DR configuration requirements
- Updated: 2020/05/11
DR configuration requirements
When you configure your Disaster Recovery enabled data centers for IQ Bot, ensure the listed conditions are met.
Disaster Recovery configuration requirements
-
Asynchronous replication—Configure asynchronous, rather than synchronous replication, between DR sites for all supporting services. This ensures off-site replication does not impact performance of the primary site.
-
AD domain—Ensure the same Active Directory domain is available to both the primary and backup sites.
-
Site domains—Ensure the backup site Control Room and device machines are members of the same domain as the primary site Control Room and machines.
-
Licenses—Assign floating licenses for users, so that they are able to log into devices on the backup site.
-
Backup site services—Shutdown the Control Room services at the backup site until they are needed.
-
Site configurations—Ensure the machines at the primary site and backup site have the same specification and configuration. This includes the Control Room, Bot Runners, associated devices, and login credentials. This is required to ensure equal level of service during an outage.
Note: Schedules are stored in UTC and therefore run at the same time regardless of the physical location or time zone settings of the server.
Database Replication Details
The database replication configuration for disaster recovery is an extension of the high availability configuration. This configuration requires the use of Always On availability groups.
- Configure the primary site replica in Synchronous-Commit mode.
- Configure the recovery site replica in Asynchronous-Commit mode. Asynchronous-Commit mode ensures that the latency and reliability of the inter-datacenter does not impact the performance and availability of the primary site.
- Do not configure the recovery site replica to offer any database services until a recovery failover is triggered.
Failure mode
With asynchronous replication there is the possibility that a transaction that occurs on the primary site does not reach the recovery site replica before the failure occurs.
Deployment requires strict consistency between distant geographical locations. Synchronous-Commit configured between replicas with significant latency has a detrimental effect on all Control Room operations.
To prevent work items being processed twice when a failure occurs, some work items awaiting delivery to a device are placed into an error state. This ensures they can be manually reviewed and marked as ready to be processed or complete as appropriate.