Skip to main content

File synchronization architecture

Bravura Security Fabric ’s native file synchronization does not synchronize in the true sense of the term. It only copies files and registry entries from the Primary node to all others nodes, regardless of how it's triggered. Any changes made on the other nodes, unless blacklisted, are going to be overwritten. Therefore, in this article, the process is referred to as propagation.

Bravura Security Fabric ’s file propagation sends:

  • Files inside the instance’s folders.

  • Registry entries of the instance.

Caution

Check that the servicelist:address field values in the backend database are FQDN. This is especially important for Bravura Privilege.

All of this propagated data contains mostly configuration.

Files deleted on the primary node are deleted by the file replication service idfilerep on the secondaries and proxies. When idfilerep cannot delete files on secondaries (because they are locked by some process), psupdate sends email to the configured administrative email (Manage the system > Workflow > Email configuration > RECIPIENT EMAIL)

From the primary node, files are sent using various utilities:

  • updinst The file replication service idfilerep on the secondary node sends the primary node a list of files and registry entries. The updinst utility on the primary node sends changes back to the secondary nodes.

  • updproxy The psproxy service on the application proxy server sends the primary node a list of files and registry entries. The updproxy utility on the primary node sends changes back to the proxy server.

The Bravura Security external database replicator, which is enabled by default on each node installation, should be disabled on secondaries and in single-node instances.

Encryption

Like data replication, file/registry replication is encrypted using a shared-key handshake. It is a batch process that typically takes just under a minute to complete, in a typical scenario, there is relatively little daily-changed configuration data to forward.

Port

The file replication port (by default 2380) has to be reachable from the primary application node to all other application nodes. The file replication port must also be reachable from all other application nodes to the primary node.

See all Port requirements.

In this section: