< Home

healthcheck (SACG configuration view)

Function

The healthcheck command enables the health check function for a third-party authentication server.

The undo healthcheck command disables the health check function.

Format

healthcheck healthcheck-name

undo healthcheck

Parameters

Parameter Description Value
healthcheck-name Specifies the name of a health check task. It must be the name of an existing health check task.

Views

SACG configuration view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In SACG scenarios, some account and password information is stored on the Agile Controller, and some account and password information is stored on the third-party authentication server. When a user enters the account and password on the client to initiate an identity authentication request, if the account and password are stored on the Agile Controller, the Agile Controller authenticates the user. If the account and password are stored on the third-party authentication server, the AC-Campus will send the account information to the third-party server for authentication. The third-party server sends the authentication result to the AC-Campus. The AC-Campus authorizes the user based on the authentication result.

In the scenario where user authentication is done on the Agile Controller, if the Service Controller detects that the number of active Agile Controller is smaller than the configured smallest value, the emergency channel is enabled. The Service Controller cannot detect whether the third-party authentication server is active. If an exception occurs, user authentication cannot be done on the third-party authentication server. In this case, the FW acting as the SACG needs to check the health of the third-party authentication server. If the health status of the third-party authentication server is Down, the FW enables the emergency channel, ensuring service continuity. After the fault is rectified, the emergency channel is automatically disabled, and the original permission control for the user is restored.

Configuration Impact

Both the keep-alive function of the Service Controller and the health check function on third-party authentication servers determine whether to enable the emergency channel. If the result of either detection is abnormal, the emergency channel is enabled. The emergency channel is disabled only when the results of both detections are normal.

Precautions

Before running the healthcheck command, you must run the healthcheck name command to specify a health check task name (healthcheck-name) and the destination protocol command to add health check detection nodes (up to 16 detection nodes can be configured). Then, reference this health check task in the SACG configuration view.

The undo healthcheck command can be successfully executed regardless of whether the emergency channel is enabled.

Example

# Reference health check task hchk1 in the SACG configuration view.

<sysname> system-view
[sysname] right-manager server-group
[sysname-rightm] healthcheck hchk1
Parent Topic: SACG Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >