SecureAuth IdP Version Affected: All
What is FileSync?:
The FileSync service is an add-on to the SecureAuth IdP product that can be used to keep configuration information synchronized between members of a cluster.
How Does FileSync Work?:
FileSync can work in either a primary-replica configuration, or a multi-master configuration. Lets go over FileSync terminology before moving forward.
- Cluster: Two or more SecureAuth IdP servers running the FileSync service
- Node: A specific SecureAuth IdP server in a FileSync cluster
- Primary-Replica: In a Primary-Replica configuration, one SecureAuth IdP Appliance is the Primary node and all changes for the cluster are made there
- Multi-Master: In a Multi-master configuration, all SecureAuth IdP Appliances are peers; a change made on any node of the cluster propagates to the rest of the cluster nodes
Keep in mind FileSync is a pull service. Changes are propagated to other servers only after a change is made on the primary (in a primary-replica configuration), or after a change is made in general (in a multi-master configuration.)
FileSync can't create realms/folders. Meaning, if you have SecureAuth6 on your primary appliance, you must create SecureAuth6 using the realm management tool on the replica appliance in order for FileSync to pull the settings.
How to Use FileSync:
It's important to know the proper way to use FileSync. Keep in mind that in a primary-replica configuration that you should only make changes to the primary server. If the time-stamp on a file is newer on the replica server than the primary server, FileSync will not sync that file.
The proper way to use FileSync is as follows:
- Create a realm on the primary server, using the realm management tool.
- Create a realm on the secondary server, using the realm management tool. (the realm number should match.)
- Wait the default 10 minutes for it to sync over. You can change this time by referring to this document.
- You should always use the realm management tool for creating realms that you plan to use with the FileSync service. There is sometimes an issue present when creating realms through the admin UI where the privileges/permissions won't transfer over from the template realm.
Refer to this guide, which is only accessible by internal employees. SecureAuth FileSync services should be installed by a SecureAuth support engineer through a scheduled session.