6.4 Managing a Cluster of Access Gateways

Most of the configuration tasks are the same for a single Access Gateway and a cluster of Access Gateways. This section describes the tasks that are specific to managing the servers in a cluster:

For information about monitoring the health or statistics of a cluster, see Section 4.8.3, Viewing the Health of an Access Gateway Cluster and Section 4.5, Viewing Cluster Statistics.

6.4.1 Creating a New Cluster

  1. In the Administration Console, click Access Manager > New Cluster.

  2. Fill in the following fields:

    Cluster Name: Specify a display name for the cluster.

    Type: Select the type of cluster you want to create: Gateway Appliance or Gateway Service.

    Primary Cluster Server: Select the server that is to be the primary server in the cluster. This field is empty until you have selected one or more servers to be members of the cluster.

  3. In the Server Name list, select the servers that you want to be members of the cluster.

    You can create a cluster of one, and add additional servers later.You cannot create a cluster that contains Access Gateway Appliances and Access Gateway Services. The cluster can contain only one type of Access Gateway.

    Each server you add to the cluster adds about 30 seconds to the time it takes to configure the cluster because certificates must be synchronized and configuration options must be sent to that server. If you create a very large cluster of twenty servers, it can take up to ten minutes to configure and create the cluster.

  4. Select the server you want to be the Primary Cluster Server.

  5. Click OK.

  6. After the cluster has been created, each server in the cluster needs be restarted. On the Access Gateways page, click Update All by the name of the cluster.

  7. For information on additional required configuration tasks, see Clustering Access Gateways in the Novell Access Manager 3.1 SP2 Setup Guide.

6.4.2 Managing the Servers in the Cluster

To view the servers that are currently members of clusters:

  1. In the Administration Console, click Devices > Access Gateways.

    The members of a cluster are listed under the cluster name. The red double dagger symbol identifies the server that is the primary cluster server.

  2. To add a server to a cluster, select the server, then click Actions > Assign to Cluster > [Name of Cluster].

    A cluster cannot contain both Access Gateway Appliances and Access Gateway Services. The cluster can contain only one type of Access Gateway.

  3. To remove a server from a cluster, select the server, then click Actions > Remove from Cluster.

    Usually when you delete a server from a cluster, you have discovered that traffic is lighter than anticipated and that it can be handled with fewer machines while another cluster is experiencing higher traffic and can benefit from having another cluster member. When the server is removed, its configuration object maintains all the configuration settings from the cluster. When it is added to a new cluster, its configuration object is updated with the configuration settings of the new cluster. If your clusters are behind an L4 switch, you need to reconfigure the switch so that the server is assigned to the correct cluster.

    When a server is removed from a cluster, its Embedded Service Provider is stopped. If you are not going to assign it to another cluster, you need to reconfigure the server so that it is protecting resources other than the ones it protected in the cluster. When you apply the changes by clicking Update, the Embedded Service Provider is restarted.

    You cannot remove the primary cluster server unless it is the only server in the cluster. If you need to remove the primary cluster server from a multiple server cluster, you need to assign another the server to be the primary cluster server.

  4. To modify which server is the primary cluster server, see Section 6.4.5, Changing the Primary Cluster Server.

  5. To view detailed information about a server in the group, click the name of the server.

  6. To view detailed health information about a server, click the health icon of the server. For more information, see Section 4.8.2, Monitoring the Health of an Access Gateway.

  7. Click Close.

6.4.3 Managing Cluster Details

Use the Cluster Details page to perform general maintenance actions on the selected cluster and to display server information about the selected cluster.

  1. In the Administration Console, click Devices > Access Gateways > [Cluster Name].

  2. View the following fields:

    Name: Specifies the name of the cluster.

    Description: Specifies the purpose of the cluster. This is optional, but useful if your network has multiple Access Gateway clusters. If the field is empty, click Edit to add a description.

    Primary Server: Indicates which server in the cluster has been assigned to be the primary server.

