VIP Enterprise Gateway Business Continuity

book

Article ID: 151020

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

 

Resolution

What is Business Continuity Mode?

Business Continuity Mode (BC) is for situations where the cloud service is experiencing an issue or an internal network or DNS issue is occurring.

This mode allows any six-digit code to pass MFA. The end user does not know the service is accepting any six-digit code.  In this mode, OOB features will not work (VIP Push, SMS, or Voice or Email).

Note: If you are using a VIP Enterprise Gateway validation server with User ID + LDAP Password + Security Code mode (ULO) and are having LDAP connectivity issues, BC mode will not work as it requires a working LDAP connection.

Note: If you are using the VIP JavaScript with Enterprise Gateway 9.8.4 in your application, entering BC mode will allow the six-digit codes to pass. However, prior to Enterprise Gateway 9.8.4 entering BC mode will cause the JavaScript validations to fail.

How to enable Business Continuity Mode on VIP Enterprise Gateway

  1. Log in to the Enterprise Gateway console (Example, default: http://localhost:8232/vipegconsole).
  2. Click the Validation tab.
  3. Under the Action column, click Edit for the validation server you want to enable Business Continuity mode on.
  4. Scroll down the page to find the section titled Business Continuity.
  5. Click the option for Enabled.
  6. Then click Submit.
  7. The validation server must be restarted for the change to take effect. Conversely, to exit BC mode either Disabled or Automatic must be selected. 

Confirming BC Mode

  1. To confirm that the validation server is currently in BC mode click on the Logs tab in the VIP Enterprise Gateway Console.
  2. Select the server.log for the validation server that was manually set to BC mode.
  3. For a validation server configured to use User ID + Security Code mode (UO), the logs will display:
    Access GRANTED
  4. For a validation server configured using User ID + LDAP Password + Security Code mode (ULO), the logs will display:
    Access GRANTED cloudId=<username> reason=0

How to Enable BC mode for ADFS

  1. Log on to the Primary ADFS server.
  2. Open the VIP Integration Settings application.
  3. Click the Enable Automatic Business Continuity Mode check box.
  4. Click OK and then open Services.msc.
  5. Find Active Directory Federation Services and then restart the service. Note: This will reset all ADFS connections for all hosted SSO applications.
  6. If you have multiple ADFS farm machines the same steps will need to be followed for all servers in the cluster.
  7. To return to non-BC mode, open the VIP Integration Settings application and uncheck the Enable Automatic Business Continuity check box. Click OK.
  8. Open Services.msc.
  9. Repeat step 5.
  10. Verify that users can log in.

Need More Information?

Detailed information on monitoring the availability of the VIP cloud platform and gracefully handling service degradations to allow business continuity is available in the attached PDF document.

Attachments

VIP_Business_Continuity_Preparedness.pdf get_app