Automated Configuration Replication

To maintain a hot standby MOVEit Automation system, MOVEit Automation can be used to replicate its own configuration files to a standby MOVEit Automation server. The process involves setting up a locked-down FTP server on the standby server, and configuring the primary MOVEit Automation to upload its configuration files to the standby server using the FTP server.

NOTE: In order for replication of the configuration files to work properly, both systems must be running the same version of MOVEit Automation. Also, there must be a network connection between the two servers.

Please also see the MOVEit Automation Failover documentation.

Setting Up Replication

This procedure sets up configuration replication between a production Central (primary) and a hot standby MOVEit Automation (secondary).

1. Install MOVEit Automation on the secondary server. Stop the MOVEit Automation service and set the start method to MANUAL.
2. Install IIS FTP services on the secondary server. Configure IIS FTP in the following way:
   1. Add a new Windows user:
      1. On your desktop, right-click My Computer and select Manage.
      2. Open the Configuration \ Local Users and Groups \ Users tree.
      3. Right-click the Users folder and select New User. Provide the following information:

         User name: micftp

         Password: Type any password

         User must change password at next login: UNCHECK this box

         User cannot change password: CHECK this checkbox

         Password never expires: CHECK this checkbox

      4. Click Create.
   2. Assign permissions to the new Windows user:
      1. Browse to the \Program Files or \Program Files (x86) folder, depending on your system architecture.
      2. Select the MOVEit folder, right-click and select Properties.
      3. Click the Security tab, click Edit. Click Add. then select the local computer list of users and select the new micftp user.

         Click Add, and then click OK.

      4. Click the Security tab, select the micftp user and turn on the FULL CONTROL option.
      5. Close this dialog.
   3. Install the IIS FTP service if required.
      1. If the IIS FTP service is not installed, right-click My Computer and select Manage. The Server Manager dialog box opens.
      2. Click the Roles section. In the resulting display, under the "Role Services" section, click the "Add Role Services" option.
      3. Find and select the "FTP Server" option (may be called "FTP Publishing Service" on some machines) from the list of available Role services and click the "Next" button. Click the "Install" button to complete the installation.
   4. Configure the IIS FTP service.
      1. Open the Internet Information Services manager console.
      2. Right click the Sites subsection and select Add FTP Site.
      3. Give the FTP site a name and select the \Program Files\MOVEit directory as the physical path for the content directory. Click Next.
      4. Enter the desired IP Address, Port, and SSL settings. Click Next
      5. Fill in the fields as follows:

         Authentication type: Basic

         Allow access to: Select Specified users and type micftp. Select Read and Write options.

         Click Finish. The FTP site is added.

      6. Verify the FTP site is started and test the connection from the other MOVEit Automation node.
3. On the primary MOVEit Automation, create a Certs Backup task to back up client certificates.
   1. Create a new task with a process, destination and schedule (no source).
   2. Add a PER-TASK process that runs the Certs Backup built-in script.

      Use the default output filenames CertsPersonal.pfx and CertsOtherPeople.pfx. Specify a password for the output PFX files.

   3. Add a destination that copies the file to \Program Files\MOVEit.
   4. Add a schedule to run the task periodically every day.
4. On the primary MOVEit Automation. create a Certs Restore task to restore client certificates.
   1. Create a new task with a source, process and destination (no schedule).
   2. Add a source that loads Certs*.pfx from \Program Files\MOVEit.
   3. Add a PER-FILE process that runs the Certs Restore built-in script. Specify the same password used by the above task.
   4. DO NOT schedule the task. This task will not be run under normal circumstances; it will be run manually by operator after a failover, on the newly-promoted primary node.
5. Start broadcasting the MOVEit Automation configuration from the primary server to the secondary server.
   1. Add a new FTP host that points to the secondary MOVEit Automation IIS FTP.
   2. Create a new Backup MOVEit Automation task:
      1. Source: Local File \Program Files\MOVEit\miccfg.xml
      2. Source: Local File \Program Files\MOVEit\michash.xml
      3. Source: Local File \Program Files\MOVEit\CertsPersonal.pfx
      4. Source: Local File \Program Files\MOVEit\CertsOtherPeople.pfx
      5. Source: All Local Files/Folders under \Program Files\MOVEit\StateFiles
      6. Destination: FTP Host (secondary server); directory /; enable the Overwrite Files option
   3. Schedule the task to run every X minutes (5 minutes, 30 minutes?).
   4. Test the movement of the configuration files.
   5. Create a second Backup MOVEit Automation 2 task to handle the PGP keyrings.
      1. Source: Local Files \Program Files\MOVEit\PGPPath\*.pgp
      2. Destination: FTP Host (secondary server); directory PGPPath; enable the Overwrite Files option
   6. Schedule the task to run every X minutes (5 minutes, 30 minutes?).
   7. Test the movement of the PGP keyrings.
6. Test the entire procedure:
   1. On the primary server, stop the MOVEit Automation service. Use the MOVEit Automation Admin Shut Down Service command if tasks could be running).
   2. On the secondary server, start the MOVEit Automation service, and then run the Certs Restore task.
   3. Confirm that the secondary server's configuration is identical to the primary server's configuration.