Before you configure
You configure XProtect Management Server Failover on two computers: primary and secondary.
Milestone recommends that you schedule downtime for the failover cluster configuration.
Network and computer prerequisites
|
Prerequisite |
Description |
|---|---|
| Operating system | Install two identical operating systems on the primary and secondary computers. To see a list of supported operating systems, go to https://www.milestonesys.com/systemrequirements/. |
| IP addresses |
Assign static IPv4 addresses to the primary and secondary computers. Both computers must belong to the same subnet. |
| IPv6 |
XProtect Management Server Failover does not support IPv6 addresses. Do not assign IPv6 addresses to the management server and external SQL Server computers. |
| Virtual IP | The virtual IP allows the remote servers to connect seamlessly to the running management server. Reserve an unused IPv4 address on the subnet of the primary and secondary computers. |
| Environment |
Configure the failover cluster in an Active Directory (AD) domain or workgroup environment.  Domain
Use the same AD domain for the primary and secondary computers. |
| Time | Synchronize the time and the time zones between the computers. |
| ICMP traffic | Allow inbound ICMP traffic through Windows Defender Firewall. |
| PowerShell execution policy | Set your PowerShell execution policy to Unrestricted. This allows the configuration wizard to run PowerShell scripts on both computers. See about_Execution_Policies. |
| Windows Defender Advanced Thread Protection Service | You must disable Windows Defender Advanced Thread Protection Service. See Disable Windows Defender Advanced Thread Protection Service. |
| IP address and host name resolution |
To ensure your computers resolve the IP addresses and host names, you must perform forward and reverse DNS lookup queries in PowerShell. See DNS lookups . |
SQL Server prerequisites
SQL Server is part of the failover cluster
If you want XProtect Management Server Failover to replicate the SQL Server databases and provide failover for SQL Server, you must have SQL Server on the primary and secondary computers.
|
Prerequisite |
Description |
|---|---|
| SQL Server installation |
You need to have one SQL Server on the primary and secondary computers. The installations must be identical. To see a list of supported SQL Server editions for your VMS product, go to https://www.milestonesys.com/systemrequirements/. |
| Database backup |
Back up any existing databases to avoid loss of data. During the failover cluster configuration, the wizard replicates the SQL Server databases on the primary computer to the SQL Server databases on the secondary computer. All data on the secondary computer's SQL Server databases is overwritten. |
| SQL Server service account |
The SQL Server service must run under the same AD user account as the XProtect services. To change a service account for the XProtect VMS, see Changing the service account that runs a VMS service |
| Databases | Place the DATA and Log databases in the same folder. See View or Change the Default Locations for Data and Log Files. |
| Instance name | Verify that the instance name of your SQL Server is MSSQLSERVER. See View the instance name of the SQL Server. |
You have external SQL Server in your network
You can exclude the SQL Server databases from data replication and use your own SQL Server installation.
You must always have only one running management server that communicates with SQL Server. To avoid potential database conflicts, there are additional steps, see Prerequisites for using external SQL Server .
The failover server configuration with external SQL Server does not work in a workgroup environment.
VMS prerequisites
Install two identical VMS products under one user account with administrator permissions.
When working in a domain environment, select AD users for the service accounts and only give them the permissions required to run the relevant services.
On the primary and secondary computers, install the following system components:
-
XProtect Management Server
-
XProtect Event Server
-
XProtect Log Server
-
XProtect Management Server Failover
-
XProtect Recording Server (optional), see Prerequisites for installing a recording server on the primary or secondary computer.
Milestone recommends that you install all other server components not mentioned above on different computers.
Depending on your system configuration, consider the following:
|
Prerequisite |
Description |
|---|---|
| Encryption | To encrypt the connection to and from the running management server, you must install the CA certificate and an SSL certificate on the primary and secondary computers. See Encrypting the connection to the failover cluster. |
| System configuration password |
To assign a system configuration password, use the same password for the VMS installations on the primary and secondary computers. |
| External IDP | To use an external IDP, you must set up data protection. For more information, see Install in a cluster. |
| API Gateway |
To use API Gateway, you must install the component on both computers. |