Simple High Availability Configuration; Extended High Availability Configuration; Other Configuration Options - Juniper NETWORK AND SECURITY MANAGER 2010.4 - INSTALLATION GUIDE REV1 Installation Manual

Simple High Availability Configuration

Extended High Availability Configuration

Other Configuration Options

Copyright © 2010, Juniper Networks, Inc.
Server would not result in the loss of log information as the Device Server can continue
to communicate with firewalls. You can also tailor the choice of hardware to the needs
of each service (typically large RAM for GUI Server and large disk capacity for the Device
Server).
You can also install and configure the management system to provide for high availability.
This configuration option is recommended to minimize the impact of unplanned server
outages.
To implement the management system for high availability, you need to install two
physical servers: a primary server that runs on a server machine in active mode; and a
secondary server that runs on a different server machine in standby mode. Upon the
failure of any service on the primary server (or a hardware fault which results in the same
effect) would cause both the GUI Server and Device Server to fail over to the standby
server. The added benefit is automatic recovery of management service resulting in fewer
lost firewall logs and reduced administrative down time. Note that the device logs would
not be replicated to the peer server (only the config database).
During the installation or upgrade process, the installer script prompts you to specify
whether or not you want the current server machine to participate in an HA cluster. If you
choose to do so, the installer script prompts you to configure additional parameters
enabling the high availability features on the management system.
NOTE: The NSM appliances can run in a simple high-availability configuration
for fault tolerance.
The extended high availability configuration is the most extensive and complex
configuration but has the greatest protection against component failure. A failure of the
primary Device Server would cause failover to the standby Device Server. This new Device
Server would attempt connection with the primary GUI Server. Failure of a GUI Server
would also cause failover to the standby GUI Server. The current Device Server would
attempt to connect to the standby GUI Server after a timeout period. In this configuration
the failure of a single component has minimal impact on the system as a whole. In
addition, the distributed system gives each service more system resource.
For more information about installing the management system for high availability, see
"High Availability Overview" on page 71.
In addition to scale and fault tolerance, other configuration options include:
Chapter 1: Introduction
9