Architectural Options

The standard design for the High Availability module is an active/passive configuration, where you have two separate web and database servers, and data is replicated one direction from the primary database server to the High Availability database server - as per the 'Active/Passive Configuration' diagram below.

With this design, the High Availability web site is read-only, and should rarely be accessed - unless you have an extended outage on your primary server.

It's also possible to configure the High Availability module in Active/Active configuration, although this requires an additional hardware appliance such as Citrix Netscaler, or F5 Load Balancer - to monitor the availability of the two web sites, and automatically fail over between them as required.

In the 'Active/Active Configuration' diagram below, it demonstrates the use of such a hardware load balancer, as well as SQL Server 2012 High Availability Groups - where bidirection data replication occurs real-time.

Active/Passive Configuration

Active/Active Configuration

Passwordstate Architecture Diagram - Active/Passive Passwordstate Architecture Diagram - Active/Active


Auditing

If using the active/passive configuration, the High Availability web site is read-only by default. Even though users cannot update data on the HA server, full auditing is still recorded locally, and then replicated back to the primary server once available again.