Applies To:

Show Versions Show Versions

Manual Chapter: FirePass Administrator Guide 4.0: Configuring FirePass Failover Servers and Cluster Servers
Manual Chapter
Table of Contents   |   << Previous Chapter



7

Configuring FirePass Failover Servers and Cluster Servers


Using FirePass failover servers

The Failover feature provides fault tolerance and guarantees that at least one server in a failover pair is accessible to users in the unlikely event of a server failure. The failover pair (an active server and a standby server) provide hot, stateful failover without session interruption or termination. If the active server has a failure, all session data is automatically preserved. The failover transfer process to the standby server is usually transparent to users, although occasionally a new session initiated since the most recent synchronization update may need to be restarted.

The active and standby servers communicate with each other using a heartbeat. Each server can detect when the other server fails, and in case of failure it automatically restarts applications on the operating server. The standby server uses IP takeover to take over sessions if the active server has a failure.

Installing FirePass failover servers

All FirePass servers are licensed initially as standalone servers. If you want to configure a pair of failover servers, you need to obtain new licenses. Contact your sales representative or Technical Support, and provide them with the serial numbers of the servers to be configured as a failover pair, or request a new license for each server by navigating to Server/Settings and clicking the link to request a new license. For more information, see Managing FirePass licenses.

If you are installing two single-NIC FirePass servers in failover pairs, simply connect the servers to the network.

If you are connecting two dual-NIC FirePass servers in failover pairs, connect the same corresponding NICs to the same subnet on both servers. For example, connect the internal NIC on both servers to the same subnet.

Note


For dual-NIC servers, the public subnet should always be associated with the NIC configured as eth0, and the private subnet should always be associated with the NIC configured as eth1. For more information, see Maintaining the network configuration settings.

 

Configuring the IP addresses for failover servers

For two single-NIC failover servers, you need at least three static IP addresses: one IP address for the NIC in each server, and a "virtual" IP address for the failover pair itself.

For two dual-NIC failover servers, you need at least five static IP addresses: two IP addresses for each server's NICs, and a virtual IP address for the failover pair itself.

To add or change the IP addresses in the failover pair, you specify the IP addresses in the IP configuration panel for both servers. (For information on accessing the IP configuration panel, see Configuring IPSec for the FirePass server.)

These addresses must be configured for both failover servers:

  • One Server IP Address setting in the IP configuration panel must be a virtual IP address for the failover pair. The same Server IP Address must be set in both failover servers. For example, the Server IP address might be set to 10.4.10.190/24 in both failover servers.

  • Configure your DNS server to map a fully qualified domain name to the virtual IP address. For example, you might configure the DNS server to map the fully qualified domain name, server-name.company.com, to the virtual IP address, 10.4.10.190/24. The active server in the failover pair is the one that responds to requests that resolve to the Server IP Address.

  • Configure the Local Name:Port setting in both computers. The Local Name:Port setting in the Failover configuration panel is the IP address and port of the NIC in each server. This address must be unique in each server in the failover pair. Note that the Local Name IP addresses for the two failover servers must be on the same subnet. For example, the Local Name IP address might be set to 10.4.10.191/24 in one of the failover servers, and the Local Name IP address might be set to 10.4.10.192/24 in the other failover server.

    If you change the Local Name IP address for either server, you must specify the same Local Name IP address for the server in the Configure Failover Pair panel. For more information, see Configuring the failover settings.

Powering up failover servers

When you power up failover servers for the first time, the first server you start automatically becomes the active server and uses the virtual IP address. The other server becomes the standby server. The two servers remain in this state until either the active server fails and the standby server takes over, or until you restart the active server and the standby server becomes the active server.

If both servers are powered up simultaneously, the server with the lexically-lower name is the Active server. For example, Prowler1 has precedence over Prowler2.

Configuring the failover settings

To configure the failover settings

To configure servers as members of a failover pair, you must configure both:

  • Identical virtual IP addresses for their respective NICs

  • Reciprocal physical IP addresses for their heartbeat settings

Failover virtual IP configuration

To serve as a member of a failover pair, the server must have a virtual IP address configured for each NIC. This virtual address must be shared with the corresponding NIC of the other member of the failover pair. This is what links them as members of a failover pair. If you have not already done so, add a virtual IP address for each NIC, using the Server/Maintenance/Network Configuration/IP Config screen on each server.

A failover pair must also have reciprocal settings for their respective heartbeat configurations.

Failover heartbeat configuration

The current active member of a failover pair sends regular "I am alive" signals, or heartbeats, to the standby member of the pair. Heartbeat settings tell this server what IP address and port to use for the heartbeat while it is the active member of the pair. The destination of the signal must be the other member of the failover pair.

Ordinarily you provide heartbeat settings for each NIC on one server, and then you make corresponding, reciprocal entries for each corresponding NIC on the other server member of this failover pair.

Note


Failover screens and links are visible only if you have a Failover license installed.

 

To configure the heartbeat settings
  1. Under the Server tab on the left side of the Administrative Console, click the Maintenance link.

  2. Click the Network Configuration link.

  3. Click the Failover link at the top of the screen.

  4. Use this screen to configure the heartbeat settings for this server to use when it is serving as the active member of the pair. Specify the Device (the Ethernet interface, or NIC) you are configuring and the UDP port to use for sending the active-node heartbeat.

    • The Remote IP address must be a physical (not virtual) IP address of the corresponding NIC of the other member of the failover pair.

    • The Local IP address is a physical (not virtual) IP address of this NIC on this server. Select the address to be used in the heartbeat signal.

      Note


      Note: Your changes do not take effect until you commit them using the Finalize screen.

