Ha Failover - Juniper NETWORK AND SECURITY MANAGER 2010.4 - INSTALLATION GUIDE REV1 Installation Manual

Network and Security Manager Installation Guide
74
Objects such as PKI info and configuration data for the Device Server are synchronized.
This action allows the secondary Device Server to have the information it needs to accept
connections from managed devices and to create SSP connections to the GUI Server.
Without the synchronization process, the secondary Device Server would not have the
same private key as the primary (in this case, if it attempts a connection to the GUI Server,
the SSP connection would be refused). This fact is important as it shows that a successful
synchronization process must take place at least once after installation before the
secondary Device Server can take over. A failover before the first synchronization (or
before the first successful connection to the GUI Server) could cause serious problems.
After the installation process, you must check that this action has occurred.
Non-database files synchronization is performed automatically when the standby server
comes up. Failover is disabled until first time synchronization finishes.
Some directories are excluded from the synchronization process. For example, the
directory on the Device Server where log data is stored is excluded because of the
potentially large size of your device log data. The complete list of directories that are
excluded from the synchronization process are listed in a text file called:
/usr/netscreen/HaSvr/var/exclude.rsync
NOTE: If you want the standby Device Server to access log data also on the
active Device Server, you must connect both servers to an external shared
disk.
NOTE: Rsync uses a temporary SSH connection to the peer server to perform
the incremental backups. During synchronization, two SSH connections are
open for the time it takes to complete the backup.

HA Failover

During normal operations, both the primary and secondary management systems monitor
the health of the other using a series of heartbeat communications. The HA Server sends
heartbeat messages over the UDP 7802 channel between itself and its peer. It also pings
an external device (normally the IP address of the network gateway) that you configure
during installation. This action is in addition to monitoring the services running on itself.
Based on information the HA Server gathers about itself and its peer, it starts or stops
all the services that reside on that machine.
Each server sends a heartbeat message to the other server every 15 seconds. If a series
of consecutive heartbeat messages is not received by the primary server, the HA Server
stops all services, and informs its peer of the problem. The peer HA Server then starts all
its services. So for example, if you are running the primary GUI Server and Device Server
on Server1 and the secondary GUI Server and Device Server on Server 2; and the primary
GUI Server fails—both the primary GUI Server and primary Device Server on Server1 are
shut down; and both the secondary GUI Server and Device Server on Server 2 start up.
Copyright © 2010, Juniper Networks, Inc.