Enabling Guaranteed Messaging for HA Appliances

To provide HA appliance redundancy for clients publishing and/or receiving Guaranteed messages, an active/standby redundancy model must be used.

With this redundancy model, one appliance within the redundant pair is configured to provide Guaranteed Messaging service as the “primary” or active appliance, while the other appliance is configured to provide Guaranteed Messaging service as the “backup” or standby appliance. Neither appliance can be configured to provide Guaranteed Messaging service as both a “primary” and a “backup”.

Although Guaranteed Messaging can be enabled for an active/active HA pair, clients are only able to publish Guaranteed messages to and/or receive Guaranteed messages from the primary interface on one of the appliances, and appliance failover for Guaranteed Messaging clients is only provided for that primary interface. However, when Guaranteed Messaging is enabled for an active/active HA pair, it does permit the Config-Sync facility to be used, which automatically propagates configuration information between both redundant Solace PubSub+ appliances.

Before you begin

  1. The procedure for enabling Guaranteed Messaging for an HA pair provided below assumes that each appliance has:
  2. Although Guaranteed Messaging can only be used with HA pairs if both Guaranteed Messaging and redundancy are started and running successfully on both the primary and backup appliances, the order in which they are started is unimportant. For information on starting redundancy, refer to Active/Standby Pairs.
  3. The procedure also assumes that the appliance that will be the primary has:
    • At least one Message VPN properly configured for Guaranteed Messaging.
    • At least one client username in that Message VPN assigned a client profile that allows Guaranteed message publishing and/or receiving. These client usernames will be used by connecting clients.
  4. After the Config-Sync facility is enabled, the system-level and Message VPN‑level configuration parameters from the primary appliance are copied over to the backup appliance with assert‑leader operations.

Procedure

To configure Guaranteed Messaging for a redundant pair of appliances, perform the following steps:

  1. On both the primary and mate appliances, configure the Worldwide Name (WWN) to use when accessing the Logical Unit Number (LUN) on the external disk storage array. The WWN configured for each appliance must match. For more information, refer to Configuring an External Disk Array for Guaranteed Messaging.
    solace1(configure)# hardware message-spool
    solace1(configure/hardware/message-spool)# disk-array wwn 10:00:00:53:E5:40:9A:0F

     

    solace2(configure)# hardware message-spool
    solace2(configure/hardware/message-spool)# disk-array wwn 10:00:00:53:E5:40:9A:0F
  2. Start Guaranteed Messaging and message spooling on the primary appliance.
    solace1(configure)# hardware message-spool
    solace1(configure/hardware/message-spool)# no shutdown
  3. Start Guaranteed Messaging and message spooling on the backup appliance.
    solace2(configure)# hardware message-spool
    solace2(configure/hardware/message-spool)# no shutdown
  4. Enable Config-Sync for the primary appliance. You can configure Config-Sync to run over a TLS connection, so we've presented two choices so you can pick one appropriate to your situation.
    • Without TLS
      solace1(configure)# config-sync
      solace1(configure/)# no shutdown
    • Over TLS
      1. Configure a pre-shared key. You should note that the key must be the same for both appliances. For more information refer to Pre-Shared Authentication Keys for Appliances.
        solace1(configure)# redundancy
        solace1(configure/redundancy)# authentication
        solace1(configure/redundancy/authentication)# pre-shared-key key <pre-shared-key>
      2. Configure config-sync.
        solace1(configure)# config-sync
        solace1(configure/config-sync)# ssl
        solace1(configure/)# no shutdown
  5. Enable Config-Sync for the backup appliance. You can configure Config-Sync to run over a TLS connection, so we've presented two choices so you can pick one appropriate to your situation.
    • Without TLS
      solace2(configure)# config-sync
      solace2(configure/)# no shutdown
    • Over TLS
      1. Configure a pre-shared key. You should note that the key must be the same for both appliances. For more information refer to Pre-Shared Authentication Keys for Appliances.
        solace2(configure)# redundancy
        solace2(configure/redundancy)# authentication
        solace2(configure/redundancy/authentication)# pre-shared-key key <pre-shared-key>
      2. Configure config-sync.
        solace2(configure)# config-sync
        solace2(configure/config-sync)# ssl
        solace2(configure/)# no shutdown
  6. Administratively assert the system-level configuration parameters for one of the appliances over its mate.
    solace1# admin
    solace1(admin)# config-sync
    solace1(admin/)# assert-leader router

    Typically, the active appliance in the redundant pair will be chosen as the leader for the initial synchronization of configuration.

  7. Administratively assert the Message VPN-level configuration parameters of the same appliance over its mate.
    solace1# admin
    solace1(admin)# config-sync
    solace1(admin/)# assert-leader message-vpn *