Cisco Cisco Email Security Appliance X1070 Guia Do Utilizador
38-26
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 38 Centralized Management Using Clusters
Best Practices and Frequently Asked Questions
Procedures: Configuring an Example Cluster
To configure this example cluster, log out of all GUIs on all machines before running
clusterconfig
.
Run
clusterconfig
on any one of the primary site machines. You will then join to this cluster only the
other local and remote machines that need the maximum possible shared settings (allowing for the
machine only-settings like IP address). The
machine only-settings like IP address). The
clusterconfig
command cannot be used to join a remote
machine to the cluster — you must use the CLI on the remote machine and run
clusterconfig
(“join an
existing cluster”).
In our example above we log in to lab1, run
clusterconfig
and create a cluster called CompanyName.
We have only one machine with identical requirements, so we log in to lab2, and
saveconfig
the existing
configuration (it will be drastically altered when it inherits most of lab1 settings.) On lab2 we can then
use
use
clusterconfig
to join an existing cluster. Repeat if you have additional machines at this site needing
similar policies and settings.
Run CONNSTATUS to confirm that DNS resolves correctly. As machines are joined to the cluster, the
new machines inherit almost all of their settings from lab1 and their older settings are lost. If they are
production machines you will need to anticipate if mail will still be processed using the new
configuration instead of their previous configuration. If you remove them from the cluster, they will not
revert to their old, private configs.
new machines inherit almost all of their settings from lab1 and their older settings are lost. If they are
production machines you will need to anticipate if mail will still be processed using the new
configuration instead of their previous configuration. If you remove them from the cluster, they will not
revert to their old, private configs.
Next, we count the number of exceptional machines. If there is only one, it should receive a few extra
machine level settings and you will not need to create an extra group for it. Join it to the cluster and begin
copying settings down to the machine level. If this machine is an existing production machine you must
back up the configuration and consider the changes to mail processing as above.
machine level settings and you will not need to create an extra group for it. Join it to the cluster and begin
copying settings down to the machine level. If this machine is an existing production machine you must
back up the configuration and consider the changes to mail processing as above.
If there are two or more, as in our example, decide if those two will share any settings with each other
that are not shared with the cluster. In that case, you will be creating one or more groups for them.
Otherwise, you will make machine level settings for each, and do not need to have extra groups.
that are not shared with the cluster. In that case, you will be creating one or more groups for them.
Otherwise, you will make machine level settings for each, and do not need to have extra groups.
In our case we want to run
clusterconfig
from the CLI on any of the machines already in the cluster,
and select ADDGROUP. We will do this twice, once for Paris and once for Rome.
Now you can begin using the GUI and CLI to build configuration settings for the cluster and for ALL
the groups, even if the groups have no machines in them yet. You will only be able to create machine
specific settings for machines after they have joined the cluster.
the groups, even if the groups have no machines in them yet. You will only be able to create machine
specific settings for machines after they have joined the cluster.
The best way to create your override or exceptional settings is to copy the settings from the higher (e.g.
cluster) level down to a lower (e.g. group) level.
cluster) level down to a lower (e.g. group) level.
For example, after creating the cluster our
dnsconfig
settings initially looked like this:
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: No
Group Rome: No
Machine lab2.cable.nu: No
If we "Copy to Group" the DNS settings, it will look like this:
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: Yes