Azkabahn Posted May 30, 2019 Share Posted May 30, 2019 Hi, i was wondering is it possible to run Self Destruct in HA mode? The documentation only points out a possible issue with running PasswordState in HA. I have deployed a totally separate windows server in DMZ where I run Self Destruct. Link to comment Share on other sites More sharing options...
support Posted May 30, 2019 Share Posted May 30, 2019 Hello, Sorry, but we do not have a High Availability option for the Self Destruct feature. Regards Click Studios Link to comment Share on other sites More sharing options...
Sarge Posted May 31, 2019 Share Posted May 31, 2019 14 hours ago, Azkabahn said: i was wondering is it possible to run Self Destruct in HA mode? The documentation only points out a possible issue with running PasswordState in HA. Sort of, if you have the load balancers capable of doing it. Self Destruct uses its own SQL-Lite database where it stores the shared messages/credentials pushed to it by the main Passwordstate website. We have our Self Destruct web sites installed on the same web nodes as Passwordstate, bound to a seperate IP address. Our load balancers then direct all traffic for the self destruct HA URL to node 1 unless that node is offline. This way the self destruct messages are always available until the node is offline. It's HA in an Active/Cold configuration. In a disaster we still maintain our Self Destruct capabilities - we just have to re-create self destruct messages since the load balancers will instead be redirecting self destruct traffic to node 2. SQL-Lite supports replication, so hopefully in a future build there is Active/Active support for self destruct. The same Active/Cold setup can be achieved with the browser based gateway, and in theory the reset portal - but I'm still working on the reset portal HA. Link to comment Share on other sites More sharing options...
Azkabahn Posted June 4, 2019 Author Share Posted June 4, 2019 I had a similar idea as well. Unfortunately, it doesn't work in our case since self destruct is places in DMZ zone and will be used to send out URLs outside organization. While the main PasswordState is placed in infra segment with no access to outside. Another question, I haven't had time to test it, but what if we simply use round-robin dns technique? Would PasswordState understand and return the message content? Link to comment Share on other sites More sharing options...
Sarge Posted June 5, 2019 Share Posted June 5, 2019 14 hours ago, Azkabahn said: Another question, I haven't had time to test it, but what if we simply use round-robin dns technique? Would PasswordState understand and return the message content? No, the self-destruct message data is stored in a SQLLite database on the Self-Destruct web server, Passwordstate web server pushes data to it. If you round robin to two nodes (or more), one of them will get the data (say, self-destruct server1) , while the one the user hits to access the data (self-destruct server2) won't have it. All self-destruct data needs to go to a single node, hence why an Active/Cold setup works. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.