13 minute readApplies to: v4

How to configure high availability (HA)

Squared Up can be made highly available (HA) by hosting two or more separate instances and having them read data from a shared location, such as a network share or drive. High availability on Squared Up v4 works by mirroring the files on the share back onto the local disk.

This style of deployment is typically used to:

  • Enable load-balancing between servers hosting the same content

  • Create two or more different access points into Squared Up with different modes of authentication (e.g. one instance with Windows authentication and the other with forms)

Distributed file system (DFS) shares are supported, under the proviso that DFSR (replication) is either disabled, or works in a limited capacity on Squared Up files. For example, performing replication only at specific times or manually when Squared Up is not running. If DFSR is used then the Primary and Secondary servers will not see the same information.

Requirements

Understanding Primary and Secondary servers

Decide which server will be your Primary Squared Up server and which will be your Secondary server(s):

  • A high availability setup must consist of at least one Primary server. Without a Primary server, the servers licensed as Secondary will operate with reduced functionality and named users.

  • The Primary server will use the Primary licence key, and any existing dashboards on this server will become the dashboards on the share, to be used by all servers.

  • The Secondary server(s) will use the Secondary licence key, the dashboards on these servers will be ignored and the content of the Primary server will take precedence. You can have one or more Secondary servers.

If a Secondary server is out of contact with the Primary server you will see a notification in the notifications area from the right-hand menu > notifications.

  • Within 2-3 hours of the Primary server being unavailable for any reason you will receive a notification.

  • After 3 days of no contact with the Primary server a critical notification is shown warning that shut down is imminent.

  • After 5 days of no contact Squared Up will no longer be available, effectively 'shut down'.

  • Once Squared Up has shut down you can recycle the Secondary server's Squared Up application pool to restore limited access. This will give you 5 named users and only the features in the Enterprise Starter Pack, therefore Visual Application Discovery & Analysis (VADA) will be unavailable.

Configure permissions on the share

Before configuring HA it is important to check the permissions on the share itself. The share has its own permissions which cannot be viewed via Windows Explorer, and they always take precedence over the file and folder permissions. If the Squared Up application pool identity is not allowed to read and change, then the permissions added to the folders by the squaredup4 ha command are overridden/ignored by the share, and Squared Up will fail to start with an 'Access denied' error.

In Computer Management check that the Squared Up application pool account has 'Read' and 'Change' permissions to the share itself, as described below:

  1. On the machine that hosts the share, click on the Start button > type Computer Management > open Computer Management.

  2. Navigate to System Tools > Shared Folders > Shares.

  3. Right-click on the Squared Up share and then on Properties.

  4. On the Share Permissions tab, check that all Squared Up application pool accounts have read and change permissions:

    HA Share Permissions <>

  5. If your servers are using a domain service account as the Squared Up application pool identity then this account should be given read and change permissions.

    If your Squared Up servers are using Network Service as the Squared Up application pool account, then all the machine accounts for the Squared Up Primary and Secondary servers should be given permissions, for example, Squpserver01$ and Squpserver02$.

    It should not be necessary to grant full control, and this could pose a security risk.

Configuring each server for high availability

The first server that you configure for HA, will be the one from which dashboards and profiles are copied to the HA share. Follow the steps below for each server, one at a time:

  1. Install and Activate Squared Up using the appropriate Primary or Secondary activation key.

  2. On the server open a command prompt as an administrator (from Start > Run type command prompt, right-click on the Command Prompt icon and click Run as administrator).

  3. Change to the Squared Up installation location, for example type:

    cd C:\inetpub\wwwroot\SquaredUpv4

  4. Run the squaredup4 ha command to configure Squared Up for HA:

    If the Squared Up application pool identity is a domain service account use this account in the command:

    squaredup4 ha --path=<network share path> --user=domain\user

    where domain\user is the Squared Up application pool identity. First check what the Squared Up application pool account is for each server is using: How to check and modify the application pool identity. In a load balanced environment using Windows authentication (Kerberos), both servers must be using the same application pool identity. (In environments not using Kerberos, it is possible for the servers to use different application pool identities). This allows the tool to give the specified Squared Up application pool account read and write permissions to the folder and files on the share.

    and where <network share path> should be replaced by a drive or path specification for your network share. The folder/share must already exist: Squared Up cannot create it automatically (for example, specifying \\myhost\folder is invalid if folder is not already shared by myhost). The path should not contain a filename (i.e. it should be \myshare etc. and not \myshare\squaredup.index).

    For example:

    • X:\

    • \\myhost\folder (UNC path)

    If your Squared Up application pool identity is NetworkService you should use the Squared Up server name followed by the $ dollar symbol as the username when you run the command on that server.

    squaredup4 ha --path=<network share path> --user=domain\SquaredUpServer$

    where SquaredUpServer$ is the Squared Up server name followed by $, for example, Squpserver01$.

    Remember, that the first server that you run this command on will be the one from which dashboards and profiles are copied to the HA share. Later, after checking the Primary server is configured correctly you will run this command on all your other Squared Up servers to configure each of them to use HA AND to give them permissions to the HA share.

  5. Navigate to Squared Up using a web browser either on the server itself, or from a client machine. (Note: The previous command will have automatically recycled Squared Up, so you will need to login again).

