Automated Configuration Replication

To maintain a hot standby Central system, Central itself can be used to replicate its own configuration files to a standby Central server. The process involves setting up a locked-down FTP server on the standby server, and configuring the primary Central to upload its configuration files to the standby server using the FTP server.

NOTE: In order for replication of the configuration files to work properly, both systems must be running the same version of MOVEit Central. Also, there must obviously be a network connection between the two servers.

Please also see the MOVEit Central Failover documentation.

Setting Up Replication

Follow these steps to set up configuration replication between a production Central (primary) and a hot standby Central (secondary).

Install MOVEit Central on the secondary server. Stop the MOVEit Central service and set the start method to MANUAL.
Install IIS FTP services on the secondary server. Configure IIS FTP in the following way:
1. Add a new Windows user:
  1. Right-click the "My Computer" shortcut on your desktop, and select "Manage" from the right-click pop-up menu.
  2. Open the "Configuration \ Local Users and Groups \ Users" tree.
  3. Select "New User..." from the right-click pop-up menu.
  4. Type in a username of "micftp", any password, UNCHECK the "User must change password at next login" box and CHECK the "user cannot change password" and "password never expires" boxes.
  5. Click the "Create" button.
2. Assign permissions to the new Windows user:
  1. Browse to the “\Program Files” or “\Program Files (x86)” folder, depending on your system architecture.
  2. Select the "MOVEit" folder and select "Properties" from the right-click pop-up menu.
  3. Click over to the “Security” tab, click the “Edit…” button, then click the “Add…” button, then select the local computer list of users and select the new “micftp” user. Click the “Add” button and then the “OK” button.
  4. Back on the "Security" tab, select the "micftp" user and turn on the FULL CONTROL option.
  5. Close this dialog.
3. Install the IIS FTP service if required.
  1. If the IIS FTP service is not installed, launch the “Server Manager” dialog by right-clicking “My Computer” and selecting “Manage” from the right-click pop-up menu.
  2. Click the "Roles" section. In the resulting display, under the "Role Services" section, click the "Add Role Services" option.
  3. Find and select the "FTP Server" option (may be called "FTP Publishing Service" on some machines) from the list of available Role services and click the "Next" button. Click the "Install" button to complete the installation.
4. Configure the IIS FTP service.
  1. Open the Internet Information Services manager console.
  2. Right click the “Sites” subsection and select the “Add FTP Site…” option from the right-click pop-up menu.
  3. Give the FTP site a name and select the “\Program Files\MOVEit” directory as the physical path for the content directory. Click the “Next” button.
  4. Enter the desired IP Address, Port, and SSL settings and click the “Next” button
  5. Select “Basic” for the authentication type and under “Allow access to:” select “Specified users” and type in “micftp” and select both the “Read” and “Write” options. Click the “Finish” button to complete adding the FTP site.
  6. Verify the FTP site is started and test the connection from the other MOVEit Central node.
Create a "Certs Backup" task on the primary Central to backup client certificates.
1. Create a new task with a process, destination and schedule (no source).
2. Add a PER-TASK process which runs the "Certs Backup" built-in script. Allow the process to default to the two output filenames CertsPersonal.pfx and CertsOtherPeople.pfx. Specify a password for the output PFX files.
3. Add a destination which copies the file to \Program Files\MOVEit.
4. Add a schedule to run the task periodically every day.
Create a "Certs Restore" task on the primary Central to restore client certificates.
1. Create a new task with a source, process and destination (no schedule).
2. Add a source which loads Certs*.pfx from \Program Files\MOVEit.
3. Add a PER-FILE process which runs the "Certs Restore" built-in script. Specify the same password used by the above task.
4. DO NOT schedule the task. This task will not be run under normal circumstances; it will be run manually by operator after a failover, on the newly-promoted primary node.
Start broadcasting the Central configuration from the primary server to the secondary server.
1. Add a new FTP host that points to the secondary Central's IIS FTP.
2. Create a new "Backup Central" task:
  1. Source: Local File "\Program Files\MOVEit\miccfg.xml"
  2. Source: Local File "\Program Files\MOVEit\michash.xml"
  3. Source: Local File "\Program Files\MOVEit\CertsPersonal.pfx"
  4. Source: Local File "\Program Files\MOVEit\CertsOtherPeople.pfx"
  5. Source: All Local Files/Folders under “\Program Files\MOVEit\StateFiles
  6. Destination: FTP Host (secondary server); directory /; enable the Overwrite Files option
3. Schedule the task to run every X minutes (5 minutes, 30 minutes?).
4. Test the movement of the configuration files.
5. Create a second "Backup Central 2" task to handle the PGP keyrings.
  1. Source: Local Files "\Program Files\MOVEit\PGPPath\*.pgp"
  2. Destination: FTP Host (secondary server); directory PGPPath; enable the Overwrite Files option
6. Schedule the task to run every X minutes (5 minutes, 30 minutes?).
7. Test the movement of the PGP keyrings.
Test the entire procedure:
1. Stop the MOVEit Central service on the primary server (using MOVEit Central Admin's "Shut Down Service" command if tasks could be running).
2. Start the MOVEit Central service on the secondary server.
3. After you have started the MOVEit Central service on the secondary server, run the "Certs Restore" task on the secondary server.
4. Confirm that the secondary server's configuration is identical to the primary server's configuration.