When a primary or secondary high-availability (HA) host fails, JSA maintains data consistency.
The following scenarios cause failover:
A power supply failure.
A network failure that is detected by network connectivity tests.
An operating system malfunction that delays or stops the heartbeat ping tests.
A complete Redundant Array of Independent Disks (RAID) failure on the primary HA host.
A manual failover.
The following scenarios do not cause an automatic HA failover:
If a JSA process develops an error, stops functioning, or exits with an error.
If a disk on your primary HA host reaches 95% capacity, JSA data collection stops, but the primary HA host continues to function.
Primary HA Host Failure
If the secondary high-availability (HA) host detects a primary host failure, it automatically takes over the responsibilities of the primary HA host and becomes the active system.
When a primary HA host is recovered from a failover, it does not automatically take over the active status in the HA cluster. Instead, the secondary HA host remains the active system and the primary host acts as the standby system.
You must switch the primary back to the active status after successfully recovering from a primary failure.
Secondary HA Host Failure
If the primary high-availability (HA) host detects a secondary host failure, it automatically assumes the responsibilities of the secondary HA host and becomes the active system.
HA Failover Event Sequence
JSA initiates a sequence of events when a primary high-availability (HA) host fails.
During failover, the secondary HA host assumes the responsibilities of the primary HA host. The following actions in sequence are completed in sequence:
If configured, external shared storage devices are detected and the file systems are mounted. For more information, see the Juniper Secure Analytics Configuring Offboard Storage Guide.
A management interface network alias is created, for example, the network alias for eth0 is eth0:0.
The cluster virtual IP address is assigned to the network alias.
All JSA services are started.
The secondary HA host connects to the console and downloads configuration files.
Network Connectivity Tests
To test network connectivity, the JSA Console automatically pings all existing managed hosts in your JSA deployment.
If the primary HA JSA console loses network connectivity to a managed host, but the connection to the secondary HA console remains intact, the HA secondary JSA console completes another network connectivity test with the managed hosts. If the test succeeds, the primary HA console completes a controlled failover to the secondary HA console. If the test fails, HA failover is not completed because the secondary HA console might also be experiencing network connectivity problems.
Heartbeat Ping Tests
You can test the operation of the primary high-availability (HA) host by configuring the time interval of heartbeat ping tests.
If the secondary HA host does not receive a response from the primary HA host within a preconfigured time period, automatic failover to the secondary HA host is completed.
Primary Disk Failure
If RAID completely fails and all disks are unavailable, the primary HA host completes a shutdown and fails over to the secondary HA host.
After a failover, the primary HA host assumes a status of Failed.
You can manually force a failover from a primary high-availability (HA) host to a secondary HA host.
Manually forcing a failover is useful for planned hardware maintenance on a console or managed host. Ensure the following before you conduct a manual failover:
The primary and secondary HA hosts are synchronized.
The secondary HA host has a status of standby.
To perform a manual failover on the primary HA host, set the primary system to offline to make the secondary HA host active. After the secondary host becomes active, you can perform maintenance on the primary host.
To perform a manual failover on the secondary HA host, set the secondary system to offline. After the primary host becomes active, you can perform maintenance on the secondary host.
Do not manually force a failover on a primary HA host when you install patches or install software upgrades. For more information, see the Upgrading Juniper Secure Analytics to 7.3.3.