Cisco NAC3350-PROF-K9 - NAC Profiler Server Installation Manual page 126

Installing a Clean Access Manager High Availability Pair
Figure 4-4
Figure 4-4
trusted
network
The Clean Access Manager high-availability mode is an Active/Passive two-server configuration in
which a standby Clean Access Manager machine acts as a backup to an active Clean Access Manager
machine. While the active CAM carries most of the workload under normal conditions, the standby
monitors the active CAM and keeps its data store synchronized with the active CAM's data.
If a failover event occurs, such as the active CAM shuts down or stops responding to the peer's
"heartbeat" signal, the standby assumes the role of the active CAM.
When first configuring the HA peers, you must specify an HA-Primary CAM and HA-Secondary CAM.
Initially, the HA-Primary is the active CAM, and the HA-Secondary is the standby (passive) CAM, but
the active/passive roles are not permanently assigned. If the primary CAM goes down, the secondary
(standby) becomes the active CAM. When the original primary CAM restarts, it assumes the backup role.
Note If both the HA-Primary and HA-Secondary CAMs in your HA deployment lose their configuration, you
can restore the system using the guidelines in the "Restoring Configuration from CAM
Snapshot—HA-CAM or HA-CAS" section of the
Configuration Guide, Release
When the Clean Access Manager starts up, it checks to see if its peer is active. If not, the starting CAM
assumes the active role. If the peer is active, on the other hand, the starting CAM becomes the standby.
You can configure two Clean Access Managers as an HA pair at the same time, or you can add a new
Clean Access Manager to an existing standalone CAM to create a high-availability pair. In order for the
pair to appear to the network as one entity, you must specify a Service IP Address to be used as the
trusted interface (eth0) address for the HA pair. This Service IP address is also used to generate the SSL
certificate.
To create the Heartbeat UDP Interface link over which HA information is exchanged, you connect the
eth1 ports of both CAMs and specify a private network address not currently routed in your organization
(the default Heartbeat UDP interface IP address is 192.168.0.252). The Clean Access Manager then
creates a private, secure two-node network for the eth1 ports of each CAM to exchange UDP heartbeat
traffic and synchronize databases.
Cisco NAC Appliance Hardware Installation Guide
4-6
illustrates a sample configuration.
Clean Access Manager Example High-Availability Configuration
10.201.2.100
eth0
Service IP
Address
10.201.2.102
Secondary CAM
eth0
10.201.2.101
4.8(3).
Chapter 4
eth1
192.168.0.253
Primary CAM
rjcam_1
(Optional)
Heartbeat UDP
Interface 2 or 3
rjcam_2
192.168.0.254
eth1
Cisco NAC Appliance - Clean Access Manager
Configuring High Availability (HA)
Heartbeat UDP
Interface
- UDP heartbeat
- DB sync
192.168.0.252
(specify
network portion
of address in
web console)
OL-20326-01