I am trying to find ways to improve the UC envionrment of my company after I took over the system 4 years ago. One topic that came across my thoughts was currently we are navigating directly to our UCCX servers to access Finesse (https://<UCCXpublisherserverFQDN>:8445/desktop). We did setup HA access utilizing SRV records for Jabber earlier, and I was wondering if there is some method to allow HA access for FInesse in the case that the UCCX Publisher goes down and all of the agents are currently connected to Finesse with the current method of directly to the UCCX publisher server. I have started looking and it looks like there is a way, but I couldn't really find how to configure it.
In case of UCCX Publisher goes down and Secondary UCCX becomes Master, then all logged in agents will be automatically redirected to secondary UCCX server.
Please see below design document for more details about Finesse HA considerations:
I’ve always wondered about how this would work for an agent that is not logged into Finesse and the primary node goes down? The document does not AFAIK cover this, it only mentions already connected and logged in agents and failover.
We had a recent event just like this...
All logged in agents were automatically switched over... it was very smooth!
However, when the new shift came in an hour later, they all had to get the URL to the secondary server...
So, now we have placed TWO shortcuts on everyone's desktop.
This was what I suspected. Not really the best UX for the users of the system in my opinion. Would you happen to have gone down the path of adding a LB, with monitoring of the web services to only switch to the secondary server if the primary is down, into the mix?
@rikardkrvaric is right. Agents and Supervisors need to know URL for secondary server. If primary UCCX is down and agents/supervisors are trying to login using primary finesse URL, then they will get error message or the request will timeout. AFAIK they need to manually switch to secondary finesse URL.
This is a use case where a load balancer would help a ton, however I don't know if in UCCX you can login to the secondary UCCX server while the primary is active. It you can, it would be nice to split your logged in agents between both servers in case of an issue you only affect have of your population. This is something we try to do for UCCE.
The earlier referenced document states that a load balancer is not supported. As far as I can tell for the specific reason that the system does not support login on the inactive node. However you should be able to setup your LB to check for availability as part of the service to not actually load balance as such, but more operate as a failover. This could be the way for this.
Once time allows I’ll digg into this, but it would not be anytime soon as I’ll be going on vacation in three days.
In recent versions of UCCX both the PUB and SUB Finesse servers are always active and agents can connect to/use either Finesse server (I think this capability was first added in 12.5.1). However, TAC's recommendation is that agents should only connect to the active server. You can see which agents are connected to which server with this command:
utils finesse show_connected_users detail
and from the Finesse Administration "Connected Agents" tab here:
This is super good information. It would be nice if Cisco would provide guidance on this as it is super important and helps with maintenance windows.
I would be able to connect to either server, but in our instance, I would have to use different URL links. One for publisher, and the other for Subscriber, and we have shortcuts published on the dekstops of our agnets that is pointing to the publisher server. So I am looking for a HA setup (similiar to SRV records in Jabber) that would determine which server is avaialble and connect to the valid server in the case of a server failure.
Sopmething we are looking at is setting up a seperate DNS records (email@example.com) and have them pointing to both servers. Now I have verified that if I flush my DNS, and ping the DNS name, then it hits primary server, if I flush the DNS again, it will hit the secondary server. Now I am thinking this will help load balance the users, but something tells me this would not benefit me in the instance of a server failure. As when I am connected to Finesse, it is pointing to the primary server directly. Also, something tells me that DNS would still try and resolve the downed server, and thus get half of the users failing while the others would be able to connected to the server that was online. I would have to perform a failover testing to confirm this theory.
You would need to use a load balancer in front of the servers that has a health check monitor to check the reachability of the Finesse web service to do what you ask about. Have in mind that for this you would need to update the signed certificate for tomcat so that the clients trust the in between FQDN defined for the LB and the FQDNs of the CCX servers.
Using load balancer is good option but as per design guide Unified CCX does not support load balancing of agent login. All agents must log in to the Master Node only. The enhancement in behavior is for failover support only.
Hopefully someone from Cisco Team can clarify if load balancer is supported or not and what are the best practices for Finesse login using single URL instead of using two in case of primary node failure.