Decisions Disaster Recovery Architecture

Overview

A Disaster Recovery (DR) Server is a standby instance of the Decisions Server, configured in a separate data center or availability zone from the primary environment. It is designed to take over operations if a failure or disaster impacts the primary server. The DR architecture ensures business continuity by maintaining System uptime and safeguarding data through Always-On SQL replication, synchronized file systems, and mirrored configurations. The DR server remains offline during normal operations but is prepared to activate immediately during a failover scenario, using shared licensing, identical configuration files, and secure database connections to mirror the primary environment.

Primary vs. Disaster Recovery Database Connections

Primary Database Connection

The Primary Connection String from the installation will be the Database Connection used for the main server.

Disaster Recovery / Secondary Connection

The Secondary Connection String operates as a Failover Connection if the Primary Connection String fails.

Configure Decisions as a Disaster Recovery server

To configure Decisions as a DR Server, at least two Decisions Installations will be needed. One of the installations is kept offline but references an MSSQL Database with Always-On Replication set for the Production Server. The Connection String applied to the Decisions Installer needs to reference the replicated database in the Disaster Recovery Server.

In addition, the Keys.dat and databaseid.txt files in the DR Server File System must be replaced with the same files from the Production Environment File System to operate identically in a Disaster Event. While the DR server is inactive, the settings.xml tag for this property should be set to <Offline>true</Offline>. This prevents other users (except administrators) from logging into the server.

DR Server location:

It is recommended that the Disaster Recovery servers be located at a different data center / availability zone than the primary Decisions environment.

Licensing Considerations for Disaster Recovery Servers

When using Machine Key-based licensing, there are critical steps that must be followed to ensure the Disaster Recovery (DR) environment operates correctly during a failover:

Apply the License to the Production Database First:
Machine-key based licenses are tied to specific machines and must be stored in the license_key table of the production database. To achieve this:
1. Point the DR server's database connection string to the live production database.
2. Run the license application process on the DR server to store its license in the production database.
3. After the license has been successfully applied, update the DR server to point back to the DR database.
License Application Process:
- No need to reinstall Decisions. Run DecisionsServerInstaller.exe, select Edit Settings, change the DatabaseConnectString to the production database, and save. After applying the license, reverse the process to point back to the DR database.
- Use either the Restart Service option in the Installer or run IISRESET to apply the changes.
Alternative Licensing Option: If preferred, self-licensing can be enabled, which allows the server to acquire and apply licenses automatically when needed. This must be supported and enabled explicitly.
Key Note:
- The license_key table can store entries for multiple machines, allowing production and DR servers to operate independently after appropriately configuring licensing.
- Failure to follow this process may result in the DR server being unable to activate during a disaster event due to missing or incorrect license records.
- For DR server instances, ensure that the databaseid.txt and keys.dat files are copied into the instance-specific file storage directory on the DR server.

Step-by-Step Setup

Install Decisions on the Disaster Recovery Server on a new database; note that this database will need a name different from the one used for Always-On Replication.
Stop the Decisions Server Service (or IIS App Pool).
Run the DecisionsServerInstaller.exe on the Disaster Recovery Server again and select Edit Settings.
Change the Initial Catalog field of the Database Connection String to match the name of the Always-On Replication Database.
While modifying the Settings, make sure that Offline is set to true.
Copy the Keys.dat and databaseid.txt files from the production server Decisions Services Manager directory and use them to replace the keys.dat and databaseid.txt files in the Disaster Recovery Server File System.

Additional Notes

If the Decisions Server being backed up is a Multi-Tenant environment, navigate to the DR Server Settings.xml file and set the <UseInstancePrototype> property to false.

The databaseid.txt file needs to be identical on the Production and Disaster Recovery Server as Scheduled Jobs operate differently if the file differs from the one present at the time of their creation, even if the database being used is identical.

Syncing Data To Disaster Recovery Server

Files Backup	For a complete and comprehensive list of the recommended files to Backup from the Decisions environment, please visit our Decisions & File System Backup article.
Settings.xml File	The configurations in the Settings.xml file between the Primary Server and Disaster Recovery Server must match, except <Offline>true</Offline>.
File Storage	The files in file storage are saved as regular files. This will require the organization's IT team to determine the best method of file replication in the Disaster Recovery environment.
Other Files	Keys.dat, Modules files, Databaseid.txt.

For further information on Installation, visit the Decisions Forum.