Milestone XProtect: the simplest high availability cluster between two redundant servers
With the synchronous replication and automatic failover provided by Evidian SafeKit
The solution for Milestone XProtect
Evidian SafeKit brings high availability to Milestone XProtect, the CCTV video surveillance system, between two redundant servers.
This article explains how to implement quickly a Milestone cluster with real-time replication and automatic failover of the management services and the SQL database. Management services and SQL can be split on several clusters.
Note that high availability of recording servers is already managed by the Milestone built-in solution (without real-time replication).
A generic product
Note that SafeKit is a generic product on Windows and Linux.
You can implement with the SafeKit product real-time replication and failover of any file directory and service, database, complete Hyper-V or KVM virtual machines, Docker, Podman, K3S, Cloud applications (see the module list).
A complete solution
SafeKit solves:
- hardware failures (20% of problems), including the complete failure of a computer room,
- software failures (40% of problems), including restart of critical processes,
- and human errors (40% of problems) thanks to its ease of use via its web console.
Redundancy and high availability at the application level
In this type of solution, only application data are replicated. And only the application is restared in case of failure.
With this solution, restart scripts must be written to restart the application. This solution is platform agnostic and works with applications inside physical machines, virtual machines, in the Cloud. Any hypervisor is supported (VMware, Hyper-V...).
Examples
- Video management: Milestone (Management, SQL, Log, Event)/SafeKit
- Video management: Genetec (SQL)/SafeKit
- Access control: Nedap (AEOS, SQL)/SafeKit
- New application (restart scripts to write): Windows, Linux
Redundancy and high availability at the virtual machine level
In this type of solution, the software is put inside a virtual machine. The full Virtual Machine (VM) is replicated and restarted (Application + OS).
The advantage of this solution is that there is no restart scripts to write per application. This solution is generic for any software. It works with Windows/Hyper-V and Linux/KVM but not with VMware. This is an active/active solution with several virtual machines replicated and restarted between two nodes.
Examples
- Building management: Siemens Desigo CC/SafeKit
- Video management and access control: Siemens Siveillance suite/SafeKit
- New application (no restart script to write): Windows/Hyper-V, Linux/KVM
More comparison between VM HA vs Application HA
Milestone has chosen SafeKit
SafeKit is deployed in 24+ countries with the video management software of Milestone.
SafeKit is validated by Milestone for redundancy and high availability of the management server.
SafeKit is the best solution because it is purely software, completely hardware-agnostic.
Solution preferred by Siemens
SafeKit is available in the Siemens marketplace with its Siveillance suite (video and access control) and with its SCADA software: Desigo CC (building management), SIMATIC WinCC, SIMATIC PCS 7.
SafeKit is deployed by Siemens in Australia, France, the Netherlands, Qatar, Switzerland, the UAE, the UK, the US.
SafeKit recommended by Nedap
Nedap, a key player in physical access control, recommends SafeKit for redundancy and high availability of its AEOS application.
The Nedap/SafeKit solution is available with a free trial and a quick installation guide.
TIL Technologies has chosen SafeKit
SafeKit is deployed in 100+ customer sites by TIL Technologies for access control and building management.
SafeKit is the high availability option of MICROSESAME.
Innovation award in Video Management Software
Readers of Benchmark Magazine (specialized in physical security systems for resellers & SI) have voted for SafeKit as an innovation in Video Management Software.
This award shows the importance of redundancy in security offerings.
Built-in Hyper-V replication
- Asynchronous replication => data loss
- Manual failover (no automatic failover)
- Not a high availability solution
Microsoft clustering (same as VMware HA)
- Requires a shared disk
- Price of the shared disk and its installation (SAN, iSCSI)
- Configuration complexity of Windows failover cluster (AD…)
- Remote sites = replicated storage
Evidian SafeKit
- Simple and economical
- Synchronous replication => no data loss
- Automatic failover and failback
- No shared disk
- Free trial and quick installation guide
Prerequisites
- You need Milestone XProtect and SQL installed on 2 nodes (virtual machines or physical servers). SQL Server can be external, see the note below.
- On Windows, with Windows services manager, put Milestone XProtect and SQL services with Boot Startup Type = Manual on both nodes.SafeKit controls start of Milestone XProtect and SQL services in start_prim. Edit start_prim during the configuration to check if you have put all services in Manual boot including the new ones that you can add.
Note: SQL Server can be external. In this case, at step 4 during the step by step configuration of milestone.safe:
- remove the replication of SQL Data\ and Log\ folders,
- remove the process checker on sqlservr.exe,
- remove the start and stop of the MSSQLServer service in start_prim and stop_prim scripts.
You can implement redundancy of the external SQL Server with SafeKit and the sqlserver.safe module.
In this case on both management nodes, configure the connection of Milestone Management to SQL with the virtual IP address of the sqlserver.safe module (registry key HKEY_LOCAL_MACHINE\SOFTWARE\VideoOS\Server\ConnectionString).
Note: The Event server can be external to the Management server.
In this case, you have 2 clusters with 2 installations of milestone.safe: one for the Management cluster, the other one for the Event cluster.
For the Management cluster, at step 4 during the step by step configuration of milestone.safe:
- remove the start and stop of "MilestoneEventServerService" in start_prim and stop_prim scripts.
And for the Event cluster, at step 4 during the step by step configuration of milestone.safe:
- remove the start and stop of "Milestone XProtect Management Server" and "Milestone XProtect Log Server" in start_prim and stop_prim scripts,
- remove the start and stop of the MSSQLServer service in start_prim and stop_prim scripts,
- remove the replication of SQL Data\ and Log\ folders,
- remove the process checker on sqlservr.exe,
- during the step-by-step configuration, register the Event server with the virtual IP address of the Management cluster (or install the Event server from the Download Manager and set the virtual IP address of the Management cluster during the installation),
- in the Milestone management client, set the Event Server with the virtual IP address of the Event cluster in the Registered Services.
In case of migration of Milestone from version N to version N+1 in a SafeKit cluster, read this article: Milestone Management Migration with SafeKit
Package installation on Windows
-
Download the free version of SafeKit on 2 Windows nodes.
Note: the free version includes all SafeKit features. At the end of the trial, you can activate permanent license keys without uninstalling the package.
-
To open the Windows firewall, on both nodes start a powershell as administrator, and type
c:/safekit/private/bin/firewallcfg add -
To initialize the password for the default admin user of the web console, on both nodes start a powershell as administrator, and type
c:/safekit/private/bin/webservercfg.ps1 -passwd pwd
- Use aphanumeric characters for the password (no special characters).
- pwd must be the same on both nodes.
-
Exclude from antivirus scans C:\safekit\ (the default installation directory) and all replicated folders that you are going to define.
Antiviruses may face detection challenges with SafeKit due to its close integration with the OS, virtual IP mechanisms, real-time replication and restart of critical services.
Module installation on Windows
-
Download the milestone.safe module.
The module is free. It contains the files userconfig.xml and the restart scripts.
- Put milestone.safe under C:\safekit\Application_Modules\demo (create the demo directory if it does not exist).
Be careful, some specific steps are required to configure Milestone XProtect and SQL on the virtual IP address else the failover is not working.
1. Launch the SafeKit console
- Launch the web console in a browser on one cluster node by connecting to
http://localhost:9010. - Enter
adminas user name and the password defined during installation.
You can also run the console in a browser on a workstation external to the cluster.
The configuration of SafeKit is done on both nodes from a single browser.
To secure the web console, see 11. Securing the SafeKit web console in the User's Guide.
2. Configure node addresses
- Enter the node IP addresses.
- Then, click on
Applyto save the configuration.
If node1 or node2 background color is red, check connectivity of the browser to both nodes and check firewall on both nodes for troubleshooting.
This operation will place the IP addresses in the cluster.xml file on both nodes (more information in the training with the command line).
3. Choose the module
- In the Configuration tab, click on the milestone.safe module.
