Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 8 subscribers
  • Views 16234 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS with AD / Collector Failover

Christian Forster

Hi,

we are running STAS with Multiple Domain-Controllers. One DC runs the Suite (Agent & Controller) and the others are running as agents. How do i configure one of the agents as a failover collector?

If the DC with collector service running gets an failure an other should be serving the collector service an deliver data to the SF.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Christian,

    If the STAS Suite is installed on the primary collector and the STAS Agent is installed on the secondary collector then the STAS will not do Load Balance it will just fetch and forward the auth request from secondary to primary AD.

    Alongside, if you install the STAS Suite on both the Domain Controllers and add them in different collector groups then this will make the XG query to both the collectors at the same time and handle failover. 

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi,

    are you saying that I should install as per follows:

    1. Add STAS suite (Collector & Agent) to all DC's (single domain)

    2. Add all Collectors into all UTM's

    3. Do not specify anything under "Collectors to be served" on each STAS suite?

  • 0 in reply to Louis-M

    1. Add STAS suite (Collector & Agent) to all DC's (single domain)

    Yes

    2. Add all Collectors into all UTM's

    Yes 

    3. Do not specify anything under "Collectors to be served" on each STAS suite?

    Keep it blank

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    HI Sachin,

    the problem is in the logs, it only ever shows the UTM querying the first collector in the list. I do not see any reference to it querying the other collectors until such time as the first one fails and then it moves down to the next one in the list on the UTM and query's that.

    As we have multiple DC's over 4 sites, users get authenticated on different DC's. Now if the UTM did query all 4 collectors specified in the UTM, it wouldn't be an issue but it clearly doesn't. The logs show it only querying the first one which only results in the users who get authenticated on that DC to show up.

    My workaround was to put the collectors in the STAS agent list in the same order so that all agents would send to STAS collector 1 first. If STAS collector 1 failed ie the DC failed, the UTM would switch to STAS collector 2 and so would the agents as they could get through to STAS collector 1.

  • 0 in reply to Louis-M

    Hi Louis,

    So did you defined the collectors in the STAS Agent list and did that work?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply Children
No Data
Unfiltered HTML