to DR site only, reverse syncing i.e., DR to DC is not supported.

Supported HyWorks Deployments

DC-DR synchronization is supported in the following types of deployment modes of HyWorks:

  • Two-node active-passive

  • Multi-node active-active with SQL-managed database high-availability

  • Multi-node active-active with HyWorks managed database high-availability

DC-DR Configuration

Prerequisites for DC-DR Configurations

Before enabling DC-DR synchronization, ensure that two sites are deployed independently, and one site is serving as the primary DC site with all configurations set up. The other site, designated as the DR site, should also be ready. Fulfill the following prerequisites before configuring DC-DR sync:

  1. Connectivity of SQL Server database of the DC site from the DR site. The default SQL port is 1433 but specify the custom port if it has changed.

  2. Both the DC and DR setups should be configured in HA (High Availability) cluster mode. This can be either Active-Active or Active-passive. Standalone deployment is not supported.

  3. SQL Management Studio and SQL server credentials of DC secondary server database.

  4. Ensure the same type and number of licenses are configured on both sites, as license distribution details will be synced to the DR site.

Once the above prerequisites are fulfilled, and the assumptions and configurations are understood, follow the steps below to enable DC-DR sync:

Steps to Enable DC-DR Sync

DC site:

  1. Open the management console of the primary management node of the DC site.

  2. Go to the Settings > General > Advance Setting.

  3. Search with the string "DCDR" to locate DC-DR configurations.

    • DCDR sync Role as 1.

DR site:

  1. Open the management console of the primary management node of the DR site.

  2. Go to the Settings > General > Advance Setting.

  3. Search with the string "DCDR" to locate DC-DR configurations.

    • DCDR sync Role as 2.

  4. Set DR Sync Role Enabled On as the hostname of the controller server from the DR site (This must be a secondary HyWorks Controller).

  5. Set the DC Server Connection String value, this value needs to be copied from the secondary server of DC. Please refer to the section: Getting DC server connection string.

  6. Change the value of DR Sync Interval In Minutes if required.

Note

  • Service restart is required on the Primary and Secondary HyWorks controllers of the DR site after changing the DCDR Sync Interval In Minutes setting.
  • Please wait for a few minutes to get the data synchronization completed on the secondary controller of DR site before restarting the service. By default, the HyWorks controller synchronizes data every minute.

Getting DC server connection string

  1. Launch SQL Server Management Studio (SSMS).

  2. Connect to the database server of the secondary HyWorks controller node from the DC setup.

  3. Expand the controller service database to view the list of tables.

  4. Locate table ClusterServerDBO, right-click on it, and select the option Select Top 1000 Rows.

  5. Copy the connection string of the secondary controller database of the DC setup by identifying the row by IP Address or Hostname. Copy the connection string from the DBSource column.

    1. This will be required to be provided in the DR set-up configuration.

  1. DCDR Sync Role: Set the DCDR Sync Role to '0' to disable the DCDR syncing, '1' to identify the site as a DC site, and '2' to identify the site as a DR site (DCDR sync will be done by DR site).

  2. DCDR Sync Role Enabled On: Hostname of the controller server on that DCDR sync will be running.

  3. DC Server Connection String: The encrypted connection string of the DC server from the data will be synced on the DR Server. Get this value from the DBSource column of the ClusterServerDbo table from the DC server database.

  4. DCDR Sync Interval In Minutes: DCDR sync interval in minutes.

Note

  • Service restart is required on the Primary and Secondary controller of the DR site after changing the DCDR Sync Interval In Minutes setting.

  • Please wait for a few minutes to get the data synchronization completed on the secondary controller of the DR site before restarting the service. By default the HyWorks controller synchronizes data every minute.

Special/Custom Sync for Authentication Servers

Authentication servers cannot be synced in real-time like other objects, because organizations may have different authentication servers for both DC and DR sites, such as IP address, credential, reachability status, etc.

DC-DR sync supports the one-time authentication server sync from DC to the DR site, it will not modify the authentication server data once it has been synced.

  • Authentication server sync is a one-time process and syncs the authentication server only once during the configuration of DC-DR sync.

  • Updates in the authentication server on the DC site will not be synced on the DR site. Therefore, any changes made to the authentication server object on the DC site will not affect the DR site.

  • Deleted authentication server on the DC site will not be deleted from the DR site.

Note

DC-DR sync will not work for Secondary AD if we add the secondary AD later and Primary is already synced on the DR site.

Re-sync the authentication server

Re-sync of the authentication server will be used if the existing authentication server is already synced and at a later time a new authentication server has been added on the DC site.

A new authentication server can be added by setting the AUTHENTICATIONSERVERSSYNCEDONDR registry setting as False on the secondary HyWorks controller.

An authentication server will be added to the DR site by fetching them from the DC site, if it does not exist on the DR site, If the authentication server already exists on the DR site then the addition will be skipped. The authentication server is never updated or deleted.

Steps to Re-Sync the Authentication Server:

  1. Go to the secondary controller server of the DR site for DCDR sync where the DCDR role is enabled.

  2. Go to Registry at location: HKEY_LOCAL_MACHINE\SOFTWARE\Accops\Controller\EDC\SERVICE.

  3. Set the AUTHENTICATIONSERVERSSYNCEDONDR registry setting to False.

  4. Check the logs on the designated controller server of the DR site.

Reconfiguration of DC-DR sync

Follow the below steps to re-configure DC-DR sync:

  1. Change controller mode to maintenance on DC and DR servers.

  2. Go to Registry at the location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Accops\Controller\EDC\SERVICE

  3. Set the SCHEMACHANGED registry setting to true to reconfigure.

  4. Restart the HyWorks controller service.

De-provisioning of DCDR sync

If it is needed to de-provision the DC-DR between two sites, it must be done on both the sites.