The console finds xxx.safe in the 'Application_Modules/demo/' directory on the server side if you dropped a module there during installation.
4. Configure the module
- Choose an automatic start of the module at boot without delay.
- Normally, you have a single heartbeat network on which the replication is made. But, you can define a private network if necessary.
- Check that the replicated directories are installed on both nodes and contain the application data.
Replication of data and also logs is required for a database.
You can add new replicated directories as needed. - Enter a virtual IP address. A virtual IP address is a standard IP address in the same IP network (same subnet) as the IP addresses of both nodes.
Application clients must be configured with the virtual IP address (or the DNS name associated with the virtual IP address).
The virtual IP address is automatically switched in the event of a failure. start_primandstop_primmust contain starting and stopping of the Milestone XProtect and SQL application.
You can add new services in these scripts.
Check that the names of the services in these scripts are those installed on both nodes, otherwise modify them in the scripts.- Stop the services configured in
start_primon both nodes. - On Windows and on both nodes, with the Windows services manager, set
Boot Startup Type = Manualfor all the services registered instart_prim(SafeKit controls the start of services instart_prim).
Note that if a process name is displayed in Process Checker, it will be monitored with a restart action in case of failure. Configuring a wrong process name will cause the module to stop right after its start.
This operation will report the configuration in the userconfig.xml, start_prim, stop_prim files on both nodes (more information in the training with the command line).
5. Verify successful configuration
- Check the success message (green) on both nodes and click Next.
6. Do not start anything and click on the Close button
Do not start anything and click on the Close button because special Milestone XProtect and SQL configuration is required on the virtual IP address before starting
7. Go to desktop of node 1 and set the virtual IP address in internal Milestone files
Since Milestone 2022 R3, this step is not useful and will be made automatically with "Server Configurator - Registering servers - http://virtual-IP" in a next step.
In a Powershell command line as Administrator, execute on node 1 this script:
c:/safekit/modules/milestone/bin/UpdateAuthServerUri.ps1
This script sets the virtual IP address in 2 internal Milestone files:
C:\ProgramData\Milestone\XProtect Management Server\ServerConfig.xml <AuthorizationServerUri>http://<virtual-ip>/IDP</AuthorizationServerUri>C:\Program Files\Milestone\XProtect Management Server\IIS\IDP\appsettings.json "Authority": "http://<virtual-ip>/IDP"
We assume at this step that the virtual IP address has been correctly configured in the previous steps (the script uses the virtual IP address entered in the SafeKit console and stored in userconfig.xml).
Note that the same procedure is required when Milestone is running with Microsoft Cluster else there is a reconnection problem of recording servers: https://developer.milestonesys.com/s/article/RS-goes-offline-mode-after-switching-the-Management-Server-cluster-node.
8. Start node 1 as primary in the console, the node with up-to-date data
We assume since Step 7 that node 1 has the up-to-date replicated directories.
Force the start of node 1 as primary. When node 2 will be started, all data from node 1 will be copied to node 2.
If you make the wrong choice, you run the risk of synchronizing outdated data on both nodes.
It is also assumed that the Milestone XProtect and SQL application is stopped on node 1 so that SafeKit installs the replication mechanisms and then starts the application in the start_prim script.
9. Wait for the transition to ALONE (green)
- Node 1 should reach the ALONE (green) state, which means that the
start_primscript has been executed on node 1.
If the status is ALONE (green) and the application is not started, check output messages of start_prim in the Application Log of node 1.
If node 1 does not reach ALONE (green) state, analyze why with the Module Log of node 1.
If the cluster is in WAIT (red) not uptodate - STOP (red) not uptodate state, stop the WAIT node and force its start as primary.
10. In the desktop of node 1, stop, then register on the vitual IP address and restart the Milestone Management Server
Execute the following bullets on node 1 according the menu in the image:
- Right-click on the Milestone Management Server icon in the taskbar.
- Stop Management Server Service
- Then choose Server Configurator... and register the virtual IP address.
