Configuring a high-availability pair is optional. However, if you configure a high-availability BIG-IQ system and the active peer fails, the standby peer will become active, enabling you to continue to manage devices.
BIG-IQ Security performs asynchronous replication per transaction, which means that data is replicated continuously, asynchronously, on a transaction-by-transaction basis as changes are made or commands are run on the active system.
Continuous, asynchronous replication ensures you that the stored state on each BIG-IQ system is identical to the state on the other BIG-IQ system(s) in the HA configuration. You can resume managing firewalls after a failover without loss of any configuration change that might have occurred prior to failover.
In addition, all intermediate generations of a configuration object are identical on all HA peers. This is required because snapshots can refer to previous generations, and the system must be able to restore on any node a snapshot that was originally taken on a peer.
Terminology is crucial in understanding the status of the high-availability (HA) relationship. The following list defines some important terms used in HA configurations.
If you see the status indications Active (Secondary) on the secondary device, you have failed over to the node that is not the primary.
In the unlikely event of network segmentation, both systems may report that they are active.
|IP Address||Type the self IP address.|
|User name||Type the administrative user name.|
|Password||Type the administrative password.|
|Group||From the Group dropdown list, select Management Group.|
|High Availability Mode||Select Active-Standby.|
BIG-IQ Security forces an automatic failback mechanism in which the Active (Primary) node goes down and the Active (Secondary) node takes over. Subsequently, the Active (Secondary) node may be labeled Active (Secondary). When the Active (Primary) node comes back up, it takes over primary responsibilities automatically, becomes the Active (Primary) node, and synchronizes its configuration with the configuration on the Standby (Secondary) node. Thus, you are guaranteed that no data is lost.