Deploying provisioning failover - PingFederate

Deploying provisioning failover - PingFederate - 10.0

PingFederate Server

bundle

pingfederate-100

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 10.0

category

Product

pf-100

pingfederate

ContentType_ce

Page created: 12 Sep 2019 |

Page updated: 17 Feb 2022

| 3 min read

PingFederate 10.0 Product Configuration User task Software Deployment Method Product documentation Content Type Administrator Audience

After configuring outbound provisioning, you have the option to set up one or more failover PingFederate servers specifically for provisioning backup.

Provisioning runtime processing and failover is independent of SSO or SLO runtime processing and server clustering. However, if you are already deploying, or have deployed, a cluster for federation-protocol runtime processing, you can use a subset of those servers for provisioning failover. Alternatively, you can mix the configuration or set up provisioning-failover servers independently.

Important:

The pre-installed HSQLDB database cannot be used in a failover configuration. Each server in the failover network must be configured to use the same relational database.

Identify two or more runtime instances of PingFederate to configure for provisioning failover.

For each server instance, edit provisioning properties in the <pf_install>/pingfederate/bin/run.properties file as follows:

Property Description

pf.provisioner.mode

Property	Description
pf.provisioner.mode	The status of outbound provisioning. Allowed values are: `OFF` Outbound Provisioning is disabled. `STANDALONE` Provisioning is enabled, without failover. `FAILOVER` Provisioning is enabled, with failover. Important: The value `STANDALONE` cannot be used for failover configuration. This property must be set to `FAILOVER` on the primary and secondary servers. (The default value is `OFF`.)
provisioner.node.id	The unique index number of the provisioning server. Each server must have a unique index number (from `1` to `n` ), which is used to prioritize which server is currently active and which is next in line in case of a failure. Important: The primary active primary server should have an index number of 1. The lowest value in the environment becomes the primary. These node IDs are not required to start at 1, but it is recommended that they start at 1. The node IDs for each node must increase sequentially. The number must not exceed the maximum integer value supported by Java, which is 2147483647. Initial start-up performance degradation may result if the node ID does not start at 1.
provisioner.failover. grace.period	The time interval (in seconds) between the first indication that a node is dead and failover to the next server in line. The time period should be greater than the Synchronization Frequency set in the System > Protocol Settings > Outbound Provisioning screen on the administrative console. (The default value is `600`, which is 10 minutes.)

The status of outbound provisioning. Allowed values are:

OFF: Outbound Provisioning is disabled.
STANDALONE: Provisioning is enabled, without failover.
FAILOVER: Provisioning is enabled, with failover.

Important:

The value STANDALONE cannot be used for failover configuration. This property must be set to FAILOVER on the primary and secondary servers.

(The default value is OFF.)

provisioner.node.id

The unique index number of the provisioning server.

Each server must have a unique index number (from 1 to n ), which is used to prioritize which server is currently active and which is next in line in case of a failure.

Important:

The primary active primary server should have an index number of 1. The lowest value in the environment becomes the primary.

These node IDs are not required to start at 1, but it is recommended that they start at 1. The node IDs for each node must increase sequentially. The number must not exceed the maximum integer value supported by Java, which is 2147483647. Initial start-up performance degradation may result if the node ID does not start at 1.

provisioner.failover. grace.period

The time interval (in seconds) between the first indication that a node is dead and failover to the next server in line. The time period should be greater than the Synchronization Frequency set in the System > Protocol Settings > Outbound Provisioning screen on the administrative console.

(The default value is 600, which is 10 minutes.)

Important:

You must manually configure the failover properties in the run.properties file on each provisioning server, because the run.properties file is not copied among the provisioning servers automatically or as part of the Replicate Configuration process.

Start or restart all of the PingFederate servers.
If you have not already done so, set up an external database to facilitate provisioning and then update the Internal Provisioning Data Store setting in the System > Protocol Settings > Outbound Provisioning screen.
Once configured, if the provisioning servers belong to the same PingFederate clustered environment, go to the System > Cluster Management screen and replicate the new Internal Provisioning Data Store setting to all nodes. If the provisioning servers are individual PingFederate servers, for each provisioning server, create a datastore connection to the same external database and update the Internal Provisioning Data Store setting manually.