IQService Fallback Implementation

IQService allows you to install a secondary instance (fallback instance) of primary service running on a IQService host machine. This secondary IQService instance will take over only when a primary IQService instance is down and not serving the requests coming from SailPoint.

In Identity Security Cloud, any request from user gets routed through VA (Cloud Connector Gateway). VA takes care of sending request to the appropriate request handler. Here if primary IQService instance is down, then the request processing will be redirected to secondary IQService instance by the VA.

Note
Once the primary IQService is restored or working as expected, VA will automatically start redirecting requests to the primary IQService.

Secondary service must not be considered as a load balancer service or a high availability service. Secondary service will purely work as a fallback service for primary IQService in case of failure of primary IQService.

Note
Secondary IQService details are updated in source xml file only after first Test connection call.

Installing the Secondary IQService Instance

The secondary IQService is automatically installed on the same host but with different port (installer will use another available port) as the primary IQService. After installation, you can configure a different port and TLS port.

  1. IQService.exe -i : This command installs two instances of IQService. During installation it creates "IQService-Instance1-Secondary" directory inside installation directory of IQService. It copies all files present inside installation directory to that directory. It is installation directory for IQService-Instance1-Secondary service.
  2. IQService.exe -i -b : This command allows customer to install only one instance of IQService. This command is recommended for only for the customers having load balancer configured to take care of failures in running service.
  3. IQService.exe -s : If secondary service is installed this command will start both the instances of IQService.
  4. IQService.exe -k : If secondary service is installed this command will stop both the instances of IQService.
  5. IQService.exe -t : If secondary service is installed this command will restart both the instances.

Note
When Primary service is started, stopped, or restarted either from command or through services console the operation will be performed on both the instances.

Configuring the Secondary IQService Instance

The following commands are for the Secondary IQService:

  1. IQService.exe -v : Print version information
  2. IQService.exe -p <port number> : Update the port number of secondary service
  3. IQService.exe -o <port number> : Update the TLS port number of secondary service
  4. IQService.exe -t : Restart the secondary service

For TLS, secondary service will use all the configuration defined in primary service (except the TLS port).

The secondary service will use the log level defined in the primary service. The filename will be same as that of primary service. The only change is that the file would be present in the installation directory of the secondary service.

Note
It is recommended that customer should not stop secondary service.

Note
If log on user is changed for primary service then same log on user should be configured for secondary service, as well.