Security

Hi,

 

We have CP-VA-5k in location 1 & CP-VA-500 in location 2. Connectivity between them is P2P and both CPPM share different subnet IP address. We are now looking to merge both CPPM together to acheive redundancy & so that lisenses would be shared among cluster. Please help on below queries:-

 

1) Can the cluster be formed as both CPPM in both locations share diff subnet IP address.

2) Initially respective location's auth traffic should go to respective location's CPPM. but during failover it should fall back to other location's CPPM i.e. if location 1 goes down then send auth traffic to location 2 and vice versa. How can we achieve this?

3) If cluster is being formed, will the policy manager license merge. i.e. 5k+500 so in all 5500 policy manager licenses & 25+25 enterprice licenses are available in the cluster.

 

thanks in advance.

1) Can the cluster be formed as both CPPM in both locations share diff subnet IP address.
Yes as long as you don't need to setup a VIP
2) Initially respective location's auth traffic should go to respective location's CPPM. but during failover it should fall back to other location's CPPM i.e. if location 1 goes down then send auth traffic to location 2 and vice versa. How can we achieve this?
In the controller you can create a Server group with both servers (active/standby)
3) If cluster is being formed, will the policy manager license merge. i.e. 5k+500 so in all 5500 policy manager licenses & 25+25 enterprice licenses are available in the cluster.
The base licenses are not shared between servers meaning that one server will have 5000 and the other 500 but the enterprise will (50) , in case of failing over the auth from the 5k to 500 is not going to work properly

Mohann,

 

Also worth you taking a look at this TechNote on the subject of clustering

 

CPPM TechNote - Clustering Design Guidelines V1