Cisco Cisco Clean Access 3.5
C H A P T E R
14-1
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
14
Configuring High Availability
This chapter describes how to set up a high-availability cluster of Cisco Clean Access Managers. Topics
include:
include:
•
•
•
•
Overview
By deploying Clean Access Managers in high-availability mode, you can ensure that important
monitoring, authentication, and reporting tasks continue in the event of an unexpected shutdown.
monitoring, authentication, and reporting tasks continue in the event of an unexpected shutdown.
The Clean Access Manager high-availability mode is a two-server configuration in which a standby
Clean Access Manager machine acts as a backup to a primary Clean Access Manager machine. While
the primary Manager carries most of the workload under normal conditions, the standby monitors the
primary Manager and keeps its data store synchronized with the primary Manager’s data.
Clean Access Manager machine acts as a backup to a primary Clean Access Manager machine. While
the primary Manager carries most of the workload under normal conditions, the standby monitors the
primary Manager and keeps its data store synchronized with the primary Manager’s data.
If the primary Manager shuts down, or for any reason stops responding to the peer’s “heartbeat” signal,
the standby assumes the role of the primary Manager.
the standby assumes the role of the primary Manager.
Although you specify a primary and standby Cisco Clean Access Manager at configuration time, the
roles are not permanent. If the primary Manager goes down, the standby becomes the primary. When the
original primary Manager restarts, it assumes the backup role.
roles are not permanent. If the primary Manager goes down, the standby becomes the primary. When the
original primary Manager restarts, it assumes the backup role.
Similarly, when it starts up, the Clean Access Manager checks to see if its peer is active. If not, the
starting Manager assumes the primary role. If the peer is active, on the other hand, the starting Manager
becomes the standby.
starting Manager assumes the primary role. If the peer is active, on the other hand, the starting Manager
becomes the standby.
Typically, a new Clean Access Manager is added to an existing Manager to create a high-availability
cluster. In order for the pair to appear to the network and to the Clean Access Servers as one entity, you
must specify a Service IP address to be used as the trusted interface (eth0) address for the cluster. This
Service IP address is also used to generate the SSL certificate.
cluster. In order for the pair to appear to the network and to the Clean Access Servers as one entity, you
must specify a Service IP address to be used as the trusted interface (eth0) address for the cluster. This
Service IP address is also used to generate the SSL certificate.
To create the crossover network on which high-availability information is exchanged, you connect the
eth1 ports of both Managers and specify a private network address not currently routed in your
organization (the default HA crossover network is 192.168.0.252). The Clean Access Manager then
creates a private, secure two-node network for the eth1 ports of each Manager to exchange UDP
heartbeat traffic and synchronize databases. Note that the Clean Access Manager always uses eth1 as the
heartbeat UDP interface.
eth1 ports of both Managers and specify a private network address not currently routed in your
organization (the default HA crossover network is 192.168.0.252). The Clean Access Manager then
creates a private, secure two-node network for the eth1 ports of each Manager to exchange UDP
heartbeat traffic and synchronize databases. Note that the Clean Access Manager always uses eth1 as the
heartbeat UDP interface.