01-12-2017 05:27 PM
In my setup we configured DC and DR with same grid.
DC device is up and running. DR is acting as a backup.
In the live setup can i test DR functionality without interupting DC
Solved! Go to Solution.
01-16-2017 12:44 AM
We have a similar configuration, i.e. GM in production data centre and GMC in DR data centre with grid members distributed geographically.
If you are promoting the GMC, the first member after its promotion and, subsequent, reboot will be the 'old' GM which will be instructed to become the GMC.
All grid members are then instructed sequentially by the promoted GM to perform a product restart, at the specified time internal, and connect to the 'new' GM in order to be able to be managed and received updates made within the admin UI. This product restart cycle has to be left to completion and cannot be stopped, if a member cannot be contacted by the promoted GM, the GM will continue polling until it can reach it. Whilst the member(s) are not connected to the promtoed GM they will be in an "offline" state from a management perspective but will continue to serve any services they are running (DHCP, DNS etc).
Depending on your configuration, i.e. DHCP failover or DNS resolver/AnyCast, if you do not get the restart timings right you could have a brief period (assuming all product restarts without issue) where you could have multiple devices restarting, and there is a potential for a service disruption at this time.
So in answering your question about testing DR functionality without interrupting DC service, I think the answer to that is no, you can't.
01-17-2017 08:57 AM
There is a RFE open along the lines of what you are asking.
RFE-1737 Test Grid manager to candidate fail over without completing a fail over. I am mainly looking at this to test firewall rules. As the grid grows, the number of members on other sides of firewalls also grows. A simple push button to test communication between all members and all candidates to valiate firewall rules would be very helpful.
I started down the path of trying to do this by SSH'ing to each member and using dig to send traffic on the VPN source and destination ports to the GMC. Then you could look at a packet capture on the GMC to see if the basic communication path was open. I never could get dig to quite do what I wanted in the time I spent on it and I never got back to the project.