Failover Capability
In any mission critical communications system it is imperative to have built in redundancy. VCOM supports this function with a Failover capability. Failover by definition is the ability to automatically switch over from a primary working server to a secondary backup server should there be any catastrophic failure in operation of the primary server or its associated network.
Implementation
In the primary server, the IP address of the secondary server is configured. When the primary server starts, a connection to the secondary server is immediately established. Through this connection the primary server shares its licensing information to the secondary server. Additionally, the primary server conveys any operational changes to the system configuration to secondary server in real time so that the system configurations remain synchronized. This connection will remain active as long as both servers are running. If this connection is lost, the secondary server will immediately assume it is an active server allowing VCOM clients to connect. However in some cases even if the connection is not lost, the complexities of some network failures may still warrant the secondary server becoming the active server. When any VCOM client logs into the primary server, the secondary server IP address is automatically provided to it. In the event that communications with the primary server is lost, the client will automatically attempt to connect to the secondary server. If the secondary server is available and active, the VCOM client will log into the secondary server.
Once the secondary server becomes the active server, switching back to the primary server generally will require a manual authorization as the condition that caused the failover would need to be properly evaluated to ensure there is no possibility for reoccurrence of that event which would unnecessarily disrupt active communications. The manual switchover can be controlled through the System Administration application.
Failover Criteria
In normal operations, the primary server is always the active server. In general as long as the communications link between the primary and secondary server is connected, the primary server will remain as the active server. When a server is not the active server, logins will not be allowed. There are many different scenarios that can result in a failover event. The most common are as follows:
Communication link between primary and secondary servers lost due to
primary server failure:
In this simplest scenario, the secondary server would recognize the loss of the
primary server and immediately become the active server. All clients would also
recognize the loss of the primary server and would immediately reconnect to the
secondary server.
Communication link between primary and secondary servers lost due to
failure of network infrastructure:
In this scenario, the secondary server would recognize the loss of the primary
server and immediately become the active server. Since the primary server is
still running, it too would also still consider itself to be the active server.
However, if the network failure also resulted in the simultaneous loss of the
majority of connected VCOM clients the primary server will deactivate itself
forcing all remaining clients to connect to the secondary server.
Communication link between primary and secondary servers is not lost but
partial failure of network infrastructure:
In this scenario, the partial network failure may result in the loss of a large
portion of the VCOM clients. In this case the primary server will inform the
secondary server to activate allowing connections to be made. If the secondary
server reports the client connection were established the primary server will
deactivate itself forcing all remaining clients to connect to the secondary server.
Other Considerations
Many SIP clients also support a failover server however the IP address of the secondary server often must be manually configured. The primary and secondary servers should never be co-located so as to eliminate the risk of simultaneous server failure due to environmental issues.
Setup
On the primary server log into the System Administration and from the System Configuration tab select System Settings. In the Secondary Server [Failover] Network Settings click the Local Network Interface dropdown and select the IP address to use for communication between the Primary Server and the Secondary Server. In the Server IP Address field enter the IP address of the Secondary Server. In the Server IP Port for VCOM Client Data and Server IP Port for VCOM Client Audio fields type 1000. In the Server IP Port for Failover Data field type 1001.
No configuration is necessary on the secondary server. The system license and all settings will be synced with the secondary when the connection is established.
Upon clicking save a connection between the primary server and secondary server will be established. Navigate to the System Status page and in the Failover Status section you will see the message "Primary Active, Secondary Standby" if the connection was established successfully. Once the connection is established the System Administration will not be accessible from the secondary server.