IPS high-availability Solution
Hi all
obligation to have redundancy for appliance IPS placed on data center design, I dug on Cisco docs but found the resilience and the HA (High Availability) from the point of view of IPS could take place in the side of switches (HSRP/Eth channel balance).
is there a visible way to implement high availability of dynamically!
Kind regards
Belal
Yes Belal, both of the things mentioned by you are right. There is no function available which allows "failover" communications between IPS two boxes as do Cisco firewalls.
Yes Etherchannel load balance traffic to each pair of IP from sensor single src - dst.
Concerning
Farrukh
Tags: Cisco Security
Similar Questions
-
High availability with two 5508 WLAN controllers?
Hi all
We are considerung to implement a new wireless solution based on Cisco WLC 5508 and 1262N Access Points. We intend to buy about 30 access points and have two options: either buy a WLC 5508-50 or, for redundancy to, two controllers 5508-25.
Is it possible to configure two WLC 5508 as a high availability solution, so that all access points are distributed on the two WLCs and during breaks WLC one another case manages all the APs?
If we have 30 access points, and one of the two WLC 5508-25 breaks of course that not all access to 30 but only 25 points can be managed by one remaining. Is there some sort of control to choose the access points must be managed and which do not?
How does such a configuration looks like in general, is the implementation of an installation of two controller quite complex or simple?
Thank you!
Michael
Hi Michael,
Do not forget that the 5508 works with a system of licensing. The hardware can support up to 500 APs, but it depends on the license that you put in.
I think 2 5508 with 25 APs license will be more expensive than a 5508 with 50 APs license.
If you have 2 WLCs, the best is NOT to spread access between the WLCs points. In doing so, you increase the complexity of homelessness (WLCs have to discount customers to each other all the time). If your point was to gain speed, it really doesn't matter as the 5508 can have up to 8 Gbit/s of uplink speed and has the ability of UC to treat 50 APs with no problems at all. So I find it best to have all the access points on 1 WLC, then if something goes wrong, all the APs migrate anyway for the other WLC.
If you want 50 APs at a 25-degree WLC failover, you can select who will join Yes. The APs have a priority system, so you assign priorities. If the WLC sees it's full capacity but higher priority APs are trying to join, it will kick down-prio APs for the high prio allow to connect.
WLCs is not exactly "HA." It's just that if you have 2 WLCs work together (as if you had 700 APs and needed to put 2 WLCs) and delivered to customers. Or all APs sat on a WLC and when it breaks down, they join the other available controller.
The only thing to do is to put each WLC in the same group of mobility so that they know.
-
OBIEE 11.1.1.5 high availability
I have server with DB and OBIEE 11.1.1.5.
My client application high availability solution.
Is it something to build into the platform for this or I have to develop a mechanism by myself?
Also, should I build a mechanism to synchronize the Oracle SB, OBIEE use for its configuration data, as well as scheduler jobs?
OBIEE should he ability for high availability
-
Hello
4240 running in HA mode?
Or should I look at 4255 if I need to work in HA mode?
Kindly help me with this info... Thanks in advance.
Kind regards
RAMJust to add a little bit to Bob's response. It is possible for the HA, but as mentioned above, it is not HA as you would expect of a firewall and requires significant network planning and is rather technical in nature.
The best documentation I could find about the designs HA is in chapter 21 - "Deploying Cisco IPS for high availability" and High Performance of Earworms security CCNP 642-627 official Cert Guide, ISBN: 9780132372107. She gets quite detailed and explains a large number of different methods.
I was also able to find some information on this site, but it is at a higher level and does not provide as many options.
https://www.NetworkWorld.com/community/node/18384
I had to work HA in some of our environments, and I'm here to tell you, plan ahead, far in advance, test several methods to find one that suits. We were using a method that I just couldn't find it mentioned anywhere.
-
Hello
I have ACS solution engine. Currently, it is connected to the switch using a single network adapter. For the
high availability to change aside, I want to use the second card netwrok thus linking
the second main switch as well as in the case of connectivity with a carrot switch break. ACS will be accessible via second switch.
Network card Ip address is currently 192.168.200.14/24
How to configure the second network adapter on the ACS in order to achieve high availability.
Hello
You cannot use the second NETWORK card on GBA.
The following link mentions "ACS takes care operating an Ethernet connector, but not the two connectors"
I hope this helps.
Kind regards
Anisha
P.S.: Please mark this message as answered if you feel that your query is resolved. Note the useful messages.
-
How to set up the single instance of data of high availability and disaster tolerance
Hi Experts,
I have unique database and instance need to configure for high availability and disaster tolerance
What are the DR options available for synchronization of database at a remote site with a delay of 5 to 10 minutes.
Application connects to the local site and DR site should be the remote site.
1 oracle FailSafe with SAN?
2. What is the security integrated on linux centos/oel solution?
3. If the storage is on the San (for example) then is it possible to set up a shell script
which detects if the source database is down for 5 minutes, ride the SAN stored the files of database on the remote computer and
change the ip in the application, so it will never connect to the source ip address
Thank you and best regards,
IVW
Hello
Rupture can occur in any level
1 oracle FailSafe with SAN?
--> Do check if you have failure in storage, your security will do nothing to bring back data
--> Seen failsafe, will be only the insurance when MS cluster moving the disc and services to different node, configured services starts.
