Hello everyone,
I’d like to summarize our current server architecture and our future roadmap to get some advice.
Currently, we have two redundant servers running Vision and another two redundant servers running Perspective. The Vision servers do not have SSL enabled, while the Perspective servers are running with SSL.
As we plan to deploy additional redundant pairs across other plants, I have two main questions:
-
Gateway Network & Redundancy: What is the best practice for setting up the Gateway Network between redundant pairs? Do I need to configure dedicated connections for both the Master and the Backup nodes, or is a connection between the Masters sufficient?
-
Mixed Protocols: Is it possible—and are there any known issues—to establish a Gateway Network connection between a server configured for HTTP and one configured for HTTPS?
Thanks in advance for your help!
Gateway Network & Redundancy: What is the best practice for setting up the Gateway Network between redundant pairs? Do I need to configure dedicated connections for both the Master and the Backup nodes, or is a connection between the Masters sufficient?
This is an area of gateway network + redundancy that causes a lot of confusion, and it is easy to see why. Imagine Redundant Pair A and Redundant Pair B. On Pair A master, you want to create outgoing connections to both the Pair B master gateway and the Pair B backup gateway. On the Pair B side, you have to accept any gateway network certificates on the Pair B master (accepted certificates should be automatically synced to Pair B backup). For the Pair A backup, it gets its configuration mirrored from the Pair A master, so it creates its own outgoing connections to Pair B master and Pair B backup. Which means you have to also accept any gateway network certificates on the Pair B master for both Pair A master and Pair A backup. It is very confusing to understand at first, but it does work.
Mixed Protocols: Is it possible—and are there any known issues—to establish a Gateway Network connection between a server configured for HTTP and one configured for HTTPS?
If the gateway you are trying to connect to is configured to only accept SSL for incoming connections, your outgoing connection will be rejected if it is not configured to use SSL (via the "Use SSL" connection setting). You could configure the incoming gateway to not require SSL, but you really don't want to do this from a security standpoint. Gateway network connections in HTTP mode is really only meant for troubleshooting, and you want to switch back to HTTPS as soon as possible.
Thanks for the explanation, I really appreciate the detailed reply.