- Start Management Server Service
This procedure registers the node 1 management server in the SQL database (running on node 1) through a connection to the virtual address.
Before Milestone 2022 R3 version, the registration may have deleted the virtual IP address configuration in the internal Milestone files. In this case, repeat Step 7.
Note: To register a version before Milestone 2020 R2, use Change encryption settings...
11. In the desktop of node 1 with Milestone Management Client, set the virtual IP address in URLs for services and network
Since Milestone 2022 R3, this step is not useful and has been made automatically with "Server Configurator - Registering servers - http://virtual-IP".
According the image:
- Start Milestone XProtect Management Client on node 1.
- In the Tools menu, select Registered Services.
- In the Add/Remove Registered Services window, select a service in the list and click on Edit.
- In the Edit Registered Service window, change the URL address of the service with the same URL address but containing the virtual IP address.
- Repeat these steps for all services listed in the window.
- In the same window, click on Network.
- In the Network Configuration window, change the URL address of the server with the same URL address but containing the virtual IP address.
12. In the desktop of node 1 with Milestone Management Client, set the administrator roles to ensure a correct failover
If Milestone "Windows authentication" has been configured with an Active Directory, the user/password will be retrieved in the external AD on the secondary node after a failover, so there is no special configuration.
When you start the Milestone XProtect Management Client, you have to authenticate either with "Windows authentication" or "Basic authentication" (click here to see the screenshot).
Open Milestone XProtect Management Client and in Security / Roles (see image)
- Set the Windows group BUILTIN\Administrators . Thus an administrator user on the secondary will be able to connect to Milestone on the secondary with "Windows authentication".
- Create a user with a "Basic authentication" (Admin in the image) to be sure to re-authenticate on the secondary node after a failover. For "Basic authentication", the user/password is stored in the SQL database and will be retrieved on the secondary node after a failover.
By setting the BUILTIN\Administrators group, you will be able to authenticate on the seconday node with a local Windows administrator.
Else no authentication will be possibe with a local Windows account on the secondary after a failover.
It's because the BUILTIN\Administrators group has the same SID on both nodes. For other local groups or local users, authentication will not be possible on the secondary because SIDs are different between both nodes even if they have the same name.
13. Go to the desktop of node 2 and set the virtual IP address in internal Milestone files
Since Milestone 2022 R3, this step is not useful and will be made automatically with "Server Configurator - Registering servers - http://virtual-IP" in a next step.
In a Powershell command line as Administrator, execute on node 2 this script:
c:/safekit/modules/milestone/bin/UpdateAuthServerUri.ps1
This script sets the virtual IP address in 2 internal Milestone files:
C:\ProgramData\Milestone\XProtect Management Server\ServerConfig.xml <AuthorizationServerUri>http://<virtual-ip>/IDP</AuthorizationServerUri>C:\Program Files\Milestone\XProtect Management Server\IIS\IDP\appsettings.json "Authority": "http://<virtual-ip>/IDP"14. In the desktop of node 2, register the management server on the vitual IP address
- Choose Server Configurator in the taskbar of node 2 and register it on the virtual IP address (see image).
- Then Stop Management Server Service.
The account of the user executing the registration on node 2 must have the administrator role in Milestone on node 1.
If it is the local administrator on node 2 who makes the registration, the built-in Windows group BUILTIN\Administrators must have been set in Management Client / Security / Roles at Step 12. Else the registration will not work.
This procedure registers the node 2 management server in the SQL database (running on node 1) through a connection to the virtual address.
With a version of Milestone before 2022 R3, the registration may have deleted the virtual IP address configuration in the internal Milestone files. In this case, repeat Step 13.
15. Start node 2
- Start node 2 with its contextual menu.
- Wait for the SECOND (green) state.
Node 2 stays in the SECOND (magenta) state while resynchronizing the replicated directories (copy from node 1 to node 2).
This may take a while depending on the size of files to resynchronize in replicated directories and the network bandwidth.
To see the progress of the copy, see the Module Log of node 2 with the verbose option without forgetting to refresh the window.
