Before you configure

XProtect Management Server Failover is configured between two computers represented as nodes: a primary computer and a secondary computer.

During the failover cluster configuration, the wizard replicates the data from the primary computer to the secondary computer.

Milestone recommends that you schedule downtime for the failover cluster configuration.

The primary and the secondary computer cannot be used in other cluster configurations.

Network and computer prerequisites:

  • Install two identical operating systems on the primary and the secondary computer. To see the list of supported operating systems, go to the Milestone website (https://www.milestonesys.com/systemrequirements/).

  • Assign an IPv4 address for the computers. Both computers must belong to the same subnet.

    XProtect Management Server Failover does not support IPv6.

  • Use one Active Directory (AD) domain

  • On both computers, install XProtect using the same AD user account with administrator rights.

  • Synchronize the time and the time zones between the computers

  • Reserve an unused IPv4 address that will serve as the virtual IP of the failover cluster. This IPv4 address must be in the same subnet as IP addresses for the primary and secondary computer.

    To make sure that the reserved IPv4 address is never distributed, you can exclude it from the DHCP pool.

  • Allow inbound ICMP traffic through Windows Defender Firewall

  • Perform the forward and reverse DNS lookup queries in Windows PowerShell:

      • On the primary computer run the query Resolve-DnsName [secondary computer host name]

      • On the secondary computer run the query Resolve-DnsName [primary computer host name].

      The host name of the computer must correspond to the first IP address on the list.

      • On the primary computer run the query Resolve-DnsName [secondary computer IP]

      • On the secondary computer run the query Resolve-DnsName [primary computer IP].

      The computer IP address must correspond to the first FQDN entry on the list.

SQL Server prerequisites

  • Back up any existing databases

    During the failover cluster configuration, all SQL databases on the secondary computer are overwritten. The data cannot be restored.

  • Install identical SQL Server versions on the primary and the secondary computer using the same AD user account as XProtect

  • Make sure that only one SQL Server is installed on the primary and the secondary computer

  • Verify that the instance name of your SQL Server is MSSQLSERVER

    To view your SQL Server instance name, select the Windows start bar and type services.msc. Scroll down to SQL Server [Display name]. Right-click the service and select Properties. The value in the Service name field is the instance name.

VMS prerequisites:

Install identical VMS products on the primary and the secondary computers. Make sure that you have installed only the following system components:

  • XProtect Management Server

  • XProtect Event Server

  • XProtect Log Server

  • XProtect Management Server Failover.

The XProtectRecording Server component and all other component not mentioned above must be installed on other computers.

Depending on your system configuration, consider the following:

  • Encryption: to encrypt the connection to and from the running management server, you need to install two certificates for the Management Server service on the primary and the secondary computer.

  • System configuration password: if you want to assign a system configuration password, use the same password on the primary and the secondary computer.

    Do not add or change the system configuration password when you have configured the failover cluster.

  • External IDP: if you use an external IDP, set up data protection.

  • API Gateway: if you want to use API Gateway, install it on both computers.