Making a standby server the active server

To make a standby server the active server
  1. Using a Web browser, enter the fully qualified domain name for the failover server pair and log in as Administrator.
    The active server responds to the request.

  2. Under the Failover tab on the left side of the Administrative Console, click the Settings link.

  3. Click the Restart This Node button.
    The current server restarts as the standby server, and the standby server takes over as the active server.

Using FirePass server clusters

FirePass 4000 servers (or failover pairs of servers) can be clustered to support many concurrent connections on a single logical URL without performance degradation. Load balancing distributes the sessions among the available servers to maximize throughput.

Each server (or failover pair) in the cluster must have a valid certificate and be publicly accessible from outside the LAN using its own unique fully-qualified domain name.

The master node distributes configuration updates (for example, available system resources, new authorized users, and current user access rights) to the slaves, once per minute. This synchronization allows any slave to service any user session.

Clustered servers do not share session information. Each session is established with a single server.

The master server in a cluster balances the load among slaves by redirecting sessions to slaves. To make this possible, the slaves report their number of currently active sessions as a part of the synchronization process.

You cannot change some configuration settings on slave servers. These changes must be made on the master, so they are replicated across all slaves during synchronization. When you use the Administration Console to connect to a slave server, the configuration options that you cannot change in slave servers are not available. For example, you cannot change user and group account information in the slave servers, and consequently the Users tab is not displayed when you connect to a slave server. To make global configuration changes to a cluster, always connect to the master server. The configuration information flows from the master to the slaves.

Installing multiple FirePass servers as a cluster

To connect several FirePass servers as a cluster, connect the primary NICs to the same subnet unless they are installed in different geographic locations.

Powering up FirePass server clusters

Whenever you power up the server cluster, always power up the master server first. If the master server is not available when the slave servers power up, then the cluster does not work properly.

Configuring FirePass server clusters

A cluster consists of one master node and up to nine optional slave nodes. The master node is responsible for handling incoming connections and redirecting each session to an available slave. The master node is also responsible for maintaining configuration information on itself and all slave nodes. The master itself can also function as an available slave.

Preliminary configuration

Clustering licenses

To configure this server as a member of a cluster, you must first have installed a license that enables clustering, and that indicates the role of this server (as a master or slave). Go to Server/Settings and click the Request a new license link, or contact your sales representative or technical support contact for assistance. For more information about licensing, see Managing FirePass licenses.

Synchronization services

To allow your clustered servers to remain synchronized, you must also have configured at least one Synchronization service on each server in the cluster. To configure a service for synchronization, navigate to Server/Network Configuration/Web Services. For more about configuring services, see Configuring services.

Load balancing

To configure Load Balancing, you must also have defined at least one User service allowing HTTP access -- that is, a service available for user access from outside the network -- on each server node of the cluster.

To configure an available User service, navigate to Maintenance/Network Configuration/Web Services. For more about configuring services, see Configuring services.

You also can configure the method, or algorithm, FirePass uses to distribute sessions. FirePass can assign sessions randomly among the slave servers, or it can maintain an even session count among them.

To change the load balancing algorithm, go to the Clustering tab at the left of the Administrative Console, and click Settings. Choose Random for random assignment of sessions. Choose Off for even distribution of session counts.

Configuring clustered servers

Note


Clustering screens and links are visible only if you have a Clustering license installed.

 

To configure internal synchronization
  1. Under the Server tab on the left side of the Administrative Console, click the Maintenance link.

  2. Click the Network Configuration link.

  3. Click the Clustering link at the top of the screen.

  4. Configure the Service on master by selecting the Synchronization service to use from the pick list.

  5. Configure the slave n services by entering the name and ports of Synchronization services configured on the corresponding slave servers, for each listed service on the master.

To configure Load Balancing
  1. Under the Server tab on the left side of the Administrative Console, click the Maintenance link.

  2. Click the Network Configuration link.

  3. Click the Clustering link at the top of the screen.

  4. Complete the Load Balancing table, as follows:

    • If this is the master in a cluster, the screen displays a table with a column for each node in the cluster, beginning with the master. Each row corresponds to an HTTP-enabled User service on the master.
      In each cell of each slave column, enter the host name and port of a User Service on the respective slave.

    • If this is a slave in a cluster, the screen displays a table with two columns: the first column for this server, and the second for the master node. Each row corresponds to one HTTP-enabled User service on this server. Use the second column to associate this service with a service on the master.
      For each listed service on the slave, enter the host name and port of an HTTP-enabled User service configured on the master.

Note


All of these entries should be reciprocal between each node pair. That is, the configuration on this server should match the corresponding entries on the other member of each master/slave pair of services.

 

These settings do not take effect until you have committed them using the Finalize screen.

Accessing a slave server's configuration while connected to a master server

You can access a slave server's configuration while you are connected to a master server using the Administrative Console.

To access a slave server's configuration while connected to a master server
  1. Use the Administrative Console to connect to the master server in the cluster.

  2. Under the Clustering tab on the left side of the Administrative Console, click the slave Admin link.

  3. Click the link for the slave server that you want to access.
    The Administrative Console accesses the slave server and displays the slave server's settings within the console window.

  4. Under the Clustering tab on the left side of the Administrative Console, click the Settings link. The slave Settings panel for the master server appears.

    Note


    To return to the master server, enter the fully qualified domain name for the master server in your Web browser and then log in.

     

Displaying statistics for a FirePass server cluster

You can display operational statistics for a server cluster in near-real time. The statistics include the number of sessions active on the servers, the average bitrate and CPU load, and the time of the most recent master-slave synchronization.

To display statistics for a FirePass server cluster
  1. Use the Administrative Console to connect to the master FirePass server in the cluster.

  2. Under the Clustering tab on the left side of the Administrative Console, click the Stats link.



Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)