Cisco Cisco Email Security Appliance C690 Mode D'Emploi
35-26
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 35 Centralized Management Using Clusters
Best Practices and Frequently Asked Questions
If there are two or more, as in our example, decide if those two will share any settings with each other
that are not shared with the cluster. In that case, you will be creating one or more groups for them.
Otherwise, you will make machine level settings for each, and do not need to have extra groups.
that are not shared with the cluster. In that case, you will be creating one or more groups for them.
Otherwise, you will make machine level settings for each, and do not need to have extra groups.
In our case we want to run
clusterconfig
from the CLI on any of the machines already in the cluster,
and select ADDGROUP. We will do this twice, once for Paris and once for Rome.
Now you can begin using the GUI and CLI to build configuration settings for the cluster and for ALL
the groups, even if the groups have no machines in them yet. You will only be able to create machine
specific settings for machines after they have joined the cluster.
the groups, even if the groups have no machines in them yet. You will only be able to create machine
specific settings for machines after they have joined the cluster.
The best way to create your override or exceptional settings is to copy the settings from the higher (e.g.
cluster) level down to a lower (e.g. group) level.
cluster) level down to a lower (e.g. group) level.
For example, after creating the cluster our
dnsconfig
settings initially looked like this:
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: No
Group Rome: No
Machine lab2.cable.nu: No
If we "Copy to Group" the DNS settings, it will look like this:
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: Yes
Group Rome: No
Machine lab2.cable.nu: No
Now you can edit the Paris group-level DNS settings, and other machines in the Paris group will inherit
them. Non-Paris machines will inherit the cluster settings, unless they have machine-specific settings.
Besides DNS settings, it is common to create group level settings for SMTPROUTES.
them. Non-Paris machines will inherit the cluster settings, unless they have machine-specific settings.
Besides DNS settings, it is common to create group level settings for SMTPROUTES.
Tip: when using the CLI CLUSTERSET function in various menus, you can use a special option to copy
settings to All Groups, which is not available through the GUI.
settings to All Groups, which is not available through the GUI.
Tip: complete listeners will be automatically inherited from the group or cluster, and you normally only
create these on the first system in the cluster. This reduces administration considerably. However, for
this to work you must name the Interfaces identically throughout your group or cluster.
create these on the first system in the cluster. This reduces administration considerably. However, for
this to work you must name the Interfaces identically throughout your group or cluster.
Once the settings are defined correctly at the group level, you can join machines to the cluster and make
them part of this group. This requires two steps:
them part of this group. This requires two steps:
First, to join our remaining 4 systems to the cluster, we run
clusterconfig
on each. The larger and more
complex the cluster, the longer it takes to join, and this can take several minutes. You can monitor the
joining progress with the LIST and CONNSTATUS sub-commands. After the joins are complete you can
use SETGROUP to move the machines from the Main_Group into Paris and Rome. There is no way to
avoid the fact that initially, all machines added to the cluster inherit the Main_Group settings, not the
Paris and Rome settings. This could affect mail flow traffic if the new systems are already in production.
joining progress with the LIST and CONNSTATUS sub-commands. After the joins are complete you can
use SETGROUP to move the machines from the Main_Group into Paris and Rome. There is no way to
avoid the fact that initially, all machines added to the cluster inherit the Main_Group settings, not the
Paris and Rome settings. This could affect mail flow traffic if the new systems are already in production.