This allows SafeWord authentication to continue despite the failure or overload of any machine in the system.

When SafeWord for Citrix is installed on multiple machines, SafeWord server synchronization must be set up in order to keep users' token records and the built-in administrative account synchronized between multiple SafeWord server instances. Record and account synchronization is done in real time. If SafeWord server synchronization is not set up in an environment including multiple SafeWord for Citrix servers, then failover, load balancing, and automatic backup will not work, and the out-of-sync records can lead to problems with the use of the system.

Important note: user information is contained, stored, and managed in Active Directory. Because of this, SafeWord for Citrix provides no backup or failover method for Active Directory user information. Active Directory provides its own backup and failover methods; please see Active Directory documentation for details.

SafeWord server synchronization is different from the manual backup of token records that is detailed in the SafeWord for Citrix Product Guide. Manual backup and restore can be done without requiring SafeWord server synchronization (and vice versa).

Functionality of SafeWord server synchronization

Automatic failover: when a SafeWord server or machine fails, authentication requests will be forwarded to another active server (specified per your synchronization architecture, discussed below).

Basic load-balancing capabilities: if your organization's authentication load is high, installing SafeWord for Citrix on two or more machines can help reduce the authentication load on each machine. If one SafeWord server cannot accept an authentication request because it is too busy, the request will be sent to another available machine (specified per your synchronization architecture, discussed below).

Backing up token records: In the absence of SafeWord server synchronization, if the SafeWord server either fails, needs to be reinstalled, or needs to be restored from the last manual backup, then all token records will reset to the event number at your last manual backup. Users who have utilized their tokens more than 16 times since the last backup will be "out of range" and will not gain access with their first authentication attempt. But this is no problem and is easily remedied. To resynchronize and get back in range, users simply authenticate twice with two consecutive one-time passcodes.

In addition to the above, any changes to users' PINs since the last manual backup will be lost, without SafeWord server synchronization in place.

Backing up administrative accounts and settings: Administrative changes to ports, logging, and so forth (detailed in the Product Guide) will be automatically replicated and backed up if SafeWord server synchronization is in place. In the event of a failure, a system without SafeWord server synchronization would need to be restored from the last manual backup.

Architecture of a synchronized system

Ring topology with three or more servers

SafeWord for Citrix implements a SafeWord server synchronization architecture based on a ring topology. SafeWord server synchronization is implemented inside the Administration Service and therefore, the Administration Service must be running in order for SafeWord server synchronization to work. Each server in the ring has up to two neighbors: a logical 'next' server in the ring, and a logical 'previous' server (see figure 1). In the case of only two servers in the ring, each server is only configured to have a 'next' neighbor (see figure 2).

Ring topology with only two servers

Implementing SafeWord server synchronization
To implement SafeWord server synchronization, follow these steps and repeat them on all Windows 2000 servers that will participate in SafeWord server synchronization:

1. Install SafeWord for Citrix and install the SafeWord server component of SafeWord for Citrix on at least one additional machine. The additional server installation(s) must use the same database keys, but do not need to use the same ports. Follow the instructions in the SafeWord for Citrix Product Guide to perform the installation, to allow the NFuse agent to point to multiple machines, and to allow the management console to connect to different SafeWord servers.
2. Stop the SafeWord Administration Service and SafeWord Authentication Engine. Do NOT stop the SafeWord Database Server.
3. Edit {Install_Directory}/SERVERS/Shared/sccservers.ini file:
   • Locate and uncomment the line starting with "DBActionListenerClass" (by removing the first "#" character).
   • Locate and uncomment the line starting with "ReplNext_JDBC_URL"
   • Replace "NEXT_HOST" on that line with the name or IP address of the node that will serve as the logical 'next' node in the replication ring.

     The following two steps apply only to SafeWord server synchronization rings consisting of more than two nodes.
     

   • Locate and uncomment the line starting with "ReplPrev_JDBC_URL"
   • Replace "PREV_HOST" on that line with the name or IP address of the node that will serve as the logical 'previous' node in the replication ring.
4. Save the file.
5. Open a command window and change to directory {Install_Directory}/SERVERS/Database/bin.
6. For each neighbor of this host, run batch file AddReplPeer.bat with the parameter specifying the fully qualified domain name (FQDN) of the neighbor. For example, if you are setting up node MACHINE1.DOMAIN.SYS and its neighbor is MACHINE2.DOMAIN.SYS, then on Machine1 you will run AddReplPeer machine2.domain.sys. (Alternatively, rather than specifying the FQDN of the neighbor, you can specify its IP address. This approach may be preferable in situations where, due to certain DNS settings, the FQDNs are difficult to obtain.) Do this for each node in the ring.

   This tells the database to accept connections from the neighbor nodes whose names or IP addresses you specify in the command line arguments.

7. Stop and restart the SafeWord database server.
8. Start the SafeWord Administration service and SafeWord Authentication engine services.

Important note: if installing SafeWord for Citrix for the first time, follow the above steps. However, if you have been using a single SafeWord server and are adding a second (or other additional) server, you must first perform a manual backup of the first server and manually restore it to the machine(s) with the additional SafeWord server(s). See the SafeWord for Citrix Program Guide for more information on manual backup and restore.

Verifying SafeWord server synchronization
To verify that SafeWord server synchronization is working in your implementation of SafeWord for Citrix, perform the following test on any system in the SafeWord server synchronization ring.

Importing tokens
Insert your Token Data CD. Select the Import/Backup/Restore feature under SafeWord folder. Browse to or specify a path to the import file located on your Token Data CD and press the Import button.

To verify that the import has completed successfully, select Tokens feature under SafeWord folder. Verify that the list of Token IDs imported appears in the right-hand pane.

Verify that the change is reflected on the other server(s) in the synchronization ring. To do this you will need to either set up a separate SafeWord Active Directory Management console configured to access the Administration service on the other server, or to reconfigure your existing console to access this other server. Please see the SafeWord for Citrix Product Guide for further details.

Checking synchronization state
To check if SafeWord server synchronization is in a steady state (i.e., a state in which all changes are propagated to other SafeWord servers):

1. Open a command window and change to directory {Install_Directory}/SERVERS/Database/bin.
2. Run the batch file called QueryChangeLog." This check should be performed on all servers in the ring.
3. The system has reached steady state once the output says: Empty set.

Restoring records and settings with SafeWord server synchronization

If a machine or server fails in this architecture, authentication requests will be diverted (per the previously-described architecture) to the next available machine. As all token records and administrator settings have been copied in real-time to all machines, there will be no disparity in records and no failed authentications for users. Once the failed machine is back online, SafeWord server synchronization will automatically replicate the token records and administrative information to the restored machine.

A manual restore is necessary only if the failed machine requires a clean reinstall of the SafeWord for Citrix software. In this case, manually backup one of your online servers and manually restore the information to the machine with the clean reinstall. See the SafeWord for Citrix Program Guide for more information on manual backup and restore.