Central Service - Backup - Automated Configuration Replication

To maintain a hot standby Central system, Central itself can be used to replicate its own configuration files to a standby Central server. The process involves setting up a locked-down FTP server on the standby server, and configuring the primary Central to upload its configuration files to the standby server using the FTP server.

NOTE: In order for replication of the configuration files to work properly, both systems must be running the same version of MOVEit Central. Also, there must obviously be a network connection between the two servers.

Please also see the MOVEit Central Failover documentation.

Setting Up Replication

Follow these steps to set up configuration replication between a production Central (primary) and a hot standby Central (secondary).

  1. Install MOVEit Central on the secondary server. Stop the MOVEit Central service and set the start method to MANUAL.
  2. Install IIS FTP services on the secondary server. Configure IIS FTP in the following way:
    1. Add a new Windows user:
      1. Right-click the "My Computer" shortcut on your desktop and select "Manage" from the right-click pop-up menu.
      2. Open the "Local Users and Groups \ Users" tree
      3. Select "New User..." from the right-click pop-up menu
      4. Type in a username of "micftp", any password, UNCHECK the "User must change password at next login" box and CHECK the "user cannot change password" and "password never expires" boxes
      5. Click the "Create" button
    2. Assign permissions to the new Windows user:
      1. Browse to the "\Program Files" folder
      2. Select the "MOVEit" folder and select "Properties" from the right-click pop-up menu
      3. Click over to the "Security" tab, click the "Add..." button, select the local computer list of users and select the new "micftp" user. Click the "Add" button and then the "OK" button.
      4. Back on the "Security" tab, select the "micftp" user and turn on the FULL CONTROL option
      5. Close this dialog
    3. Install the IIS FTP service if required
      1. If the IIS FTP service is not installed, launch the "Control Panel" and open the "Add/Remote Programs" panel.
      2. Select the "Add/Remote Windows Components" item from the left pane.
      3. Add the IIS FTP server component and follow the related directions
    4. Configure the IIS FTP service
      1. Open the Internet Information Services manager console
      2. Select "Properties" from the Default FTP Site right-click pop-up menu
      3. On the "Home Directory" tab, select "\Program Files\MOVEit\"
      4. On the "Home Directory" tab, check the READ, WRITE and LOG boxes
      5. On the "Directory Security" tab, check the "Denied Access" radio button
      6. On the "Directory Security" tab, add the IP address of the first MOVEit Central
      7. Close this dialog
      8. Start the FTP service
  3. Create a "Certs Backup" task on the primary Central to backup client certificates
    1. Create a new task with a process, destination and schedule (no source).
    2. Add a PER-TASK process which runs the "Certs Backup" built-in script. Allow the process to default to the two output filenames CertsPersonal.pfx and CertsOtherPeople.pfx. Specify a password for the output PFX files.
    3. Add a destination which copies the file to \Program Files\MOVEit.
    4. Add a schedule to run the task periodically every day.
  4. Create a "Certs Restore" task on the primary Central to restore client certificates
    1. Create a new task with a source, process and destination (no schedule).
    2. Add a source which loads Certs*.pfx from \Program Files\MOVEit.
    3. Add a PER-FILE process which runs the "Certs Restore" built-in script. Specify the same password used by the above task.
    4. DO NOT schedule the task. This task will not be run under normal circumstances; it will be run manually by operator after a failover, on the newly-promoted primary node.
  5. Start broadcasting the Central configuration from the primary server to the secondary server
    1. Add a new FTP host that points to the secondary Central's IIS FTP.
    2. Create a new "Backup Central" task:
      1. Source: Local File "\Program Files\MOVEit\miccfg.xml"
      2. Source: Local File "\Program Files\MOVEit\micstate.xml"
      3. Source: Local File "\Program Files\MOVEit\michash.xml"
      4. Source: Local File "\Program Files\MOVEit\CertsPersonal.pfx"
      5. Source: Local File "\Program Files\MOVEit\CertsOtherPeople.pfx"
      6. Destination: FTP Host (secondary server); directory /; enable the Overwrite Files option
    3. Schedule the task to run every X minutes (5 minutes, 30 minutes?)
    4. Test the movement of the configuration files
    5. Create a second "Backup Central 2" task to handle the PGP keyrings
      1. Source: Local Files "\Program Files\MOVEit\PGPPath\*.pgp"
      2. Destination: FTP Host (secondary server); directory PGPPath; enable the Overwrite Files option
    6. Schedule the task to run every X minutes (5 minutes, 30 minutes?)
    7. Test the movement of the PGP keyrings
  6. Test the entire procedure:
    1. Stop the MOVEit Central service on the primary server (using MOVEit Central Admin's "Shut Down Service" command if tasks could be running)
    2. Start the MOVEit Central service on the secondary server
    3. After you have started the MOVEit Central service on the secondary server, run the "Certs Restore" task on the secondary server.
    4. Confirm that the secondary server's configuration is identical to the primary server's configuration.