High-Availability (HA): how to setup

This article assumes you've already read, understood, and are familiar with the general concepts explained here.

Once you have decided how to deploy your Syncplify Server! high-availability set, going from theory to practice is actually quite simple: it's just a two-step process.

Step #1: deploy the first node as if it were a single stand-alone server

This procedure is very well explained here (for Windows) and here (for Linux).

Before proceeding with Step #2, ensure that the system clock on every node in your HA cluster (including the one you are about to add) is synchronized with a reliable time source. The recommended way to achieve this is by enabling NTP on all nodes. If even a single node has an out-of-sync clock, the entire HA cluster will not function.

Step #2: adding the second (or n-th) node to make your HA set

If you are familiar with the single-node setup of Syncplify Server! (see step #1) then you surely have noticed that, at the beginning of the web-based part of the installation process, you're presented with the following choice:

To deploy your HA set you simply have to install Syncplify Server! on another node (machine or VM) and, when presented with the above choice, you'll select the "Add this node to another..." option.

You will then choose a Node ID (and an optional description) as usual...

And then you will type the IP address and port (separated by a single colon) of the first node, the one you previously installed as a single stand-alone server. For best performance and optimal routing you should always use the nodes' internal (LAN) IP addresses here.

Do not try to be creative here, do not type anything exotic like the nodes' NetBEUI names "just because Windows knows it" or similar oddities. It will not work. Please, just follow the instructions and type the LAN IP address and port of the existing node you want to join to create your high-availability set. Thank you!

Step #3: safe-list your load balancer(s)

If your HA deployment includes a load balancer (or multiple load balancers), this step is mandatory.

Load balancers continuously probe SFTP nodes by opening connections and then closing them, often without completing authentication. This is normal and expected behavior. Syncplify Server!'s built-in Protector! mechanism, however, cannot distinguish between a load balancer health-check and a connection-flood attack. Without intervention, Protector! will eventually auto-block the load balancer's IP address, which will bring down the entire cluster from the clients' perspective.

The fix is straightforward: add the IP address of every load balancer to the safe-list. Safe-listed addresses are never auto-blocked by Protector!, regardless of how they behave. This is precisely the scenario the safe-list was designed for.

For a full explanation of the difference between the block-list, allow-list, and safe-list, see this article.

How to be notified of new releases

Setup on Windows (GUI)

Setup on Windows (CLI)

Setup on Linux

Updating/upgrading Syncplify Server!: the general rule

Upgrading from v4/v5 to v7

Upgrading from v6 to v7 (Windows)

Upgrading from v6 to v7 (Linux)

Upgrading from v6 to v7 (when everything else fails)

How to move/migrate your software to a different machine/VM

How to recover (decrypt) old v4/v5 encrypted VFSs

High-Availability (HA) general concepts

High-Availability (HA): how to setup

Licensing and license codes: a complete overview

How to fix "Invalid OTP" error during setup

Where is the manual?

Using network shares (UNC paths) with Syncplify Server! v7+ on Windows

Using network shares (UNC paths) with Syncplify Server! v7+ on Linux

How to backup your Syncplify.me Server! v4/v5

Insecure warning in your browser? It might be OK...

Virtual File System (VFS) Encryption

Overriding permissions on folders/directories

How to change a SuperAdmin password

How to reset the SuperAdmin (SA) password in v4/v5

How to disable 2FA for a SuperAdmin account

How to auto-fix problems with the Web/REST system service

True 2FA/MFA over SSH2/SFTP via keyboard-interactive authentication and Google Authenticator

How to use the SFTP Virtual File System (VFS)

How to use the S3 Virtual File System (VFS)

How to use the Azure blob storage Virtual File System (VFS)

How to use the s3 Virtual File System (VFS)

How does the block-list (Protector!) work?

Block-list, allow-list, and safe-list

Authenticating users via PKI

Customizing SFTP and FTP(E/S) greetings and banners

How to override permissions on subfolders inside the user’s Home VFS

FATAL ERROR: Connection reset by peer (could not connect to server)

Virtual File Systems (VFS) with quotas

Solved: insecure FTP data connection (TLS session resumption)

Parametric home directories (VFS)

Cannot connect: "unexpected message type 30 (expected one of [34])" reason found in log file

How to backup your Syncplify Server!'s database

Unsupported public key authentication algorithm SshRsa (ssh-rsa)? Here's how to fix it.

How to import many users at once from a CSV file

How to email a list of uploaded files

VFS.ImportFile and VFS.ExportFile

Preventing upload of EXE files

How to download a "publicly shared" (WebClient!) file via PowerShell

Getting started with the REST API

No, we are not affected by Log4j vulnerability (CVE-2021-44228)

How Syncplify.me Server! prevents SSHPsycho attacks

W3C log file format and UTC timestamps

Firewalls and FTP external IP address for PASV

Where do I download the old v4/v5/v6 installers?

Why PGP is an extremely bad choice for a file server's at-rest encryption, and how to do it right

Timeout logging into the SuperAdmin or Admin UI? This is how you may fix it.

Understanding FTP and Its Variants

SFTP and SCP: Secure File Transfer Protocols

High-Availability (HA): how to setup

Step #1: deploy the first node as if it were a single stand-alone server

Step #2: adding the second (or n-th) node to make your HA set

Step #3: safe-list your load balancer(s)