DataMiner Failover on Amazon Web Services
Important
This setup is deprecated. We recommend using DataMiner as a Service (DaaS) instead.
When you set up a DataMiner Failover configuration, you need to assign virtual IP addresses to the corporate and acquisition networks of the active DMA. Switching from the active to the passive DMA requires that those virtual IP addresses are reassigned. This is done seamlessly by DataMiner.
If you use Amazon Web Services (AWS) for your system database, you need to assign secondary private IPv4 addresses to the network interfaces of your EC2 instances. You also need to transfer those addresses between your instances whenever a switch in DataMiner occurs.
Important
This method assumes that the EC2 instances are in the same availability zone. If your instances are in different zones, you should use Failover with DNS instead.
Setting up Failover
-
When you configure Failover, by default the IP addresses from the DMA on which you are configuring Failover are selected as the virtual IPs. Since these addresses are already assigned as primary addresses in AWS, you need to assign these back to the DMA and modify the virtual IPs according to your addressing scheme.
Open this image in a new tab to view the full resolution.
In the AWS Management Console, go to the EC2 section and, under Network & Security, select Network Interfaces. Locate the network interfaces of your active DMA and add the virtual IPs.
Installing the AWS Tools
Install the AWS Tools for Windows PowerShell on both Failover DMAs.
Open PowerShell in an administrative window.
Execute the following command:
Install-Module -Name AWSPowerShell
Tip
For more information, see AWSPowerShell 4.1.7.0.
Creating an access key
In order to programmatically make changes in AWS, you need an API access key. To create one, taking into account the principle of least privilege, follow the procedure below.
Note
You will need this information later when configuring DataMiner.
Create a policy:
In the AWS Management Console, go to the Identity and Access Management (IAM) section.
Under Access management, select Policies.
Click Create policy.
Define a new policy that contains the EC2 service, allows the action AssignPrivateIpAddresses and is limited to the network interface resources from your EC2 instances.
To find the network interface IDs, in the AWS Management Console, go to the EC2 section and, under Network & Security, select Network Interfaces. Locate the network interfaces of your DMAs and write down the network interface IDs.
Create a group:
In the AWS Management Console, go to the Identity and Access Management (IAM) section.
Under Access management, select Groups.
Click Create New Group.
Specify a name for the group and assign the policy created in the previous step.
Create a user:
In the AWS Management Console, go to the Identity and Access Management (IAM) section.
Under Access management, select Users.
Click Add user.
Specify a user name and select the access type Programmatic access.
Add the user to the group created in the previous step.
Click Create user. You will now be able to copy the access key ID and secret access key needed to perform API calls to AWS.
Note
You will not be able to copy the secret access key once you have closed this screen. If you lose the key, you will have to create a new one.
Configuring DataMiner
In order for DataMiner to be able to acquire the virtual IP addresses, these addresses need to be re-assigned in AWS first. To accomplish this, DataMiner can execute a script before it acquires the virtual IP.
Using the template below, create 2 scripts, one for the active DMA and one for the passive DMA, and fill in the variables.
If you do not have an acquisition network, you can remove the acquisition section.
Save the script under the name VIPAcquired.ps1 in the C:\Skyline DataMiner\Tools folder on the correct DMA.
#----------------------------------AWS-----------------------------------#
$AWS_ACCESS_KEY_ID = "";
$AWS_SECRET_ACCESS_KEY = "";
$AWS_REGION = "";
#-----------------------------CORPORATE----------------------------------#
$VIP_CORPORATE = "";
$NETWORK_INTERFACE_ID_CORPORATE = "";
Register-EC2PrivateIpAddress -NetworkInterfaceId
$NETWORK_INTERFACE_ID_CORPORATE -PrivateIpAddress $VIP_CORPORATE -
AllowReassignment 1 -Region $AWS_REGION -AccessKey $AWS_ACCESS_KEY_ID -
SecretKey $AWS_SECRET_ACCESS_KEY
#----------------------------ACQUISITION---------------------------------#
$VIP_ACQUISITION = "";
$NETWORK_INTERFACE_ID_ACQUISITION = "";
Register-EC2PrivateIpAddress -NetworkInterfaceId
$NETWORK_INTERFACE_ID_ACQUISITION -PrivateIpAddress $VIP_ACQUISITION -
AllowReassignment 1 -Region $AWS_REGION -AccessKey $AWS_ACCESS_KEY_ID -
SecretKey $AWS_SECRET_ACCESS_KEY