Cisco Cisco Email Security Appliance C160 Mode D'Emploi
38-29
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 38 Centralized Management Using Clusters
Best Practices and Frequently Asked Questions
A. Creating a true “slave” machine is not possible with this architecture. However, you can disable
the HTTP (GUI) and SSH/Telnet (CLI) access at the machine level. In this manner, a machine
without GUI or CLI access only be configured by clusterconfig commands (that is, it can never be
a login host). This is similar to having a slave, but the configuration can be defeated by turning on
login access again.
the HTTP (GUI) and SSH/Telnet (CLI) access at the machine level. In this manner, a machine
without GUI or CLI access only be configured by clusterconfig commands (that is, it can never be
a login host). This is similar to having a slave, but the configuration can be defeated by turning on
login access again.
Q. Can I create multiple, segmented clusters?
A. Isolated “islands” of clusters are possible; in fact, there may be situations where creating them
may be beneficial, for example, for performance reasons.
may be beneficial, for example, for performance reasons.
Q. I would like to reconfigure the IP address and hostname on one of my clustered appliances. If I do
this, will I lose my GUI/CLI session before being able to run the reboot command?
this, will I lose my GUI/CLI session before being able to run the reboot command?
Follow these steps:
a.
Add the new IP address
b.
Move the listener onto the new address
c.
Leave the cluster
d.
Change the hostname
e.
Make sure that oldmachinename does not appear in the
clusterconfig
connections list when
viewed from any machine
f.
Make sure that all GUI sessions are logged out
g.
Make sure that CCS is not enabled on any interface (check via
interfaceconfig
or Network >
Listeners)
h.
Add the machine back into the cluster
Q. Can the Destination Controls function be applied at the cluster level, or is it local machine level only?
It may be set at a cluster level; however, the limits are on a per-machine basis. So if you limit to 50
connections, that is the limit set for each machine in the cluster.
connections, that is the limit set for each machine in the cluster.
Planning and Configuration
Q. What can I do to maximize efficiency and minimize problems when setting up a cluster?
1.
Initial Planning
–
Try to configure as many things as possible at the cluster level.
–
Manage by machines only for the exceptions.
–
If you have multiple data centers, for example, use groups to share traits that are neither
cluster-wide nor necessarily machine-specific.
cluster-wide nor necessarily machine-specific.
–
Use the same name for Interfaces and Listeners on each of the appliances.
2.
Be aware of restricted commands.
3.
Pay attention to interdependencies among settings.
For example, the
listenerconfig
command (even at the cluster level) depends on interfaces that
only exist at a machine level. If the interface does not exist at the machine level on all machines in
the cluster, that listener will be disabled.
the cluster, that listener will be disabled.
Note that deleting an interface would also affect
listenerconfig
.
4.
Pay attention to your settings!