  6. After logging in, the server should behave identically to how it did post-installation. There are several ways to confirm that HA is in effect:

    • The path to which HA has been pointed (e.g. \\myhost\folder) should contain a file called squaredup_[version].index

    • The Squared Up log (typically C:\inetpub\wwwroot\SquaredUpv4\transient\log\rolling.log) should contain the text

    For the Primary server:

    [WRN] Shared cryptography is enabled: behaving as a PRIMARY server

    For a Secondary server:

    [WRN] Shared cryptography is enabled: behaving as a SECONDARY server

  7. Once the Primary is confirmed to be running in HA mode, the Secondary server(s) can be configured using the Secondary licence key. Repeat the above steps for the Secondary servers. Content already present on these servers will be ignored and not displayed. Instead, each Secondary server will now behave as an exact mirror of the Primary server.

  8. After configuring HA, log in to the Secondary server(s) and check the configuration:

    • The licensing details for the Secondary in the right-hand menu ☰ > system > named users should reflect the overall quantity of users that your licence was purchased for

    • The Secondary should now be displaying the same dashboards and content as the Primary.

    • Newly created content on Primary or Secondary should be visible to both nodes.

Upgrading Squared Up when using high availability

For high availability to work, every Squared Up server must be running exactly the same version.

Upgrading Squared Up 4 and above in a high availability setup no longer requires all servers go offline for upgrade. Instead, each server can now be upgraded one at a time, and the other servers will continue to serve dashboards.

However, once upgrade of at least one server is performed, changes made to dashboards by servers running the old version of Squared Up are ignored, and will be lost when those servers are eventually upgraded (that is to say, the dashboards and content in the upgraded servers becomes authoritative over dashboards and content from the older un-upgraded servers).

  • 10 minutes after upgrade of a server is performed, the servers yet-to-be-upgraded will automatically enter a read-only state, to prevent new dashboards being created or edited. This is visible in Squared Up as a yellow banner at the top of the page.

  • Dashboards (or other content) created or edited on an un-upgraded server before the server automatically goes read-only, will be permanently lost once the server is upgraded to the newer version. For this reason, we recommend advising users to not make changes once you start your upgrade process.

Consider initiating your upgrades out-of-hours - even if you don't finish them on all servers. This way, all of the servers yet to be upgraded will have entered read-only mode automatically by the time users come to view or edit their content.

Follow the steps below to upgrade each server:

  1. Prepare to take the server you are upgrading offline. For example, notify users, disable the load balancer allocation for it, put it in maintenance mode etc.

  2. Download the latest version, run the installer and upgrade the server.

  3. Log on to the Squared Up on the server once upgraded.

  4. Upgrade any other Squared Up servers.

Disabling high availability

You may wish to switch high availability off for one or more servers, for example if one of the servers is going to be unavailable for a long period of time. Remember, for Squared Up to work with your full licence allocation, you need to ensure that there is still a Primary licensed server available.

Squared Up v4 mirrors the content of the share location back to the local disk: So that each member of a high availability set is an approximate replica, even when disconnected from the share. This means that HA can safely be disabled at any time, and once disabled the content of Squared Up will reflect the network share data at the point just before the link was broken.

  1. On the Squared Up server open a command prompt as an administrator (from Start > Run type command prompt, right-click on the Command Prompt icon and click Run as administrator).

  2. Change to the Squared Up installation location, for example type:

    cd C:\inetpub\wwwroot\squaredupv4

  3. Run the following command to disable HA:

    squaredup4 ha --disable

You will also need to reconfigure the load balancer allocation to take into account the server(s) no longer available.

Moving the HA share

To move the HA share, the initial setup steps can simply be repeated as below, just specifying a new share path. This is because each server maintains a local disk copy of the share content - and the first server to startup after being pointed at the new share will build the share’s content from its own.

  1. Create the new share and follow the steps to Configure permission the share

  2. On any Squared Up server run the steps to configure HA using the path of the new share.

  3. Browse to Squared Up in a web browser and log in. This will restart Squared Up as the previous command will have automatically recycled the Squared Up application pool. The files will be copied to the share from the first Squared Up instance to start up. It should not matter which Squared Up instance this is, as they should all be in sync, having been using HA previously. If you need to specify form which Squared Up instance the files are copied to the new share, you should take care to open this Squared Up instance by browsing to it directly, for example http://SquaredUpServer1/SquaredUpV4.

  4. Configure HA on all the other servers using the path of the new share. This will point all the servers to the new share and the files that were copied there in the previous step.

Backing up and restoring the HA share

Backup Squared Up on each server as normal. No additional actions are required: Any Squared Up server can rebuild the content of the network share from its local disk data. So backing up individual Squared Ups (and not the network share) is sufficient.

If the share does have to be recreated, ensure you configure permissions the share first.

To restore the files to a new or empty HA share run the HA configuration steps from any Squared Up server. This will copy the files from this server to the share.

To restore to an existing share folder you must delete the file squaredup_[VERSION].index, if it exists, in order for the restore to proceed. Restoring will then recreate the squaredup_[VERSION].index file on the share.

FAQs and Troubleshooting

Only 5 users can login and VADA is unavailable

Check that HA mode is enabled, and that the Primary server is available. If the Secondary server cannot contact the Primary server or if HA mode is disabled, then the Secondary server will drop back to 5 named users and the Enterprise Starter Pack so VADA will be unavailable.

Squared Up is displaying a message that it is in read-only mode

A Squared Up instance will go into read-only mode if it notices that it is running an older version to another server.

Read-only mode will end once the server is upgraded to the same version.

How to configure Windows authentication when Squared Up is installed on load balanced servers

How to check and modify the application pool identity

How to backup and restore Squared Up

Squared Up Ltd. (c) 2018Report an issue with this article