16. Verify that the cluster is operational
- Check that the cluster is green/green with Milestone XProtect and SQL services running on the PRIM node and not running on the SECOND node.
Only changes inside files are replicated in real time in this state.
Components that are clients of Milestone XProtect and SQL services must be configured with the virtual IP address. The configuration can be done with a DNS name (if a DNS name has been created and associated with the virtual IP address).
17. Configure the virtual IP address in recording servers
- Either install the recording servers, specifying the virtual IP address in the installation URL.
-
Or, on the recording servers side, set the virtual IP address in the following fields of
C:\ProgramData\Milestone\XProtect Recording Server\RecorderConfig.xml<server><address><server><authorizationserveraddress> - Connect the Milestone Management Client and the Milestone Smart Client on the virtual IP address.
18. Management Client and Smart Client are not functioning properly after node switch
In a clustered XProtect® Management Server setup, Smart Client and Management Client show various issues after a node switch. The issue is related to tokens being generated on different nodes before and after the node switch, and to problems accessing certain certificates needed for token validation. A solution is available (for versions 2022 R3 to 2023 R2) — this Milestone article explains in detail how to apply the solution.
Read the Milestone KB article.
The issue is solved in Milestone 2023 R3.
19. Testing
- Stop the PRIM node by scrolling down its contextual menu and clicking Stop.
- Verify that there is a failover on the SECOND node which should become ALONE (green).
- And with Microsoft Management Console (MMC), check the failover of Milestone XProtect and SQL services (stopped on node 1 in the
stop_primscript and started on node 2 in thestart_primscript).
If the Milestone XProtect and SQL application is not started on node 2 while the state is ALONE (green), check output messages of the start_prim script in the Application Log of node 2.
If ALONE (green) is not reached, analyze why with the Module Log of node 2.
Module log
- Read the module log to understand the reasons of a failover, of a waiting state etc...
To see the module log of node 1 (image):
- click on the Control tab
- click on node 1/PRIM on the left side to select the server (it becomes blue)
- click on Module Log
- click on the Refresh icon (green arrows) to update the console
- click on the floppy disk to save the module log in a .txt file and to analyze in a text editor
Click on node2 to see the module log of the secondary server.
Application log
- Read the application log to see the output messages of the start_prim and stop_prim restart scripts.
To see the application log of node1 (image):
- click on the Control tab
- click on node 1/PRIM on the left side to select the server (it becomes blue)
- click on Application Log to see messages when starting and stopping Milestone XProtect and SQL services
- click on the Refresh icon (green arrows) to update the console
- click on the floppy disk to save the application log in a .txt file and to analyze in a text editor
Click on node 2 to see the application log of the secondary server.
Advanced configuration
- In Advanced Configuration tab, you can edit internal files of the module: bin/start_prim and bin/stop_prim and conf/userconfig.xml .
If you make change in the internal files here, you must apply the new configuration by a right click on the icon/xxx on the left side (see image): the interface will allow you to redeploy the modified files on both servers.
Support
- For getting support, take 2 SafeKit Snapshots (2 .zip files), one for each server.
If you have an account on https://support.evidian.com, upload them in the call desk tool.
