Zero downtime upgrade enables you to upgrade Unified Access Gateway with no downtime for the users.
When the Quiesce Mode toggle is turned on, the Unified Access Gateway appliance is shown as not available when the load balancer checks the health of the appliance. Requests that come to the load balancer are sent to the next Unified Access Gateway appliance that is behind the load balancer.
Prerequisites
- Two or more Unified Access Gateway appliances configured behind the load balancer.
- The Health Check URL setting configured with a URL that the load balancer connects to check the health of Unified Access Gateway appliance.
- Check the health of the appliance in the load balancer. Type the REST API command GET https://UAG-IP-Address:443/favicon.ico.
The response is
HTTP/1.1 200 OK
, if the Quiesce Mode toggle is turned off, orHTTP/1.1 503
, if the Quiesce Mode toggle is tuned on.Note:- Do not use any other URL other than GET https://UAG-IP-Address:443/favicon.ico. Doing so will lead to incorrect status response and resource leaks.
- If High Availability setting is enabled, then Quiesce Mode (zero downtime) applies to Web Reverse Proxy and Horizon only.
- If third party load balancers are used, then Quiesce Mode (zero downtime) is applicable if they are configured to perform health check using GET /favicon.ico.
Procedure
What to do next
- For a vSphere deployment:
- Back up the JSON file by exporting the file.
- Delete the old Unified Access Gateway appliance.
- Deploy the new version of Unified Access Gateway appliance.
- Import the JSON file you exported earlier.
- For a PowerShell deployment:
- Delete the Unified Access Gateway appliance.
- Redeploy the Unified Access Gateway with the same INI file that was used during the first deployment. See Using PowerShell to Deploy the Unified Access Gateway Appliance.
Note: If you see a Tunnel Server certificate error message after re-enabling the load balancer, apply the same SSL server certificate and private key PEM files that was used earlier on the
Unified Access Gateway appliance. This is required because the JSON or INI file cannot contain private keys associated with an SSL server certificate since private keys cannot be exported, due to security reasons. With a PowerShell deployment, it is done automatically and you do not need to reapply the certificate.