Xiid Commander Redundancy and Failover

Xiid recommends deploying multiple Xiid Commanders per tenant to protect against failure in the event that one Commander's machine experiences issues such as disk failure. It is also useful to prevent downtime during Commander upgrades.

Commander SecureLinks

DANGER

Since Commander SecureLink codes can be used to create new Commanders with the authority to manage your Xiid environment, they are extremely sensitive and should be guarded with care.

When you deploy your first Commander, it establishes encryption keys with the Connectors that you are authorized to use.

When additional Commanders are deployed, they need the same encryption keys to be able to communicate with other Commanders and the Connector fleet.

To address this problem, Commanders have the ability to generate and consume a SecureLink code that contains the relevant encryption-related information necessary to enable this communication.

As a result, the SecureLink code is required during additional Commander activation and setup.

These codes are only visible to you at the time of generation and can be repeatedly generated. The Time-to-live (TTL) of the SecureLink codes is a maximum of one week, since the codes contain highly sensitive information for your environment.

When a SecureLink is provided to onboard a new Commander, the new Commander will reach out to the Commander used to generate the SecureLink code through an encrypted communication channel, leveraging Xiid Connectors as an intermediary, and ingest the configurations from the original Commander's database. This includes Administrators, Tags, Template, Profiles, Routes, and STLinks.

Moving forward, all actions performed on any Commander will be synchronized with every other Commander in your environment.

Deploying Additional Commanders

INFO

If you've misplaced your Activation Code, please contact your Xiid representative.

To deploy additional Commanders, you will need your Commander Activation Code. This code was provided to you by Xiid (or your system administrator for self-hosted environments) during your first Commander installation.

Generate a SecureLink Code from an Existing Commander

The first step to installing an additional Commander is to generate a SecureLink from your original Commander.

• Sign in to an existing, activated, and functional Commander Portal
• Click the profile icon with the orange outline in the top right corner
• Click the Link New Commander menu item
• In the modal that appears, set an expiration date and time for the SecureLink code
  • We strongly recommend limiting expirations dates to a maximum of 48 hours from your current time
• Click Get SecureLink Code
• The SecureLink code will be displayed in the modal along with a copy button on the right side

Install the New Commander

Next, download the Commander installer on the machine you wish to use as a new Commander and run the installer from an administrator Command Prompt or as sudo in Linux.

Make sure to use the Base Installer for the Commander that does not have an Activation Code embedded in its filename.

Configure the New Commander

After the installation completes, open the Commander Portal.

The Commander Portal will prompt for the Commander Activation Code which was provided to you by Xiid.

Enter the Activation Code and click the Send Code button.

The next screen will ask you for a user-provided Name for the Commander and for a SecureLink code.

The Name field is useful to differentiate between your Commanders within your environment. Enter the SecureLink code generated above in the SecureLink field and click Submit.

You will be redirected to the login page and may now sign in using the same credentials you use in your other Commander(s).