Does anyone know how to determine which Unity Connection server in an HA pair is active, via the API?
it'll return a list of VmsServer entries and each will have a ServerState and a ServerDisplayState
the serverDisplayState can be:
0=UNKNOWN, 1=DOWN, 2=INITIALIZING, 3=PRIMARY, 4=SECONDARY, 5=IDLE, 6=IN_DB_SYNC, 7=IN_SBR
the server state gives more detail if you need it:
0=Pri_Init, 1=Pri_Active, 2=Pri_Act_Secondary, 3=Pri_Idle, 4=Pri_Failover, 5=Pri_Takeover, 6=Pri_SBR, 7=Sec_Init, 8=Sec_Active, 9=Sec_Act_Primary, 10=Sec_Idle, 11=Sec_Takeover, 12=Sec_Failover, 13=Sec_SBR, 14=Db_Sync, 15=Set_Peer_Idle, 16=Undefined, 17=Pri_Active_Disconnected, 18=Pri_Connecting, 19=Pri_Choose_Role, 20=Pri_Single_Server, 21=Sec_Act_Primary_Disconnected, 22=Sec_Connecting, 23=Sec_Choose_Role, 24=Shutdown
those values can be found looking at the vmsServer in the https://(server name)/vmrest/schema/VmsServer section if you need to poke around.
Does that require authentication, or can it be sent as an anonymous, unauthenticated request?
Most API access for any server application (including Connection) will require admin authentication. Giving out information like server details and cluster states is not something open to the public.
I guessed as much. I placed a load balancer in front of the CUC servers so that users accessing CiscoPCA, WebInbox, and Viewmail for Outlook would remain functional even if the primary CUC server was down -- the LB will direct the traffic to the secondary. The problem is that I'd prefer the traffic to go to whichever CUC server is "Active" however that seems hard to determine other than looking at the Serviceability page. Load balancers typically monitor the state of TCP ports to determine when to failover to another server. In the case of CUC, all ports remain up even when the server is "Inactive". So unless the primary CUC is actually powered off, the LB will not failover traffic to the secondary.
Understood - I did a web client redirector tool that does much of this as well:
It checks the cluster status, does round robin redirection, routes to the pub/sub if the other is down (or in a state where it shouldn't be handling web requests), connection caching, etc...
Not sure what the problem requiring authentication actually is here - I've never seen a server application that provides such information "in the open" - authenticating with the servers you're monitoring is pretty typical stuff.
I used the REST SDK in a .NET ASP application but it's easy enough to do on any platform - but you will have to implement a REST protocol - really shouldn't be that much additional overhead, though - only a couple calls you need to make.
That looks great and I will pursue it if the load balancer option fails. Would rather avoid deploying and maintaining IIS servers if possible.
The load balancer can do HTTP health checks. Basically you define a specific URL and what the response should be and it periodically sends a query to that URL. If it does not find the expected string in the response, or gets a 5XX error code then it declares that back end down and uses the other one. Can the vmrest query with authentication be sent in a single HTTP query, or is it a multi-step process involving tokens or session id's or some such? I played with CUC REST once but that was years ago.
The other problem is storing admin credentials in a load balancer configuration accessible by too many people is a security risk (We are a DoD-affiliated contractor). Does the account used for REST have to have full admin rights or can it be configured with minimal credentials?
Please sign in to leave a comment.