Cisco Cisco Email Security Appliance C680 User Guide
8-28
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 8 Centralized Management
General Questions
Q. Are log files aggregated within centrally managed machines?
A. No. Log files are still retained for each individual machines. The Security Management appliance
can be used to aggregate mail logs from multiple machines for the purposes of tracking and
reporting.
can be used to aggregate mail logs from multiple machines for the purposes of tracking and
reporting.
Q. How does User Access work?
A. The Cisco IronPort appliances share one database for the entire cluster. In particular, there is only
admin
account (and password) for the entire cluster.
Q. How should I cluster a data center?
A. Ideally, a data center would be a “group” within a cluster, not its own cluster. However, if the data
centers do not share much between themselves, you may have better results with separate clusters
for each data center.
centers do not share much between themselves, you may have better results with separate clusters
for each data center.
Q. What happens if systems are offline and they reconnect?
A. Systems attempt to synchronize upon reconnecting to the cluster.
Network Questions
Q. Is the centralized management feature a “peer-to-peer” architecture or a “master/slave” architecture?
A. Because every machine has all of the data for all of the machines (including all machine-specific
settings that it will never use), the centralized management feature can be considered a peer-to-peer
architecture.
settings that it will never use), the centralized management feature can be considered a peer-to-peer
architecture.
Q. How do I set up a box so it is not a peer? I want a “slave” system.
A. Creating a true “slave” machine is not possible with this architecture. However, you can disable
the HTTP (GUI) and SSH/Telnet (CLI) access at the machine level. In this manner, a machine
without GUI or CLI access only be configured by clusterconfig commands (that is, it can never be
a login host). This is similar to having a slave, but the configuration can be defeated by turning on
login access again.
the HTTP (GUI) and SSH/Telnet (CLI) access at the machine level. In this manner, a machine
without GUI or CLI access only be configured by clusterconfig commands (that is, it can never be
a login host). This is similar to having a slave, but the configuration can be defeated by turning on
login access again.
Q. Can I create multiple, segmented clusters?
A. Isolated “islands” of clusters are possible; in fact, there may be situations where creating them
may be beneficial, for example, for performance reasons.
may be beneficial, for example, for performance reasons.
Q. I would like to reconfigure the IP address and hostname on one of my clustered appliances. If I do
this, will I lose my GUI/CLI session before being able to run the reboot command?
this, will I lose my GUI/CLI session before being able to run the reboot command?
Follow these steps:
a.
Add the new IP address
b.
Move the listener onto the new address
c.
Leave the cluster
d.
Change the hostname
e.
Make sure that oldmachinename does not appear in the
clusterconfig
connections list when
viewed from any machine
f.
Make sure that all GUI sessions are logged out
g.
Make sure that CCS is not enabled on any interface (check via
interfaceconfig
or Network >
Listeners)