== Deployment state machine
[#architecture2]
.Partner Solution deployment state machine architecture for {partner-product-short-name} on AWS
image::../docs/deployment_guide/images/quickstart-cisco-ise-on-aws-architecture-DeploymentStateMachine.png[DeploymentStateMachineArchitecture]

As shown in <<architecture2>>, this Partner Solution includes a deployment state machine to form a two-node {partner-product-short-name} deployment. The deployment state machine performs the following functions:

. Check {partner-product-short-name} status to verify that both {partner-product-short-name} instances are up and ready.
. Set the first {partner-product-short-name} instance as the primary administrator node (primary PAN or PPAN) of a new {partner-product-short-name} deployment.
. Register the second {partner-product-short-name} instance as the secondary administrator node (secondary PAN or SPAN) in the same {partner-product-short-name} deployment.
. Check the deployment sync status to verify that both nodes are synchronized.

NOTE: CloudFormation deploys the state machine architecture towards the end of the stack creation.

== PAN Failover State Machine
[#architecture3]
.Partner Solution Failover State Machine architecture for {partner-product-short-name} on AWS
image::../docs/deployment_guide/images/quickstart-cisco-ise-on-aws-architecture-FailoverStateMachine.png[FailoverStateMachineArchitecture]

As shown in <<architecture3>>, this Partner Solution deploys a failover state machine to promote SPAN to PPAN in the event of a PPAN failure. Failover keeps access to the Cisco web console open and enables certain aspects of {partner-product-short-name} to continue running. The failover state machine performs the following functions:

. Detect PPAN failures.
. Verify accessibility of the API gateway on SPAN.
. In the event of PPAN failure, promote SPAN to PPAN.
. Confirm that PAN failover has completed and is successful.

== AutoFailover

During deployment, if you set the Auto Failover (`AutoFailover`) parameter to `ENABLED`, the deployment schedules the failover state machine to run periodically as an https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rules.html[Amazon EventBridge rule^]. The deployment sets `AutoFailover` to `DISABLED` by default in the templates, because there are only two {partner-product-short-name} nodes and auto failover can result in a 30-minute downtime while services are restarted.

== Parameter Store
This Partner Solution stores its configurable parameters in https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html[AWS Systems Manager Parameter Store^]. The parameters are:

[%autowidth]
|===
|Name |Description

|ADMIN_PASSWORD |_The password of the {partner-product-short-name} Admin User used by Lambda for ERS/OpenAPI requests._
|ADMIN_USERNAME |_The username of the {partner-product-short-name} Admin User used by Lambda for ERS/OpenAPI requests._
|Maintenance |_The allowed values are `DISABLED` (default) and `ENABLED`. When `ENABLED`, Lambda will skip health checks and PAN failover._
|Primary_FQDN |_The fully qualified domain name (FQDN) of PPAN._
|Primary_IP |_The IPv4 address of PPAN._
|Secondary_FQDN |_The FQDN of SPAN._
|Secondary_IP |_The IPv4 address of SPAN._
|SyncStatus |_The latest synchronization status of the {partner-product-short-name} deployment from the last health check._
|===