When the primary data center fails, you can fail over to the secondary data center. To fail over, you modify the global load balancer or DNS record to point to the load balancer in the secondary data center.

See Using a DNS Record to Control Which Data Center is Active.

The Workspace ONE Access appliances in the secondary data center are in read-only mode. Therefore, most administrator operations, such as adding users or apps, or entitling users, are not available. See Workspace ONE Access Activities Not Available in Read-Only Mode.

Important: After you fail over to the secondary data center, you must clear all caches on the original primary data center. In case you need to fail over to the original primary data center, caches in that data center should be empty.

After the caches are cleared, restart all the connector instances. For 20.01 and later connector instances, restarting the connector instances means restarting all the installed enterprise services, such as VMware User Auth Service, VMware Directory Sync Service, and VMware Kerberos Auth Service, on each connector instance.

You can use a REST API to clear the cache. Run the following REST API from a REST client such as Postman:

PATH: /SAAS/jersey/manager/api/removeAllCaches

Method: POST

Add Headers:

Authorization: HZN <cookie_value>
Accept: application/vnd.vmware.horizon.manager.cache.removal.response+json
Content-type: application/vnd.vmware.horizon.manager.cache.removal.request+json’

Add in Body (raw) section:

  • You must run the API as the tenant administrator, that is, the administrator created in the System domain when you install Workspace ONE Access. Domain accounts synced from your enterprise directory cannot perform this function.
  • You can obtain the HZN cookie by logging into the Workspace ONE Access service as the tenant administrator, then accessing your browser's cookie cache.
  • Empty cacheNames indicates remove all caches.

Another way to clear cache is to reboot the virtual appliances.