DC-DR De-provisioning should be done separately on each server itself by using the RemoveDRSyncOnServiceStart registry setting. DC and DR setup don't have configuration information for each other like HA, So DCDR sync will be removed on service start from the DC server even if the DCDR sync role is enabled on the DR server.

DCDR role can not be removed from the DR server if the DCDR sync role is enabled.

Steps to de-provision DC-DR Sync:

  1. Connect to the management console of the primary HyWorks controller of the DR site.

  2. Go to Settings > General > Advance Settings.

  3. Select the DCDR tag and locate the DCDR Sync Role setting.

    1. Set the DCDR Sync Role as 0, the de-provisioning gets processed only when the value is 0.

  4. Connect to the management console of the primary HyWorks controller of the DC site.

  5. Go to Settings > General > Advance Settings.

  6. Select the DCDR tag and locate the DCDR Sync Role setting.

    1. Set the DCDR Sync Role advance setting as 0.

  7. Change controller mode to maintenance on DC and DR sites.

    Note

    Please wait for the synchronization of advanced settings to get completed on the secondary HyWorks controller of both DC and DR sites. By default, the HyWorks controller synchronizes data every minute.

  8. Take the console or remote access of the Secondary HyWorks controller of the DR site.

  9. Go to Registry location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Accops\Controller\EDC\SERVICE

  10. Set the RemoveDRSyncOnServiceStart registry setting to true.

    1. If this registry entry does not exist in your setup, please create a new registry.

  11. Restart the HyWorks controller service.

  12. Take the console or remote access of the Secondary server of the DC site.

  13. Go to Registry location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Accops\Controller\EDC\SERVICE

  14. Set the RemoveDRSyncOnServiceStart registry setting to true.

    If this registry entry does not exist in your setup, please create a new registry.

  15. Restart the controller service.

  16. DC-DR deprovisioning from both DC and DR sites is completed and no more data syncing between two sites should occur.

HyWorks Objects to be Synced

Objects Is Sync enabled
Application
Application object Yes
User/Group/OU entitlements Yes
Unmanaged team assignments Yes
Managed team assignments No
Session host server assignments No
Classification rules Yes
Unmanaged SHD Pool (Non-Deployed)
Pool object Yes
User/Group/OU entitlements Yes
Classification rules Yes
VMs No
Rest of the Unmanaged SHD Pool (Non-Deployed)
Pool object No
User/Group/OU entitlements No
Classification rules No
VMs No
Unmanaged Teams
Unmanaged Teams objects Yes
Application To Team Assignment Yes
Virtual IP Settings Yes
Virtual IP List No
Session Host server No
Managed Teams
Unmanaged Teams objects No
Application To Team Assignment No
Virtual IP Settings No
Virtual IP List No
Session Host server No
Other
Default Device Setting & Device Group Setting Yes
Built In User & Groups Yes
Connection Profile & Entitlements Yes
Organizations & Settings Yes
Child Organizations & Settings Yes
Authentication Server No
Endpoint and Settings No
Advance Settings No
Session, App Session, Desktop Session, User detail No
System Setting No
License Status No
License Usage Per Organization Yes
DB BACKUP & SMTP No
Connectors No
VMs No
Capacity Plan & Schedule No
MMC Users & Roles Yes
Default Root Admin No
Classification Rules Yes
Virtual IP address No
Session Virtual IP address No
Permanent Virtual IP address assignments No
Announcements Yes

Filters Used on Objects While Syncing

PoolDbo (Pool object)

The pool object will be synced if the pool is:

  1. Unmanaged pool,

  2. With user-based assignments,

  3. Non-RMS pool,

  4. Team-based SHD pool

PoolClientDbo (Mapping of user and pool)

The mapping of the user with the pool will be synced if the pool is:

  1. Unmanaged pool,

  2. With user-based assignments,

  3. Non-RMS pool,

  4. Team-based SHD pool

PoolClientGroupMappingDbo (Pool client group mapping)

The mapping of the pool with the classification rules will be synced if the pool is:

  1. Unmanaged pool,

  2. With user-based assignments,

  3. Non-RMS pool,

  4. Team-based SHD pool

ClientRDPProfileAssignmentDbo (Pool and connection profile mapping):

The mapping of the pool with the connection profiles will be synced if the pool is:

  1. Unmanaged pool,

  2. With user-based assignments,

  3. Non-RMS pool,

  4. Team-based SHD pool

AppEntitlementDbo (Pool based entitlement in application)

The application entitlement will be synced if it is User, Group, and OU based, if it is pool-based entitlement then the pool should be:

  1. Unmanaged pool,

  2. With user-based assignments,

  3. Non-RMS pool,

  4. Team-based SHD pool

AssignmentDbo (Desktop assignments to user for the pool)

Desktop assignments will be synced if the pool is:

  1. Unmanaged pool,

  2. With user-based assignments,

  3. Non-RMS pool,

  4. Team-based SHD pool

ProviderServerTeamDbo (Team object)

The Team object will be synced if the Team type is unmanaged only. Managed teams will not be synced.

AppSessionTeamAssociationDbo (Team Application entitlements)

The Team Application entitlements will be synced if the team type is unmanaged.

ClientsDbo (User,Group, OU,Pool, and Device information for entitlement)

The client object will be synced of type User, Group, OU, and Pool only. The device type of client will not be synced.

MMCUserDbo (MMC user to login into MMC)

Non-super admin users will be synced on DR, and the super admin users will be not be synced as they are specific to setup.