Skip to content

Failover Configuration for Authentication Server

Unavailability of the authentication server could lead to user logon failures. It is important to make sure that the authentication server is always available and reachable from the HyWorks Controller.

To keep the availability of the authentication servers, HyWorks supports the configuration of a secondary authentication server. This can be used to authenticate users when the primary authentication server unavailable.

Supported Authentication Servers

The secondary authentication server is currently supported for Microsoft Active Directory servers only.

How to configure a secondary Active Directory Server

To configure the secondary authentication server, follow the steps listed below:

  1. Log in to the HyWorks Controller Management Console using appropriate Administrator credentials

  2. Go to the Server tab and expand the Authentication section

  3. Click on the + Add button to open the Add Authentication Server dialog. Alternatively, click on the Edit button if the authentication server of Active Directory type already exists

  4. In the Add/Edit Authentication Server dialog:

    1. Make sure the Server Type is Active Directory

    2. Provide an appropriate server address e.g. 192.168.1.1 or accopsad.com

    3. Provide the Base DN information

      1. All users, groups and OUs will be fetched if the Base DN information has not been provided

      2. On providing specific Base DN information users, groups or OUs will be fetched as per the information provided.

    4. Provide Administrator credentials with rights to read and write access to user account management

    5. Select the checkbox Add Secondary Authentication Server, which will enable the fields for the secondary authentication server

      1. Provide an appropriate Server address e.g. 192.168.1.2 or accopsad2.com

      2. Provide the Base DN information (optional for Microsoft AD)

        1. All users, groups and OUs will be fetched if the Base DN information has not been provided

        2. On providing specific Base DN information users, groups or OUs will be fetched as per the information provided.

      3. Provide Administrator credentials with rights to read and write access to user account management

  5. Click on the Test Connection button

  6. Once a successful connection message appears, click on the Add button

  7. Authentication servers should be added and should be shown in the Authentication section

Authentication Server Failover Mechanism

Authentication server's failover mechanism works in the same manner as the Session Provider Failover mechanism, which means:

  1. When both servers are up

    The primary authentication server will be used to authenticate users.

  2. When secondary is down, and primary is up

    The primary authentication server will be used to authenticate users.

  3. When Primary goes down and secondary is up

    The HyWorks Controller will automatically switch to the secondary authentication server and the secondary server will be used to authenticate users.

  4. Primary comes up and secondary goes down

    The HyWorks Controller will automatically switch to the primary authentication server and user authentication will be done using the primary authentication server.

  5. When both go down and neither of the server comes up

    The HyWorks Controller will use whichever authentication server comes up first and is reachable to authenticate users.

  6. Primary goes down -- Comes up again

    If the primary server goes down, the HyWorks Controller will start using the secondary server and when primary server comes up again, the Controller will keep the primary in standby mode. This means it will continue to use the secondary server.

    The Administrator will be displayed an option to switch to the primary authentication server by using the Use This button which will again configure the primary authentication server as active server.

Once this option is selected, authentication will happen using the primary authentication server.