  3. To modify the information, click Edit. For more information, see Section 6.4.4, Editing Cluster Details.

  4. To select a different Access Gateway to be the primary cluster member, click Edit.

  5. To modify details about a cluster member, click the server name in the Cluster member list.

  6. Click Close.

6.4.4 Editing Cluster Details

Use the Cluster Detail Edit to change the name of the cluster and assign a different server to be the primary cluster member.

  1. In the Administration Console, click Devices > Access Gateways > [Cluster Name] > Edit.

  2. Modify the following fields:

    Name: Specify a name for the cluster.

    Description: Specify the purpose of the cluster. This is optional, but useful if your network has multiple Access Gateway clusters.

    Primary Server: Indicates which server in the cluster has been assigned to be the primary server. To change this assignment, select the server from the drop-down list. For more information on this process, see Section 6.4.5, Changing the Primary Cluster Server.

  3. Click OK.

6.4.5 Changing the Primary Cluster Server

If the current primary cluster server is down and will be down for an extended period of time, you should select another server to be the primary cluster server

  1. In the Administration Console, click Devices > Access Gateways > [Name of Cluster] > Edit.

    Editing Cluster Details

  2. In the Primary Server drop-down list, select the name of a server, then click OK.

    Please be patient. Wait until this configuration change has completed, before doing any other configuration updates.

  3. To update the Identity Server, click Identity Servers > Update.

6.4.6 Applying Changes to Cluster Members

When you are configuring services of the Access Gateway, the OK button saves the change to browser cache except on the Configuration page. The Configuration page (Devices > Access Gateways > Edit) provides a summary of the changes you have made. The Cancel Change column allows you to cancel changes to individual services. When you click OK, the changes are saved to the configuration datastore, and you no longer have the option to cancel changes to individual services.

If you don’t save the changes to the configuration datastore and your session times out or you log out, any configuration changes that are saved to browser cache are flushed. These changes cannot be applied to other members of the cluster because they are no longer available. To prevent this from happening, save the changes to the configuration datastore.

It is especially important to save the changes to the configuration datastore when you select to update individual members one at a time rather than update all members of the cluster at the same time. Updating members one at a time has the following benefits:

  • When you update all servers at the same time, the site goes down until one server has finished updating its configuration. If you update the cluster members one at a time, only the member that is updating its configuration becomes unavailable.

  • If you update the servers one at time, you can verify that the changes are behaving as expected. After testing the configuration on one server, you can then apply the saved changes to the other servers in the cluster. If you decide that the configuration changes are not behaving as expected, you can revert to the previously applied configuration. See Reverting to a Previous Configuration

Some configuration changes cannot be applied to individual cluster members. For a list of these changes, see Modifications Requiring an Update All.

Reverting to a Previous Configuration

If you have updated only one server in the cluster, you can use the following procedure to revert back to the previous configuration.

  1. Remove the server that you have applied the configuration changes from the cluster.

  2. Access the Configuration page for the cluster, then click Revert.

    The servers in the cluster revert to the last applied configuration.

  3. Add the removed server to the cluster.

    The server is configured to use the same configuration as the other cluster members.

Modifications Requiring an Update All

When you make the following configuration changes, the Update All option is the only option available and your site is unavailable while the update occurs:

  • If you change the Identity Server configuration that is used for authentication (Access Gateways > Edit > Reverse Proxy/Authentication, then select a different value for the Identity Server Cluster option).

  • If you select a different reverse proxy to use for authentication (Access Gateways > Edit > Reverse Proxy/Authentication, then select a different value for the Reverse Proxy option).

  • If you modify the protocol or port of the authenticating reverse proxy (Access Gateways > Edit > Reverse Proxy/Authentication > [Name of Reverse Proxy], then change the SSL options or the port options).

  • If you modify the published DNS name of the authentication proxy service (Access Gateways > Edit > Reverse Proxy/Authentication > [Name of Reverse Proxy] > [Name of First Proxy Service], then modify the Published DNS Name option).