Jump to content
Azkabahn

Self Destruct in High Availability

Recommended Posts

Hi,

 

i was wondering is it possible to run Self Destruct in HA mode? The documentation only points out a possible issue with running PasswordState in HA. 

I have deployed a totally separate windows server in DMZ where I run Self Destruct.

Share this post


Link to post
Share on other sites
14 hours ago, Azkabahn said:

i was wondering is it possible to run Self Destruct in HA mode? The documentation only points out a possible issue with running PasswordState in HA. 

 

Sort of, if you have the load balancers capable of doing it.

Self Destruct uses its own SQL-Lite database where it stores the shared messages/credentials pushed to it by the main Passwordstate website.
We have our Self Destruct web sites installed on the same web nodes as Passwordstate, bound to a seperate IP address. Our load balancers then direct all traffic for the self destruct HA URL to node 1 unless that node is offline.

This way the self destruct messages are always available until the node is offline.
It's HA in an Active/Cold configuration. In a disaster we still maintain our Self Destruct capabilities - we just have to re-create self destruct messages since the load balancers will instead be redirecting self destruct traffic to node 2.
SQL-Lite supports replication, so hopefully in a future build there is Active/Active support for self destruct.

 

The same Active/Cold setup can be achieved with the browser based gateway, and in theory the reset portal - but I'm still working on the reset portal HA.

Share this post


Link to post
Share on other sites

I had a similar idea as well. Unfortunately, it doesn't work in our case since self destruct is places in DMZ zone and will be used to send out URLs outside organization. While the main PasswordState is placed in infra segment with no access to outside.

 

Another question, I haven't had time to test it, but what if we simply use round-robin dns technique? Would PasswordState understand and return the message content?

Share this post


Link to post
Share on other sites
14 hours ago, Azkabahn said:

Another question, I haven't had time to test it, but what if we simply use round-robin dns technique? Would PasswordState understand and return the message content?

 

No, the self-destruct message data is stored in a SQLLite database on the Self-Destruct web server, Passwordstate web server pushes data to it.
If you round robin to two nodes (or more), one of them will get the data (say, self-destruct server1) , while the one the user hits to access the data (self-destruct server2) won't have it.

 

All self-destruct data needs to go to a single node, hence why an Active/Cold setup works.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...