Skip to main content

Configuring multiple servers

You may need to make further configuration changes to the server on which you install the interceptor if you have:

  • Installed Bravura Pass on multiple servers with the Password Manager service running on each server for load balancing,

    and

  • Configured the DNS servers to resolve the Bravura Pass server name in a "round robin" sequence.

Sometimes in this situation, Windows will cache the result and send the request to the same server each time. In this case, you configure the Windows server rotate the list of IP addresses.

You may also want to ensure that the interceptor makes multiple attempts to contact a Bravura Pass server before failing, to handle a condition where a single replica server is down. You can configure the Windows DNS Service to make as many attempts as you require.

After you have installed the interceptor :

  1. On the server on which the interceptor is installed, run the Windows nslookup program with the Bravura Pass server’s hostname to test whether Windows is caching the result. For example, type:

    nslookup mercury

    The nslookup program displays all addresses defined for the Bravura Pass server, in the order returned from the DNS server. For example:

    Server: mercury.example.com
Addresses: 10.0.250.119, 10.0.130.108, 10.0.26.15

  2. Repeat Step 1 as many times as there are Bravura Pass servers. For example, if there are three Bravura Pass servers, run the nslookup program three times.

    If Windows is not caching the result, the order of the IP addresses is rotated with each query. For example:

    • Try 1:

      Server: mercury.example.com
Addresses: 10.0.250.119, 10.0.130.108, 10.0.26.15

    • Try 2:

      Server: mercury.example.com
Addresses: 10.0.130.108, 10.0.26.15, 10.0.250.119

    • Try 3:

      Server: mercury.example.com
Addresses: 10.0.26.15, 10.0.250.119, 10.0.130.108

  3. If the test shows that Windows is caching the result, force the server where the interceptor is installed, to rotate the list of IP addresses. To do this, add the ManualDNSRotation registry entry:

    • Entry name ManualDNSRotation

    • Value 1

    • Data type REG_DWORD

    to the following registry key:

    HKLM\SOFTWARE\Bravura Security\Bravura Security Fabric\servertools

  4. If necessary, set the number of times you want the DLL to retry connecting to a Bravura Pass server. To do this, add the ConnectRetry registry entry in the same registry key:

    • Entry name ConnectRetry

    • Value number of times to retry connecting

    • Data type REG_DWORD

In this section: