DMZ Cluster

Multiple DMZ servers may be connected in a cluster in order to achieve higher reliability. The DMZ servers run in parallel. One of the DMZ servers is configured as the primary DMZ server (here DMZ Server 1). Note: First and foremost, a DMZ server is a primary DMZ server in that it is entered as a DMZ server in the inner Lobster_data Integration Server. In addition, item (3) is important.


images/download/attachments/44928178/Image_003-version-4-modificationdate-1623309578409-api-v2.png

Incoming


The DMZ servers forward incoming messages to Lobster_data (1). It is irrelevant whether both DMZ systems are running in parallel or only one of them is active. Both DMZ servers may use the same message port as Lobster_data. Note: If defined, the system variable VAR_SYS_DMZ_ID contains the factory ID of the DMZ server (from ./etc/factory.xml ) that received the message.

Outgoing

All requests from Lobster_data to the DMZ will be sent to the primary DMZ server (2). But you can assign a dedicated DMZ server for a channel in the Additional IDs (see section Sending via Dynamically Assigned Alternative DMZ).

High Availability (failure inner server)


If there are changes in the user administration for FTP, OFTP, etc, the primary DMZ server copies all changes of the home directory to the other DMZ servers, see (3). In order to be able to do that, the primary DMZ server needs a list of all the other DMZ servers. This list is maintained in configuration file ./etc/startup_dmz.xml using the following entry.


<Set name="otherDMZ">host:port;host2:port2</Set>


See also subsection Configuration of Parameter 'subID' in section High Availability‌ (failure inner server).

Note: However, this replication does not affect files that the internal system makes available for pickup. If an IP load balancer is used inbound for multiple DMZs, it is not clear on which DMZ server one ends up when data is to be fetched. It is therefore recommended to share the SSH or FTP user directories of the individual DMZs of a DMZ group.

High Availability (failure primary DMZ server)


Prerequisite: Use of the load balancing module.


If the primary DMZ server can no longer be reached by the Node Controller, the next available DMZ server is made the new primary DMZ server.

For this purpose, the following entry must be present in the configuration file ./etc/startup.xml of the Node Controller.


<!-- list all secondary DMZ systems here; format is <ip>:<port>; of the remote message service -->
<Set name="secondaryDMZ">10.99.133.8:8020;10.99.133.9:8020</Set>


These two entries are additional DMZ servers that are checked for availability if the primary DMZ server fails. The first available DMZ server temporarily becomes the new primary DMZ server. Important note: The list of active DMZ servers is checked.

If the configured primary DMZ server is reachable again, it will become the primary DMZ again. Important note: If a Working Node currently has the role of the Node Controller, this does not work automatically (because the configured primary DMZ server itself actively contacts the configured Node Controller).