Configuring replication

To configure replication, you need to create a replication link between two OneSpan Authentication Server Appliance instances. All the steps to create a replication link are completed in the Configuration Tool.

Replication can only be performed between two instances of OneSpan Authentication Server Appliance, where the first-time configuration and licensing wizards have already been configured (refer to the OneSpan Authentication Server Appliance Installation and Maintenance Guide). For the replication setup, the instance of OneSpan Authentication Server Appliance initiating the replication must be specified as the source, and the instance that receives the data must be specified as the target. After replication has been initiated, the process is performed in both directions, where both instances of OneSpan Authentication Server Appliance are synchronized.

 

1. Only the authentication setup can be replicated. Audit logs can be copied between two systems in a replication setup.
2. Replication between different major versions of OneSpan Authentication Server Appliance is not possible.
3. During most upgrades, existing replication links are removed.

Replication scenarios

OneSpan Authentication Server Appliance supports several replication scenarios to help administrators create, maintain, and share multiple instances of the same database in different locations. The following replication scenarios are available:

• Setup between two systems with no prior replication setup.
• Setup between a system with replication established and a non-replicated instance of OneSpan Authentication Server Appliance.
• Setup between two systems with an established replication link.

Whenever you change or update the OneSpan Authentication Server Appliance license key, you need to reconfigure OneSpan Authentication Server Appliance replication!

Scenario: Setup between two non-replicating systems

In this scenario, neither instance of OneSpan Authentication Server Appliance has a replication setup currently established. A replication connection must be established between the two instances to synchronize the databases. In this setup, the content of the source database is copied to the target database.

During replication, the database of the target OneSpan Authentication Server Appliance is erased, and overwritten by the source OneSpan Authentication Server Appliance database.

To set up replication between two systems with no replication setup

1. On the source OneSpan Authentication Server Appliance instance, sign in to the OneSpan Authentication Server Appliance Configuration Tool (see  Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).

2. Select Authentication Server > Authentication Server Replication and click Add.

   This initiates the Replication Wizard. Click Next to start the replication setup process.

3. On the Setting up Database Copying page, enter the following information:

   • Remote IP Address: Enter the IP address of the target OneSpan Authentication Server Appliance instance.
   • Continuously Download Audit Logs: This is optional. Clear this box if you don't need a copy of the remote audit log.
   • Database Copying Path: Select Copy local database to remote.
     

     
      Figure: Replication Wizard – Setting up database copying from local to remote

   
   

4. On the Setup Replication page, confirm that the information from the previous page is correct and click Next.

   The OneSpan Authentication Server Appliance instance switches to listening mode, and waits for the remote IP address to connect.

5. On the target OneSpan Authentication Server Appliance instance, sign in to the OneSpan Authentication Server Appliance Configuration Tool.
6. Select Authentication Server > Authentication Server Replication, and click Add to initiate the Replication Wizard.

7. On the Setting up Database Copying page, enter the following information:

   • Remote IP Address: Enter the IP address of the source OneSpan Authentication Server Appliance instance.
   • Continuously Download Audit Logs: This is optional. Clear this box if you don't need a copy of the remote audit log.
   • Database Copying Path: Select Copy remote database to local.

8. On the Setup Replication page, confirm that the information from the previous page is correct and click Next.

   A connection is now established between the two instances. The Replication Setup Processing page opens and the setup is prepared on both instances.

9. Complete the replication setup process by clicking Finish on both instances.

   

   Figure: Replication Wizard – Replication Setup Processing page

If the source and target instances of OneSpan Authentication Server Appliance are separated by a network firewall, some firewall ports need to be opened. For more information, refer to the OneSpan Authentication Server Appliance Administrator Reference, Section "Firewall ports".

Scenario: Setup connection between a system with replication established and a non-replicated systems

In this scenario, you must have one OneSpan Authentication Server Appliance instance (source) that has already been replicated, and you want to copy this database to another OneSpan Authentication Server Appliance instance (target).

