Ensuring Access Security with the UserLock Backup Server

A UserLock backup server can be installed on the protected zone, to guarantee failover if the primary UserLock server experiences any hardware or network issues.

This UserLock Backup server synchronizes its configuration and its session’s database regularly with the Primary server. If the Primary server goes down, all client workstations can be protected by the Backup server. The different UserLock agents will automatically switch to the backup server to maintain the security rules. Once the Primary server will be available again, agents will switch back automatically to the Primary server.

Backup Server requirements

The Backup server requirements are the same as the Primary server. Just choose a server member of the same protected zone as that of the Primary. To install a Backup server just start the same setup as you did for the Primary server.

As the first step is the same, we will focus here on the Configuration wizard.

Installing the Backup Server

Select here ‘Backup server’. You need to specify the Primary server netbios name.

Enter a service account for the UserLock Backup server. This account needs to have full permission rights on the Primary UserLock server. You need to add this account on the Security section of your Primary server and allow all features for it.

Click on finish, the service will start automatically.

Backup Server Database

By default the database used by the Backup server will be an MS Access database. You can change this database to a MS SQL Server database to improve the performance and the amount of historic data that you can keep. Take note that the Primary and the Backup server can’t target the same database. You can use the same MS SQL Server hosting the two distinct databases.

Right click on the Backup server name and select ‘Properties’. Display the ‘Logs’ section. To change the database, switch to ‘Other database’. Launch the Wizard and check SQL server. Enter the name of the MS SQL Server, set the authentication option and select the empty database you previously created. The account used for the database is the account set on the UserLock backup service. It needs full privileges on this database. Click on ‘OK’.

As the database is new and empty, click on Create Database tables.

The UserLock Backup server is now configured.

Session synchronization

If you take a look at the console of your backup server, you will see that the Agent distribution menu is not available, and that the protected account rules can’t be modified. These points are managed by the Primary server.

All settings from the Primary server, except the Email settings and Log settings, are synchronized to the Backup server.

The session synchronization is differential. This means that only new sessions are displayed after each synchronization event and the two databases will be identical shortly after.

Display the Backup server properties. On the Synchronization section, you can personalize the frequency of the synchronization between the two UserLock servers, test it and enforce it.

The UserLock Policies will be now maintained on your network if an issue happens on the Primary server. In addition, if for any reason the Primary server can’t come back online, you should be able to transform this Backup server to a Primary server by just launching again the configuration wizard and switching its role.