Guest Matt Posted August 17, 2017 Share Posted August 17, 2017 Hi We are going to pull the trigger on PS and plan on running it as IaaS in Azure. We are purchasing the HA option as we plan to have an active/active setup. Some questions. Region 1: Web server and SQL server. Region 2: Web server and SQL server Plan to use availability groups and front them through an Azure load balancer. Preference is to use synchronous replication for data integrity. Questions Is this possible? How do I connect the two SQL instances, is it just using network security groups and specifying the appropriate ports? Can I use synchronous replication with SQL in Azure IaaS. Should I consider Azure SQL, does PS even support it? I'd rather not use an active/passive setup as PS documentation states that uses SQL transactional replication, and I have better experience with AoG and would prefer to use it. Thanks in advance Also posted in r/sysadmin Link to comment Share on other sites More sharing options...
support Posted August 18, 2017 Share Posted August 18, 2017 Hi Matt, Thanks for your post, and I'll try and provide some guidance - we do not have much in the way of experience with Azure, but hopefully between your knowledge of Azure, and ours of Passwordstate, we can get your questions answered. Passwordstate can connect to any version of SQL Server (2012 an above), and it really doesn't care what database replication technology is used. With On-Premise solutions, you can use Transnational Replication, High Availability Groups, Clustering etc. Within the web.config file, you will see the "database connection string" - it is this configuration which governs which SQL Server it can connect to. We've done limited testing with Azure SQL, and it seems to work fine - we can have Passwordstate pointed to one Azure SQL DB, and it seems to failover without any issues. So I do not believe this would be an issue for you. When you install the second node of Passwordstate, we recommend setting the PassiveNode key in the web.config file to "active", and then both Nodes of Passwordstate can have write access to the DB's - changing this key simply means the second Node will not duplicate processing with the Passwordstate Windows Service i.e. sending emails, synchronising AD Security Groups, performing Password Resets, etc. I hope this helps, and please let me know if you have any further questions about this. Regards Click Studios Link to comment Share on other sites More sharing options...
Matt Posted September 11, 2017 Share Posted September 11, 2017 Hi As a follow up, I now have a design idea to work to from help here The plan is to have two web servers in one region with an Azure SQL instance, with a third web server connected to a second Azure SQL instance in another region. SQL will use geo-location (AlwaysOn) and asynchronous replication to keep them consistent. Region 1 will have a load balancer and then both regions will be managed by Traffic Manager for failover. Couple of questions 1) What licence is appropriate for this setup, Enterprise with an HA licence or do I need a Global licence because I have 3 IaaS servers running + HA? 2) How do I configure the web config files to support this setup? 3) Is there any specific load balancer configuration that needs to be done so the web servers will accept the traffic? Thanks Matt Link to comment Share on other sites More sharing options...
support Posted September 12, 2017 Share Posted September 12, 2017 Hi Matt, Thanks very the further detail, and I will provide some feedback below for each bullet point: If you want Unlimited users, then the Global option would be the best option in terms of cost. If you only require 20 users, as an example, then you would require the High Availability module, plus 2 copies of 20 CALs You would need to modify the database connection string to point to the correct instance of SQL Azure, as well as to ensure the GUID, Secret1 and Secret2 values are the same. We can't really tell you at this stage what database connection string settings you would require, but Microsoft should provide guidance for this when you setup Azure SQL Sorry, but we do not have any experience with Azure Load Balancers - again, Microsoft should have some documentation to help you with this. We know that with other load balancers like F5 BigIP, you have to have a common DNS entry which points to the load balancers, and the load balancers offload traffic to different URLs as appropriate. The BigIP Load Balancers also need to be configured for SSL Offloading as well, so there are no conflicts with SSL certificates We hope this helps a little. Regards Click Studios Link to comment Share on other sites More sharing options...
Matt Posted September 12, 2017 Share Posted September 12, 2017 OK Licensing understood. Connection string, I would want to point this at a listener. I'll ask on Azure forum about this. Thanks Link to comment Share on other sites More sharing options...
support Posted September 12, 2017 Share Posted September 12, 2017 Hi Matt, Maybe the following two articles will help: https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/listeners-client-connectivity-application-failover https://www.sqlhammer.com/how-to-configure-sql-server-2012-alwayson-part-7-of-7/ If you are not using a SQL Account for connectivity in the web.config file, then there is additional work required in configuring Passwordstate. In our installation guide, you can look at the section 14 "MSA Account" for further instructions - https://www.clickstudios.com.au/downloads/version8/Installation_Instructions.pdf Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now