How Unified Agent (UA) fails over to a different data pod or data center in the event of an outage while connecting to the Web Security Service (WSS)?
Web Security Service
If a data pod that the UA is connected to goes down, the load balancer automatically sends the agent to another available pod when there are multiple pods at that data center. Otherwise, if the data center is a single pod site (or has no load balancer), then DNS automatically resolves over to another data center within two minutes. This time is not configurable.
Additionally, UA always fetches a list of the three closest data centers from the Cloud Traffic Controller (CTC), to which it will establish connections to the service. This is shown in its diagnostics files as follows:
<16>[12-05-2017 08:10:23 (UTC-5:00)]: Tunnel#91(my-username) Connected: CC: 126.96.36.199(DC5-TCP), Nat IP: 10.240.x.x
<16>[12-05-2017 08:10:22 (UTC-5:00)]: CA Tunnel#91(my-username) connecting to 188.8.131.52
<16>[12-05-2017 08:10:21 (UTC-5:00)]: CTC: ACTIVE(GEOIP) DC5-184.108.40.206 MI2-220.127.116.11 NY2-18.104.22.168
<16>[12-05-2017 08:10:21 (UTC-5:00)]: Connection to WSS successful
<16>[12-05-2017 08:10:21 (UTC-5:00)]: Tunnel#90(non-interactive-user) Connected: CC: 22.214.171.124(DC5-TCP), Nat IP: 10.240.x.x
<16>[12-05-2017 08:10:21 (UTC-5:00)]: CA Tunnel#90: status:SUCCESS-authorized, IP bypass count: X, Domain bypass count: Y
The following KB shows if a data center has multiple data pods, or only a single data pod: