- CheckMates
- :
- Products
- :
- Quantum
- :
- Maestro Masters
- :
- security group management port in dual site
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
security group management port in dual site
Hello,
I'm starting building a dual site, dual MHO infrastructure and I need some tips.
I want to configure a SG cross site, but I don't undestand how to configure management port for it.
In a singole site, dual MHO the documentation (Maestro basic setup) explain how to create a bond active standby using port 1 of both MHO. In this scenario, I have redundancy to access SMO.
But, how to setup it in a SG cross site? Do I need to use port 1 of both MHO of the second site too? So I have 4 port in this bond?
Regards
M
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, magg0 as management bond is relevant for Security Group. As particular SecGrp exists on both sites and ports connections are the same on both sites you are adding / using the same interfaces for both sites.
Mgmt IP is used by SMO Master SGM on active site. You can think about two cases:
- regular Security Group - SMO Master (lowest SGM ID in active site) from active site is using magg0 IP for communication
- VSX Security Group - then it represents magg0 IP for VS0 on active site. No matter if you are using VSX HA or VSLS, there is one site, where SMO Master SGM is active for VS0.
When you create another Security Group then you can create another magg (new interfaces) or share the same magg (create magg with Mgmt interfefaces used by first SecGrp) with different IP address.
BR
Daniel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Setup is the same. On second site you need need to attach corespondig mgmt ports (the same as in site 1). Physical connections should be mirrored between sites.
So configuration prompt is using two interfaces in magg (from site perspective) but in reality consist 4 ports (one Mgmt per MHO).
BR
Daniel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Daniel,
if I understand correctly, the magg0 configuration (make with eth1-Mgmt1 and eth2-Mgmt1) is for Security Gateway, so I don't need to do anything on MHO (both site).
When the magg0 of site2 start to work? In which case?
One more thing, if I install a VSX on this SG, and with VSLS balance some VS on site1 and some other VS on site2, when access on the IP assigned to to the SG witch magg0 I use? Site1 or Site2?
And if I whant to create a second SG on site1 only with another IP, may I create another magg (like magg1) or can I use the same?
How to see this from SG prospective?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, magg0 as management bond is relevant for Security Group. As particular SecGrp exists on both sites and ports connections are the same on both sites you are adding / using the same interfaces for both sites.
Mgmt IP is used by SMO Master SGM on active site. You can think about two cases:
- regular Security Group - SMO Master (lowest SGM ID in active site) from active site is using magg0 IP for communication
- VSX Security Group - then it represents magg0 IP for VS0 on active site. No matter if you are using VSX HA or VSLS, there is one site, where SMO Master SGM is active for VS0.
When you create another Security Group then you can create another magg (new interfaces) or share the same magg (create magg with Mgmt interfefaces used by first SecGrp) with different IP address.
BR
Daniel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Very helful Daniel,
how to find in which site VSX VS0 is active in case of SG cross site?
And, for othes SG if I create a new magg have I to name it as magg0 , magg1, magg2 and so on?
M
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It shoud be enough to use cmd from SecGrp bash: asg stat vs all
No, each SecGrp is isolated from each other so on each you can configure magg0.
BR
Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Many thanks for your support Daniel
Regards
M
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No problem and Good luck with implementation!
BR
Daniel.