Internals of a SafeKit / Milestone XProtect and SQL high availability cluster with synchronous replication and failover
Go to the Advanced Configuration tab in the console, for editing these filesInternal files of milestone.safe module
userconfig.xml (description in the User's Guide)
<!DOCTYPE safe>
<safe>
<service mode="mirror" defaultprim="alone" maxloop="3" loop_interval="24" failover="on">
<!-- Heartbeat Configuration -->
<!-- Names or IP addresses on the default network are set during initialization in the console -->
<heart pulse="700" timeout="30000">
<heartbeat name="" >
</heartbeat>
</heart>
<!-- Virtual IP Configuration -->
<!-- Define the name or IP address of your virtual server
-->
<vip>
<interface_list>
<interface check="on" arpreroute="on">
<real_interface>
<virtual_addr addr="VIRTUAL-IP-ADDRESS" where="one_side_alias" />
</real_interface>
</interface>
</interface_list>
</vip>
<!-- Software Error Detection Configuration -->
<errd polltimer="10">
<!-- SQL Server process -->
<proc name="sqlservr.exe" atleast="1" action="restart" class="prim" />
</errd>
<!-- File Replication Configuration -->
<!-- Adapt with the directory of your SQL Server database and logs
-->
<rfs async="second" acl="off" nbrei="3" roflags="0x10">
<replicated dir="C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA" mode="read_only" />
<replicated dir="C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Log" mode="read_only" />
</rfs>
<!-- User scripts activation -->
<user nicestoptimeout="300" forcestoptimeout="300" logging="userlog" />
</service>
</safe>start_prim.cmd
@echo off
rem Script called on the primary server for starting application services
rem For logging into SafeKit log use:
rem "%SAFE%\safekit" printi | printe "message"
rem stdout goes into Application log
echo "Running start_prim %*"
set res=0
rem TODO: set to manual the start of services when the system boots
sc.exe config MSSQLSERVER start= demand
net start "W3SVC"
net start "MSSQLServer"
if not %errorlevel% == 0 (
%SAFE%\safekit printi "SQL Server (MSSQLServer) start failed"
) else (
%SAFE%\safekit printi "SQL Server (MSSQLServer) started"
)
"%SAFEBIN%\sleep" 10
net start "Milestone XProtect Management Server"
if not %errorlevel% == 0 (
%SAFE%\safekit printi "Milestone XProtect Management Server start failed"
) else (
%SAFE%\safekit printi "Milestone XProtect Management Server started"
)
"%SAFEBIN%\sleep" 10
net start "Milestone XProtect Log Server"
if not %errorlevel% == 0 (
%SAFE%\safekit printi "Milestone XProtect Log Server start failed"
) else (
%SAFE%\safekit printi "Milestone XProtect Log Server started"
)
net start "MilestoneEventServerService"
if not %errorlevel% == 0 (
%SAFE%\safekit printi "MilestoneEventServerService start failed"
) else (
%SAFE%\safekit printi "MilestoneEventServerService started"
)
net start "Milestone XProtect Data Collector Server"
if not %errorlevel% == 0 (
%SAFE%\safekit printi "Milestone XProtect Data Collector Server start failed"
) else (
%SAFE%\safekit printi "Milestone XProtect Data Collector Server started"
)
set res=%errorlevel%
if %res% == 0 goto end
:stop
"%SAFE%\safekit" printe "start_prim failed"
rem uncomment to stop SafeKit when critical
rem "%SAFE%\safekit" stop -i "start_prim"
:end
stop_prim.cmd
@echo off
rem Script called on the primary server for stopping application services
rem For logging into SafeKit log use:
rem "%SAFE%\safekit" printi | printe "message"
rem ----------------------------------------------------------
rem
rem 2 stop modes:
rem
rem - graceful stop
rem call standard application stop with net stop
rem
rem - force stop (%1=force)
rem kill application's processes
rem
rem ----------------------------------------------------------
rem stdout goes into Application log
echo "Running stop_prim %*"
set res=0
rem default: check mssql stopped on forcestop
if "%1" == "force" goto check
%SAFE%\safekit printi "Stopping Milestone XProtect Corporate Data Collector Server"
net stop "Milestone XProtect Data Collector Server" /Y
%SAFE%\safekit printi "Stopping Milestone Event Server Service"
net stop "MilestoneEventServerService" /Y
%SAFE%\safekit printi "Stopping Milestone Log Server Service"
net stop "Milestone XProtect Log Server" /Y
%SAFE%\safekit printi "Stopping Milestone XProtect Corporate Management Server"
net stop "Milestone XProtect Management Server" /Y
%SAFE%\safekit printi "Stopping SQL Server (MSSQLSERVER)"
sc.exe config "MSSQLSERVER" start= disabled
net stop "MSSQLSERVER" /Y
"%SAFEBIN%\sleep" 10
net stop "W3SVC" /Y
rem Wait a little for the real stop of services
"%SAFEBIN%\sleep" 10
if %res% == 0 goto end
"%SAFE%\safekit" printe "stop_prim failed"
goto end
:check
rem call :checksrv "MSSQLSERVER"
goto end
:checksrv
set SERVICE=%1
net stop %SERVICE% /Y
if NOT ERRORLEVEL 1 goto end
sc query state= inactive | findstr /C:%SERVICE%
if NOT ERRORLEVEL 1 goto end
"%SAFE%\safekit" stop -i "stop_prim: service not stopped"
exit
:end
Demonstration of a Milestone XProtect cluster with Evidian SafeKit between two redundant servers
This video presents the step by step configuration section. Some steps may be slightly different or missing in the video. So please prefer to the step by step configuration section for an implementation.
