Documentation update

   

To provide a better user experience, we have now created a separate documentation space for BMC Helix Automation Console (previously called BMC Helix Vulnerability Management).
Users of BMC Helix Automation Console can find the latest documentation at BMC Helix Automation Console. .

Configuring application clusters

For a medium or large sized deployment, an administrator deploys multiple instances of the TrueSight Automation Console application server component and creates an application cluster. You must configure a cluster of application servers to replicate information, so if one fails, other members of the cluster have access to the same information. 

You can use any proxy solution to configure application clusters. This topic provides instructions on how to share data in a TrueSight Automation Console (on-premises) application cluster using the High Availability Proxy (HA Proxy) solution. 

Configuring an application cluster using HA Proxy

  1. On a host where the Automation Console application is not installed, run the following command to install HA Proxy.

    yum install haproxy

    A configuration file, haproxy.cfg gets created in the /etc/haproxy directory.

  2. Navigate to the /etc/haproxy directory and replace the content in the default haproxy.cfg file with the following content. 

     Sample haproxy.cfg file
    #---------------------------------------------------------------------
    #Exmple configuration for a possible web application.  See the
    # full configuration options online.
    #
    #   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
    #
    #---------------------------------------------------------------------
    
    #---------------------------------------------------------------------
    # Global settings
    #---------------------------------------------------------------------
    global
        # to have these messages end up in /var/log/haproxy.log you will
        # need to:
        #
        # 1) configure syslog to accept network log events.  This is done
        #    by adding the '-r' option to the SYSLOGD_OPTIONS in
        #    /etc/sysconfig/syslog
        #
        # 2) configure local2 events to go to the /var/log/haproxy.log
        #   file. A line like the following can be added to
        #   /etc/sysconfig/syslog
        #
        #    local2.*                       /var/log/haproxy.log
        #
        log 127.0.0.1 local2
    
        chroot      /var/lib/haproxy
        pidfile     /var/run/haproxy.pid
        maxconn     4000
        user        haproxy
        group       haproxy
        daemon
    
        # turn on stats unix socket
        stats socket /var/lib/haproxy/stats
    
    defaults
            timeout server 86400000
            timeout connect 86400000
            timeout client 86400000
            timeout queue   1000s
    
    
    frontend localnodes
    bind *:<portNumber>
        mode tcp
        default_backend http_1
    
    
    # Learn SSL session ID from both request and response and create affinity.
    backend http_1
        mode tcp
        balance roundrobin
    
        # maximum SSL session ID length is 32 bytes.
        stick-table type binary len 32 size 30k expire 30m
    
        acl clienthello req_ssl_hello_type 1
        acl serverhello rep_ssl_hello_type 2
    
        # use tcp content accepts to detects ssl client and server hello.
        tcp-request inspect-delay 5s
        tcp-request content accept if clienthello
    
        # no timeout on response inspect delay by default.
        tcp-response content accept if serverhello
    
        # SSL session ID (SSLID) may be present on a client or server hello.
        # Its length is coded on 1 byte at offset 43 and its value starts
        # at offset 44.
        # Match and learn on request if client hello.
        stick on payload_lv(43,1) if clienthello
    
        # Learn on response if server hello.
        stick store-response payload_lv(43,1) if serverhello
    
         server server1 <IPAddress_hostA>/<FQDN_hostA>:<portNumber>
         server server2 <IPAddress_hostB>/<FQDN_hostB>:<portNumber>
    
    
  3. Open the file in a text editor, and locate the frontend localnodes section and replace <portNumber> with the secure port used to access the Automation Console application. 

    Example
    frontend localnodes
    bind *:10443
        mode tcp
        default_backend http_1


  4. At the end of the file, replace <IPAddress_hostA>/<FQDN_hostA> with the Fully Qualified Domain Name or IP Address of the application server host and port number with the secure port used to access Automation Console application. 
    Increase the number of entries based on the number of applications you have installed. For example, if you have four instances of application, add four server counter entries. 

    Note

    You must specify the same port number for all the application servers.


  5. Save changes and run the service haproxy restart command to restart the HA Proxy service.

Related topics

Deployment scenarios

Deployment sizing requirements

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Sathish kanth Swarna

    Are these steps validated by Product Development team?

    There is an defect around this #DRSMP-4658

    May 05, 2021 03:05
    1. Shweta Hardikar

      Hi Satish,

      Yes, they are, however, let me check and update the docs. 

      May 19, 2021 12:48
    1. Bipin Inamdar

      Thank you for your feedback on the documentation. We have entered the following internal tracking ID for this (DRSMP-6213) and will address your query as soon as possible.

      Jun 25, 2021 06:01