The database of an instance of OneSpan Authentication Server Appliance in an active replication cannot be overwritten.

An instance of OneSpan Authentication Server Appliance that has already been included in a replication setup cannot be configured as a target for a second source OneSpan Authentication Server Appliance. A new OneSpan Authentication Server Appliance instance that is added to a replication setup can only be defined as a target.

To set up replication between replicated and non-replicated systems

1. On the target OneSpan Authentication Server Appliance instance, sign in to the OneSpan Authentication Server Appliance Configuration Tool (see  Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).

2. Select Authentication Server > Authentication Server Replication, and click Add.

   This initiates the Replication Wizard. Click Next to start the replication setup process.

3. On the Setting up Database Copying page, enter the following information:

   • Remote IP Address: Enter the IP address of the source OneSpan Authentication Server Appliance instance.
   • Continuously Download Audit Logs: This is optional. Clear this box if you don't need a copy of the remote audit log.
   • Database Copying Path: Select Copy remote database to local.

4. On the Setup Replication page, confirm that the information from the previous page is correct and click Next.

   The OneSpan Authentication Server Appliance instance switches to listening mode, and waits for the remote IP address to connect.

5. On the source OneSpan Authentication Server Appliance instance, sign in to the OneSpan Authentication Server Appliance Configuration Tool.
6. Select Authentication Server > Authentication Server Replication, and click Add to initiate the Replication Wizard.

7. On the Setting up Database Copying page, enter the following information:

   • Remote IP Address: Enter the IP address of the target OneSpan Authentication Server Appliance instance.
   • Continuously Download Audit Logs: This is optional. Clear this box if you don't need a copy of the remote audit log.
   • Database Copying Path: Select Copy local database to remote.

8. On the Setup Replication page, confirm that the information from the previous page is correct and click Next.

   A connection is now established between the two instances. The Replication Setup Processing page opens and the setup is prepared on both instances.

9. Complete the replication setup process by clicking Finish on both instances.

Scenario: Setup replication between synchronized systems

In this scenario, both OneSpan Authentication Server Appliance instances have a replication link established.

Both OneSpan Authentication Server Appliance instances have an indirect replication link, therefore it is not possible to connect to groups from another replication link.

To set up replication between synchronized systems

1. On the target OneSpan Authentication Server Appliance instance, sign in to the OneSpan Authentication Server Appliance Configuration Tool (see  Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).

2. Select Authentication Server > Authentication Server Replication, and click Add.

   This initiates the Replication Wizard. Click Next to start the replication setup process.

3. On the Setting up Database Copying page, enter the following information:

   • Remote IP Address: Enter the IP address of the source OneSpan Authentication Server Appliance instance.
   • Continuously Download Audit Logs: This is optional. Clear this box if you don't need a copy of the remote audit log.
   • Database Copying Path: Select Databases are already synchronized.
     
     Figure: Replication Wizard – Setting up database copying (synchronized databases)

4. On the Setup Replication page, confirm that the information from the previous page is correct and click Next.

   The OneSpan Authentication Server Appliance instance switches to listening mode, and waits for the remote IP address to connect.

5. On the source OneSpan Authentication Server Appliance instance, sign in to the OneSpan Authentication Server Appliance Configuration Tool.
6. Select Authentication Server > Authentication Server Replication, and click Add to initiate the Replication Wizard.

7. On the Setting up Database Copying page, enter the following information:

   • Remote IP Address: Enter the IP address of the target OneSpan Authentication Server Appliance instance.
   • Continuously Download Audit Logs: This is optional. Clear this box if you don't need a copy of the remote audit log.
   • Database Copying Path: Select Databases are already synchronized.

8. On the Setup Replication page, confirm that the information from the previous page is correct and click Next.

   A connection is now established between the two instances. The Replication Setup Processing page opens and the setup is prepared on both instances.

9. Complete the replication setup process by clicking Finish on both instances.