Step 1. Real-time replication
Server 1 (PRIM) runs the Milestone XProtect and SQL application. Clients are connected to a virtual IP address. SafeKit replicates in real time modifications made inside files through the network.
The replication is synchronous with no data loss on failure contrary to asynchronous replication.
You just have to configure the names of directories to replicate in SafeKit. There are no pre-requisites on disk organization. Directories may be located in the system disk.
Step 2. Automatic failover
When Server 1 fails, Server 2 takes over. SafeKit switches the virtual IP address and restarts the Milestone XProtect and SQL application automatically on Server 2.
The application finds the files replicated by SafeKit uptodate on Server 2. The application continues to run on Server 2 by locally modifying its files that are no longer replicated to Server 1.
The failover time is equal to the fault-detection time (30 seconds by default) plus the application start-up time.
Step 3. Automatic failback
Failback involves restarting Server 1 after fixing the problem that caused it to fail.
SafeKit automatically resynchronizes the files, updating only the files modified on Server 2 while Server 1 was halted.
Failback takes place without disturbing the Milestone XProtect and SQL application, which can continue running on Server 2.
Step 4. Back to normal
After reintegration, the files are once again in mirror mode, as in step 1. The system is back in high-availability mode, with the Milestone XProtect and SQL application running on Server 2 and SafeKit replicating file updates to Server 1.
If the administrator wishes the application to run on Server 1, he/she can execute a "swap" command either manually at an appropriate time, or automatically through configuration.
More information on power outage and network isolation in a cluster.
Why a replication of a few Tera-bytes?
Resynchronization time after a failure (step 3)
- 1 Gb/s network ≈ 3 Hours for 1 Tera-bytes.
- 10 Gb/s network ≈ 1 Hour for 1 Tera-bytes or less depending on disk write performances.
Alternative
- For a large volume of data, use external shared storage.
- More expensive, more complex.
Why a replication < 1,000,000 files?
- Resynchronization time performance after a failure (step 3).
- Time to check each file between both nodes.
Alternative
- Put the many files to replicate in a virtual hard disk / virtual machine.
- Only the files representing the virtual hard disk / virtual machine will be replicated and resynchronized in this case.
Why a failover < 25 replicated VMs?
- Each VM runs in an independent mirror module.
- Maximum of 25 mirror modules running on the same cluster.
Alternative
- Use an external shared storage and another VM clustering solution.
- More expensive, more complex.
Why a LAN/VLAN network between remote sites?
- Automatic failover of the virtual IP address with 2 nodes in the same subnet.
- Good bandwidth for resynchronization (step 3) and good latency for synchronous replication (typically a round-trip of less than 2ms).
Alternative
- Use a load balancer for the virtual IP address if the 2 nodes are in 2 subnets (supported by SafeKit, especially in the cloud).
- Use backup solutions with asynchronous replication for high latency network.
Partners, the success with SafeKit
This platform agnostic solution is ideal for a partner reselling a critical application and who wants to provide a redundancy and high availability option easy to deploy to many customers.
With many references in many countries won by partners, SafeKit has proven to be the easiest solution to implement for redundancy and high availability of building management, video management, access control, SCADA software...
