Edge Server Replacement

Owned by Sacha Parisot (Unlicensed)
03-Jun-2022
2 min read

Edge Servers may need replacing after a catastrophic failure.  A replacement edge server must be installed in the unprovisioned state. To support undisciplined installation or replacement procedures, where field personnel may move previously provisioned edge servers between sites, An IAP-compliant edge server must support a tool to return to the unprovisioned state.

Such a tool could be a hidden button (the paperclip method), a user interface function exposed by a built-in web interface, a special command, and/or tool.  The replacement edge server has a different designated MACID from the edge server that it replaces, but it will be assigned the same SID.

To replace edge server A using SID “segment a” with a replacement edge server B, follow the standard edge server provisioning procedures outlined in Segment Provisioning.  When provisioning replacement edge server B, the CMS must assign it the same SID value as segment a.

The CMS assigns new MQTT authorization credentials to edge server B at this time, revoking the credentials previously assigned to A.  This prevents the replaced edge server A from accessing the system, in the event A will be recovered, found again, or was removed and replaced as result of undisciplined action.

Once the replacement edge server B is provisioned, the CMS issues a series of actions to restore the devices, groups, connections and any other aspect of A into B.  Where routing data is available, the CMS includes this when creating devices within the replacement edge server B. See the routing property  in Create Action Properties for more information.  Where implementation data is available, the CMS includes this when creating the corresponding items. Implementation data is discussed in Implementation Detail Object.

The replacement process preserves previous configuration including schedules, groups, and attempts to preserve logical, addresses such as handles for devices, groups, and so forth.

It is desirable that the replacement process be non-disruptive to the edge devices, or that disruption of edge device operation be limited to the minimum impact possible. For example, an edge server may inspect an edge device’s state first, and if found fit for use, may not need to re-provision a device as a result of the edge server replacement.
This is at the discretion of the edge server’s edge processor.

The primary goal of the replacement process is to produce a system that works exactly like the system which was being replaced; a functionally equivalent replacement.  A secondary goal is to achieve this replacement in the least disruptive manner possible. Some degree of disruption is accepted however, after all, the replacement occurred following a disruptive event which made the replacement necessary in the first place.

See Implementation Detail Object for information to help minimize disruption.