A High Availability (HA) system is a local, redundant system that is created, then added to a primary system. In the event of a virtual machine failure, the system falls back to the HA system.

If you are planning to add HA and update the system, we recommend that you add HA before updating the system, then update the combined (primary and HA) system; the HA system is updated automatically when the primary system is updated. If you update the primary system first, then to add HA, you must independently deploy and then update the HA system (so both the primary and HA systems are at the same version).

The HA system has the following constraints:

• A system running HA cannot join a Multi-data Center (MDC). (To remove HA, see Removing High Availability from a System.)

• The HA system size must be the same as the primary system size.

• The HA system must be at the same release version as the primary system.

  If you update the primary system, the HA system must be updated.

• If the primary system currently has HA and you are deploying a new HA system, you cannot reuse the virtual machines in the original HA system. Remove the old HA virtual machines before deploying the new HA system with new virtual machines.

• Because this process adds new virtual machines to your system, your current security certificate becomes invalid and requires an updated certificate unless you are using a self-signed certificate.

• Your HA system must be configured with the same OVA and patch as your primary system. If the versions of your primary and high-availability systems do not match, you are instructed to upgrade to the higher version of the two.

  Note

  Use the same base version OVA as was used to deploy the current system. For example, assume that originally you deployed internal virtual machines by using 2.5.1.29 OVA and over time updated your system to 2.7.1.12 version. If you use 2.5.1.29 OVA file to deploy an IRP virtual machine and add Public Access, the process will fail with the message, "The primary system is a different version than the Internet Reverse Proxy virtual machines. Redeploy the Internet Reverse Proxy virtual machines by using the same OVA file used to deploy the primary system."

• The HA system internal virtual machines must be on the same subnet as the primary system internal virtual machines.

• If you have added public access on the primary system, add it to the HA system. Also, the HA system Internet Reverse Proxy virtual machine must be on the same subnet as the primary system Internet Reverse Proxy virtual machine.

• Most of the features on your HA system are prohibited. For example you do not have access to the HA system to upgrade, configure SNMP, access storage or configure email servers. You can view system properties, but modification to the HA system is prohibited.

• Load Balancing is not configurable; it is automatic and built into the system. Any Load Balancer configured as separate machine is not supported.

Before You Begin

The following conditions must be met before adding HA to a primary system:

• Verify:

  • The target primary system is deployed and not part of an MDC.

  • There is a redundant network between virtual machines.

  • The network is a 10–gbps high-bandwidth network.

  • Network Time Protocol (NTP) configured on the primary and HA system, and that the clocks are synchronized.

• Create a backup of the primary system. See Creating a Backup by Using VMware vCenter.

• Verify that all virtual machines are functioning normally. Determine virtual machine status by viewing the System Monitor on the Dashboard.

• We recommend that you take a snapshot on the high-availability virtual machines before you perform this procedure. Redo the procedure from the snapshot in the event of an error.

• Record the fully qualified domain name (FQDN) of the high-availability virtual machine; you must know the FQDN to add high-availability to the primary system.

High Availability (HA) is deployed like a primary system, except that during the deployment the system identifies it as a HA system. The HA system is then linked to the primary system that uses the HA system as a fallback in the event of a primary system failure. A primary system failure is transparent to users.

To add HA to a system:

To link the primary system to a deployed HA system completing the integration of HA into the primary system:

When specific media and platform components running on a virtual machine go down, these components are automatically restarted by the system. Affected meetings fail over to other available resources in the same or another virtual machine in the system (for other than a standalone 50-user system).

High-Availability Systems

On high-availability (HA) systems Cisco WebEx Meetings Server will recover for these components when there is a single component failure:

• A single service on one virtual machine.

• A virtual machine.

• A single physical server or blade, which hosts up to two virtual machines (as long as the virtual machine layout conforms to the specifications listed in the Cisco WebEx Meetings Server Planning Guide).

• A single network link, assuming the network is provisioned in a fully redundant manner.

• A single Cisco Unified Communications Manager (CUCM) node, assuming CUCM is provisioned in a redundant manner.

Following the single component failure, the Cisco WebEx Meetings Server system behaves as follows:

• For a period of up to three minutes, application sharing, audio voice connection using computer and video might be interrupted. Cisco WebEx Meetings Server allows three minutes for the failure to be detected and to reconnect all the affected meeting clients automatically. Users should not need to close their meeting clients and rejoin their meeting.

• Some failures might cause teleconferencing audio connections to disconnect. If that happens, users will need to reconnect manually. Reconnection should succeed within two minutes.

• For some failures not all clients and meetings are affected. Meeting connections are normally redistributed across multiple virtual machines and hosts.

Additional Information For a 2000 User System

A 2000 user system provides some high-availability functionality without the addition of a HA system. For a 2000 user system without high availability:

• Your system still functions after the loss of any one of the web or media virtual machines but system capacity will be impaired.

• Loss of the Administration virtual machine renders the system unusable.

For a 2000 user system with high availability:

• Loss of any one virtual machine (administration, media, or web) does not affect your system. Your system will still run at full capacity even with the loss of any one physical server that is hosting the primary virtual machines (administration and media or web and media) or the HA virtual machines (administration and media or web).

• When a failed virtual machine is restarted, it rejoins the system and the system returns to its normal working state.

• When a media virtual machine fails, meetings hosted on that server are briefly interrupted, but the meeting fails over to an alternate media virtual machine. Users must manually rejoin the desktop audio and video sessions.

• When a web virtual machine fails, existing web sessions hosted on that virtual machine also fail. Users must sign in to the Cisco WebEx site again and establish a new browser session that will be hosted on an alternate web virtual machine.

• When an administration virtual machine fails, any existing administrator sessions also fail. Administrators must sign in again to the Administration site and establish a new browser session that will be hosted on the alternate administration virtual machine. Also, there might be a brief interruption to any existing administrator or end-user meeting sessions.