Building Management Software (BMS)
Video Management Software (VMS)
Electronic Access Control Software (EACS)
SCADA Software (Industry)
Evidian SafeKit mirror cluster with real-time file replication and failover |
|
|
3 products in 1 More info >  |
|
|
Very simple configuration More info >  |
|
|
Synchronous replication More info >  |
|
|
Fully automated failback More info >  |
|
|
Replication of any type of data More info >  |
|
|
File replication vs disk replication More info >  |
|
|
File replication vs shared disk More info >  |
|
|
Remote sites and virtual IP address More info >  |
|
|
Quorum and split brain More info >  |
|
|
Active/active cluster More info >  |
|
|
Uniform high availability solution More info >  |
|
|
RTO / RPO More info >  |
|
Evidian SafeKit farm cluster with load balancing and failover |
|
|
No load balancer or dedicated proxy servers or special multicast Ethernet address 
|
|
|
All clustering features
|
|
|
Remote sites and virtual IP address
|
|
|
Uniform high availability solution
|
|
Software clustering vs hardware clustering
|
|
|
|
Shared nothing vs a shared disk cluster |
|
|
|
Application High Availability vs Full Virtual Machine High Availability
|
|
|
|
High availability vs fault tolerance
|
|
|
|
Synchronous replication vs asynchronous replication
|
|
|
|
Byte-level file replication vs block-level disk replication
|
|
|
|
Heartbeat, failover and quorum to avoid 2 master nodes
|
|
|
|
Virtual IP address primary/secondary, network load balancing, failover
|
|
|
|
Network load balancing and failover |
|
| Windows farm | Linux farm |
| Generic Windows farm > | Generic Linux farm > |
| Microsoft IIS > | - |
| NGINX > | |
| Apache > | |
| Amazon AWS farm > | |
| Microsoft Azure farm > | |
| Google GCP farm > | |
| Other cloud > | |
Advanced clustering architectures
Several modules can be deployed on the same cluster. Thus, advanced clustering architectures can be implemented:
- the farm+mirror cluster built by deploying a farm module and a mirror module on the same cluster,
- the active/active cluster with replication built by deploying several mirror modules on 2 servers,
- the Hyper-V cluster or KVM cluster with real-time replication and failover of full virtual machines between 2 active hypervisors,
- the N-1 cluster built by deploying N mirror modules on N+1 servers.
User's Guide
Application Modules
Release Notes
Presales documentation
Introduction
-
- Demonstration
- Examples of redundancy and high availability solution
- Evidian SafeKit sold in many different countries with Milestone
- 2 solutions: virtual machine or application cluster
- Distinctive advantages
- More information on the web site
- SafeKit training
-
- Cluster of virtual machines
- Mirror cluster
- Farm cluster
Installation, Console, CLI
- Install and setup / pptx
- Package installation
- Nodes setup
- Upgrade
- Web console / pptx
- Cluster configuration
- Configuration tab
- Control tab
- Monitor tab
- Advanced Configuration tab
- Troubleshooting
- Command line / pptx
- Cluster administration
- Module administration
- Control commands
- Troubleshooting
Advanced configuration
- Mirror module / pptx
- Mirror's states in action
- start_prim / stop_prim scripts
- userconfig.xml
- Heartbeat (<hearbeat>)
- Virtual IP address (<vip>)
- Real-time file replication (<rfs>)
- How real-time file replication works?
- Troubleshooting
- Farm module / pptx
- Farm's states in action
- start_both / stop_both scripts
- userconfig.xml
- Farm heartbeats (<farm>)
- Virtual IP address (<vip>)
- Troubleshooting
Advanced configuration
- Checkers / pptx
- Checkers in action
- userconfig.xml
- errd checker
- intf and ip checkers
- custom checker
- splitbrain checker for a mirror module
- tcp, ping, module checkers
- Troubleshooting
Support
- Support tools / pptx
- How to analyze snapshots?
- Best practises
- Evidian support / pptx
- Get permanent license key
- Register on support.evidian.com
- Call desk