Secure Redundancy

OPC Router redundancy settings

Configuration of the Secure Redundancy

warning

https:// connections are required to use secure redundancy mode.

Redundancy mode

Primary service

The primary service receives heartbeat signals from the secondary service. If the heartbeat signals are interrupted, a warning is displayed. If the primary service is no longer available, the secondary service takes over.

Pre-shared key	Character string that is used to authenticate the OPC Router. A secure character string can be generated using the ‘Generate’ button. This key must be the same for the primary and secondary service. An empty key is invalid and prevents the connection from being established.
Timeout (s)	Time in seconds after which the secondary service is considered disconnected if no heartbeat has been sent.

Secondary service

The secondary service is on standby as long as the primary service is available and starts as soon as the primary service is no longer available.

note

For the connection test to work, the redundancy configuration must be switched to productive.

Pre-shared key	Character string that is used to authenticate the OPC Router. A secure character string can be generated using the ‘Generate’ button. This key must be the same for the primary and secondary service. An empty key is invalid and prevents the connection from being established.
Trusted certificates	If an HTTPS address is specified, the certificates to be trusted can be selected here: All (unsafe): Every certificate is accepted. Router: A connection is authorised if the certificate is in the router's certificate management and is trusted. Windows: A connection is authorised if the certificate is available in the Windows certificate store.
Address	Address of the primary service. This is specified in URL format (http(s):host name/IP address:port). The port used to access the Web Management (the web interface of the OPC Router) must be specified as the port. Example: https://example.local:5001
Heartbeat Interval (s)	The interval in seconds in which the secondary service attempts to reach the primary service. Note: This value must be below the timeout of the primary service so that the connection in the primary service is not constantly regarded as disconnected.

Deactivated

In this mode the redundancy is inactive.

note

Note: The Web Management port of the primary service must be enabled in the firewall so that the secondary service can connect.

The status changes caused by the redundancy are logged. A log entry is created when the redundancy becomes active (Primary router has failed) or becomes inactive again (Primary router is accessible again).

warning

Warning: SAP®-Trigger can be problematic in redundant operation with identical user data. Problems arise because the plug-ins are also initialised in the secondary system and want to access the same user data.

note

The secure redundancy mode can also be configured via environment variables

configurable-environment-variables.md