Summary
Allow administrators to configure an active/passive failover mode for publishers on a per-application basis, instead of the current active-active only model.
Business justification
We route SAP S/4HANA traffic (SAP GUI thick client) through two Private Access publishers. The SAP GUI client does not tolerate network path changes: any publisher switch immediately resets the TCP session, causing a SAP_GUI_DISCONNECT error.
Hundreds of unique users experienced repeated disconnections due to publisher switching. Each Netskope "Change in Network" event triggered a PoP or publisher change, breaking the active SAP session.
Current situation
- Active-active (current): redundancy is maintained, but publisher switching causes mass disconnections for session-sensitive applications.
- Single publisher (our workaround): disconnections are resolved, but redundancy is completely lost. If the publisher fails, all SAP access is down.
We are forced to choose between reliability and availability.
Requested feature
Per-application publisher assignment with active/passive failover:
- All traffic for a designated private app routes through one primary publisher
- The secondary publisher activates only if the primary becomes unavailable (health check failure)
- No load balancing or switching occurs while the primary is healthy
Impact
This would benefit any Netskope customer running session-sensitive applications (SAP GUI, RDP, thick clients, persistent TCP applications) through Private Access with multiple publishers.
Reference
Netskope Support Case: 00610614
