Failover Service for Key Manager Plus (MS SQL Server Cluster)

(Feature available only for Windows installations of Key Manager Plus with MS SQL cluster as backend database.)


The Failover Service in Key Manager Plus is aimed at ensuring uninterrupted access to keys and certificates. It functions with redundant Key Manager Plus server instances that have access to a common MS-SQL cluster.

Note: Failover Service for Key Manager Plus allows configuration of a maximum of TWO instances of Key Manager Plus only.

How does failover service work?

Prerequisites to set up failover service

  1. FailOver service(FOS) can be configured only for builds that have MS SQL as backend.
  2. Both the primary and secondary servers should be bound by a common public static IP and Key Manager Plus web-interface will always be connected to this specific IP. So end-users can connect to Key Manager Plus anytime using the same public IP irrespective of whether Key Manager Plus running on primary or secondary server.
  3. Failover service can be set up only if the processor versions of both the primary and secondary machines are compatible with one another. i.e., 64 bit or 32 bit.
  4. The same version of Key Manager Plus should be installed in both the primary and secondary machines.
  5. The common static IP should not be assigned to any other machine.
  6. The subnet mask value of both primary and secondary servers should be the same as that of the subnet mask value of the common IP.
  7. During configuration process, make sure the Key Manager Plus service is not running.

Steps to configure failover service

Step 1: Set up primary and standby servers

Install Key Manager Plus in two machines. One will act as the primary server and the other will act as the standby server.
(You can choose which machines should act as primary / secondary through a configuration later.)

Step 2: Database setup

Failover service can be configured only with MS SQL clusters as back end database. To configure MS SQL as your backend database, refer to this section of the help documentation.

Step 3: Set up failover service in your primary installation

To set up failover service in your primary installation,

Once you enter the details and click Save. The configuration settings will be created as a .zip file in primary. This configuration pack will be named as and placed under the directory: Key_Manager_Plus_Primary_Installation_Folder>/FailoverService. With this, the failover service configuration in the primary server is complete. To configure FOS in the standby, the first step is to copy this .zip file and place it in the Key Manager Plus standby installation home directory.

Step 4: Set up failover service in your secondary installation

To set up failover service in the standby server,


1.Key Manager Plus License: Normally, when the FOS Settings file is unzipped in the standby, the Key Manager Plus license will also get automatically reflected respectively. Therefore, standby does NOT require a separate license file. You can use the same license you purchased for primary. On the other hand, if you are changing your Key Manager Plus license in the future, the same will not get reflected in the standby server. In that case, you need to apply the license file in the standby as a separate step.

2. Installing server certificate for standby server: To get the standby server running, it is vital to import the server certificate from the primary server into the standby server. To import server certificate into the standby server, open command prompt, navigate to <Key_Manager_Plus_Secondary_Installation_Folder>/bin and execute the command: importcert.bat <server_certificate_path>. Ensure that the server certificate is a .cer file.

Step 5: Start failover service in the primary and standby servers

After configuring FOS in both the servers, start the Key Manager Plus service in both the servers from the Windows services panel. A common static IP is used to access the application. e.g., https://<Common ip>:<Port>. When the primary server goes down, the standby server will get started.

Uninstalling Failover Service

You can deactivate the failover service either from the primary or the standby server.