Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 203

Chapter 4: Adding Devices
Secure Access clusters and Infranet Controller clusters can be configured by the device
administrator to operate in active/passive mode or in active/active mode. Clusters in
active/passive mode are made up of a primary member and a secondary member. All
traffic flows through the primary member. If the primary member fails, then the secondary
member takes over.
In active/active mode, traffic is load-balanced across all cluster members. If one member
fails, then load balancing takes place among the surviving members.
The number of members permitted in a cluster is different for Secure Access and Infranet
Controller clusters, and also depends on whether the cluster is configured in active/active
mode or in active/passive mode. You can have no more than two cluster members in
active/passive mode. In active/active mode you can have up to eight members in a Secure
Access cluster, or up to four members in an Infranet Controller cluster.
Before you can activate a cluster member in NSM, the device administrator must have
already created the cluster and added, configured, and enabled the physical cluster
member. See the Secure Access Administration Guide or the Unified Access Control
Administration Guide for details on creating and configuring these clusters.
Secure Access or Infranet Controller devices configured in a cluster must have a cluster
object and member objects defined in NSM before Secure Access or Infranet Controller
cluster nodes can be recognized by NSM. Nodes from this cluster that subsequently
contact NSM will be represented by fully functional member icons in the Cluster Manager.
Cluster members whose NSM agents do not contact NSM will be displayed in NSM device
monitor as unconnected devices.
Secure Access or Infranet Controller devices use member IDs to identify each cluster
member object. When importing cluster members, the member ID is imported as part of
the cluster, so the Add Cluster Member wizard does not prompt for the member ID.
To add a Secure Access or Infranet Controller cluster to NSM, first add the cluster object,
and then add its members. You add cluster members one at a time, in a similar manner
to adding standalone devices. You can add and import devices with dynamic IP addresses.
NSM does not support importing Secure Access or Infranet Controller cluster members
with static IP addresses.
NOTE: Adding a cluster and adding a cluster member have no effect on the cluster
itself. The cluster and cluster members must already exist.
Once a Secure Access or Infranet Controller cluster is managed by NSM, subsequent
changes applied to the cluster by NSM will be synchronized by the cluster across all
cluster members. Similarly, changes to Secure Access or Infranet Controller cluster
membership that occur via administrator action on the native device UI will be reflected
back to NSM, and NSM will display the modified cluster.
For an examples of adding clusters in NSM, see "Example: Adding and Importing a Cluster"
on page 158.
Copyright © 2010, Juniper Networks, Inc. 153