Deploy PSM Health Check
This topic describes how to deploy and configure PSM Health Check.
Typically, load balancers verify PSM server availability by examining network connectivity to the server alone. The PSM Health Check enables you to determine PSM service availability (health) by querying a dedicated PSM Web Service deployed on each PSM instance.
The PSM Web Service verifies PSM service health of the PSM instance upon request and sends a response to the load balancer.
Prerequisites
-
PSM service installed on Windows 2016 or Windows 2019
-
Web Server (IIS 8.5) role is installed
-
A valid SSL certificate is installed on the Web Server
Install PSM Health Check
Use a user with administrative privileges to perform this procedure.
To install the Health Check:
-
Install Microsoft .NET Core Windows Server Hosting by downloading the latest Windows hosting bundle:
Go to MicroSoft .Net site: https://dotnet.microsoft.com/download/dotnet/6.0 and download ASP.NET Core Runtime 6.0.[latest version] for Windows>Hosting Bundle.
-
Download the PSM Health Check zip file from the CyberArk Marketplace.
-
Unzip the file.
-
In a PowerShell window, navigate to the HealthCheck folder.
-
To start the script, run the following command:
./HealthCheck.ps1
To install PSM health check in a non-default location, run the following command:
./HealthCheck.ps1 -installPath <PSM folder non-default path >
For example:
./HealthCheck.ps1 -installPath "F:\Program Files (x86)\Cyberark\PSM"
Configure the response mode
You can configure the response mode of the health check web service.
To configure the response mode:
-
Open the following file:
C:\Program Files (x86)\CyberArk\PSM\HealthCheck\appsettings.json
-
Modify the ResponseMode as follows:
Response Mode
Description
Classic
The health check service responds with 200 (OK) whether the PSM service is healthy or not, but the response body includes PASS or FAIL indicating if the server is healthy.
CodeBased
The health check service responds with 200 (OK) when the PSM service is healthy, and 503(Service unavailable) when the service is not healthy.
HeaderBased
This mode behaves like the Classic mode, but adds a parameter in the response header called IsHealthy, with a value of either Yes or No.
-
Restart the IIS service.
Upgrade PSM Health Check
To upgrade, uninstall any existing .NET core programs and then upgrade PSM Health Check.
Step 1: Uninstall .NET Core
Before uninstalling, verify that there are no other programs installed on the PSM server that require .Net Core runtime. |
Go to Control Panel > Programs and Features and uninstall the following programs:
- Microsoft .NET Core <version> - Windows Server Hosting
- Microsoft .NET Core Runtime - <version> (x64)
- Microsoft .NET Core Runtime - <version> (x86)
Step 2: Upgrade PSM Health Check
-
Install Microsoft .NET Core Windows Server Hosting by downloading the latest Windows hosting bundle from https://dotnet.microsoft.com/download/dotnet/6.0.
-
Download the PSM Health Check zip file from the CyberArk Marketplace.
-
Unzip the file.
-
In a PowerShell window, navigate to the HealthCheck folder.
-
To start the script, run the following command:
./HealthCheck.ps1 -scriptMode Upgrade
To upgrade PSM health check in a non-default location, run the following command:
./HealthCheck.ps1 -scriptMode Upgrade -installPath <PSM folder non-default path>
Troubleshooting
There are two ways to test the Health Check service:
-
Navigate to: https://<server>/psm/api/health to test if the service is up and running.
-
Run the following PowerShell command, for example: Invoke-WebRequest -uri https://<PSM-SERVER-FQDN>/psm/api/health
If the Health Check service fails, the response code 500 (Internal server error) is returned.
For additional error details, see the PSMWebService.log file located under the HealthCheck folder, by default:
C:\Program Files (x86)\CyberArk\PSM\HealthCheck.