SafeKit Quick Installation Guide with Milestone XProtect (milestone.safe Mirror Module)

1. Launch the SafeKit console

• Launch the web console in a browser on one cluster node by connecting to http://localhost:9010.
• Enter admin as user name and the password defined during installation.

You can also run the console in a browser on a workstation external to the cluster.

2. Configure node addresses

• Enter the node IP addresses, press the Tab key to check connectivity and fill node names.
• Then, click on Save and apply to save the configuration.

3. Select a module

• In New module, click on the milestone.safe module.

4. Configure the module

• In Module startup at boot, choose an automatic start of the module at boot without delay.
• In Macros / SERVICES, enter the service names of your application, in the startup order, separated by commas. See this screenshot for a visual example of Milestone XProtect services.
• In Heartbeat networks, you should have a single heartbeat network on which the replication is made. If you have added a private LAN at step 2, then you can configure two heartbeats with the replication flow on the private LAN.
• In Virtual IP addresses, enter a virtual IP address. A virtual IP address is a standard IP address in the same IP network (same subnet) as the IP addresses of both nodes.
  Application clients must be configured with the virtual IP address (or the DNS name associated with the virtual IP address).
  The virtual IP address is automatically switched in the event of a failure.
• In Replicated directories, set the paths of directories to replicate. Check that they exist on both nodes and contain the application data.
  Data and log replication are essential for a database.
  You can create additional replicated directories as required.
  See this screenshot for a visual example of Milestone XProtect SQL replication.
• In Checkers, you will be able to configure checkers if needed, such as process monitoring, custom checkers, TCP, ping, or split-brain checkers.
  For example, if a process name is displayed in Monitored processes/services, it will be monitored with a restart action in case of failure. Configuring a wrong process name will cause the module to stop right after its start.

5. Edit scripts (optional)

• This step is optional and can be skipped in most cases, as the restart scripts are already pre-configured to restart services defined in the previous step.
• So, click directly on Next step.
• start_prim.ps1 starts all services in the order specified in the SERVICES list, while stop_prim.ps1 stops all services in the reverse order.
• Additionally, start_prim.ps1 checks the startup of each service and stops the module if any service fails to start correctly.
• During module configuration, the boot startup of services will automatically be set to ‘Manual’. This ensures that services do not start automatically upon system boot, but instead, they will be initiated only when the module itself is started.

6. Communication encryption (optional)

• Keep encryption of communication between nodes.

7. Save and apply

• Save and apply the configuration and scripts on both nodes.

8. Verify successful configuration

• Check the Success message (green) on both nodes and click on Monitor modules.

9. Start the node with up-to-date data

• If node 1 has the up-to-date replicated directories, select it and start it As primary.

When node 2 will be started, all data will be copied from node 1 to node 2.

10. Wait for the transition to ALONE (green)

• Node 1 should reach the ALONE (green) state, which means that the virtual IP is set and that the start_prim script has been executed on node 1.

11. In the desktop of node 1, stop, then register on the vitual IP address and restart the Milestone Management Server

Execute the following bullets on node 1 according the menu in the image:

• Right-click on the Milestone Management Server icon in the taskbar.
• Stop Management Server Service
• Then choose Server Configurator... and register the virtual IP address.
• Start Management Server Service

12. Solve Windows authentication issue on failover

When you start the Milestone XProtect Management Client, you have to authenticate using one of the following methods. Depending on your choice, specific steps are required to ensure the login works after a SafeKit failover. Reference: View Login Screenshot.

Windows authentication with Active Directory (AD)

Configuration: No special configuration is required.

If Milestone "Windows authentication" is configured with an Active Directory, the user and password information is retrieved from the external AD. After a failover, the secondary node connects to the same AD, so authentication works automatically.

Windows authentication in Workgroup

Configuration: You must add the BUILTIN\Administrators group in "Security / Roles".

Warning: In a Workgroup, local users have different Security Identifiers (SIDs) on each node, even if the names are identical. Only the BUILTIN\Administrators group has the same SID on both nodes.

• By adding this group, you can authenticate on the secondary node with any local administrator account after a failover.
• Without this, local Windows authentication will fail on the secondary node because the SIDs will not match.

Basic authentication with SQL database

Configuration: Create a user with "Basic authentication" (e.g., "Admin").

For "Basic authentication", the user credentials are stored directly in the SQL database. Because SafeKit replicates the SQL database to the secondary node in real-time, these users are always available immediately after a failover.

13. In the desktop of node 2, register the management server on the vitual IP address

• Choose Server Configurator in the taskbar of node 2 and register it on the virtual IP address (see image).
• Then Stop Management Server Service.

14. Start node 2

• Start node 2 with its contextual menu.
• Wait for the SECOND (green) state.

15. Verify that the cluster is operational

• Check that the cluster is green/green with Milestone XProtect and SQL services running on the PRIM node and not running on the SECOND node.
• Only changes inside files are replicated in real time in this state.

16. Testing

• Stop the PRIM node by scrolling down its contextual menu and clicking Stop.
• Verify that there is a failover on the SECOND node which should become ALONE (green).
• And with Microsoft Management Console (MMC) on Windows or with command lines on Linux, check the failover of Milestone XProtect and SQL services (stopped on node 1 in the stop_prim script and started on node 2 in the start_prim script).

17. Support

• For getting support, take 2 SafeKit Snapshots (2 .zip files), one for each node.
• If you have an account on https://support.evidian.com, upload them in the call desk tool.