2. What is the security integrated on linux centos/oel solution?
--> Under linux, you need to set the scripts to run, and you can check the option on the cluster OS
3. If the storage is on the San (for example) then it is possible to configure a shell script that detects if data source is down for 5 minutes, mount SAN stored the files of database on the remote computer and
change the ip in the application, so it will never connect to the source ip address
--> This you will get a cluster of BONES...
Points to note:
================
--> If there is power failure sudden, we can expect there may be lost writing in your data block, which will bring the inconsistency to your data file and redo
--> Here, there is problem with your drive?
--> If there is problem with your complete domain controller (how will you mount FS to a remote server?)
Note what we are discussing was HA and you try to keep an idle server all the time (you have a server with more RAM & CPU)
Why you can't check an option of CARS, can also have the cluster extension...
And to avoid the loss of data and to meet the RPO and RTO in all time (same DC came down, storage failure, server crash), you may need to use Oracle data guard...
Ask questions if you have
Thank you
-
High availability without shared storage?
Hi allWe have created two new 5.1 without any network vMotion ESXi servers and no shared storage. Client asked for high availability of virtual machines. There are few things that we can look at in this situation as FT and HA, but I know that they will not work without shared storage. VSA is also another option in this case, but it is not flexible and has more limitations than benefits.
Just check there at - there another solution we can us to provide high availability for virtual machines.
Thanks in advance for the help.
Greetings
Nick
Without storage shared (or ASB), it is difficult to provide high availability. Maybe vSphere replication is an option, if you can accept the loss of the latest changes, when it comes to the last line.
André
-
Any graphical plugin, or other available solution of "CAPTURE a VALUE at THE TIME TO click ON?
Hello
I just realized that the query is not my problem.
I have a graph that uses the query below, and it displays bars showing the 4 different totals revenue market Segment in every bar.
My requirement is to drill down in this section of the graph and show what amounts to this total.
I can't add this to the LINK because at the time of the request, the market Segment is unknown.
Y at - it a graphic plugin, or other available solution that can of "CAPTURE a VALUE at THE TIME CLICK ON"?
Select the NULL LINK,
TO_CHAR (to_date (Year, 'YY'), 'YYYY') year.
sum (decode (market_segment, Advanced Technology Facilities, recipes, 0)) 'Advanced Technology',
sum (decode (Market_segment, "energy and environmental Technologies", recipes, 0)) 'energy and environment '.
sum (decode ("market_segment, ' High Tech infrastructure", recipes, 0)) 'high technology Infrastructure. "
sum (decode (market_segment, "Chemical and Life Sciences", recipes, 0)) 'Life Sciences and chemicals. "
of apps.xxmwz_apex_rev_5yrs
Group by year
order by 1
I think you just need to change your group clause
of ' group by year, market_segment.
for "group by to_char (to_date(year,'YY'), 'YYYY') , market_segment '.
This is the request of my sample application
select 'f?p=&APP_ID.:2:'||:app_session||'::::P2_MONTH,P2_STATE:'||trunc(DEMO_ORDERS.ORDER_TIMESTAMP,'MM') ||','||DEMO_CUSTOMERS.CUST_STATE||':' link, trunc(DEMO_ORDERS.ORDER_TIMESTAMP,'MM') year, case when DEMO_CUSTOMERS.CUST_STATE = 'VA' then sum( DEMO_ORDERS.ORDER_TOTAL) end as VA, case when DEMO_CUSTOMERS.CUST_STATE = 'MA' then sum( DEMO_ORDERS.ORDER_TOTAL) end as MA, case when DEMO_CUSTOMERS.CUST_STATE = 'GA' then sum( DEMO_ORDERS.ORDER_TOTAL) end as GA, case when DEMO_CUSTOMERS.CUST_STATE = 'IL' then sum( DEMO_ORDERS.ORDER_TOTAL) end as IL, case when DEMO_CUSTOMERS.CUST_STATE = 'NY' then sum( DEMO_ORDERS.ORDER_TOTAL) end as NY, case when DEMO_CUSTOMERS.CUST_STATE = 'MO' then sum( DEMO_ORDERS.ORDER_TOTAL) end as MO, case when DEMO_CUSTOMERS.CUST_STATE = 'CT' then sum( DEMO_ORDERS.ORDER_TOTAL) end as CT from DEMO_ORDERS DEMO_ORDERS, DEMO_CUSTOMERS DEMO_CUSTOMERS where DEMO_ORDERS.CUSTOMER_ID=DEMO_CUSTOMERS.CUSTOMER_ID group by DEMO_CUSTOMERS.CUST_STATE, trunc(DEMO_ORDERS.ORDER_TIMESTAMP,'MM') -
Infrastructure for high availability
Hi all!
Stage en currently, Lun project is to implement Davis high availability vmware to deploy it later.
After a lot time on the tutorial, I realized to a high availability system, to 2 ESX servers, a minimum en SAN Bay.
Normal after the Vmotion solution seems to me the best. So that Vmotion works must implement vCenter Server integrated into a field.
My question is about how many card to pay the ESX servers? According to my research, I AI 3: 1 LAN, SAN 1 and 1, pour Vmotion if I don't me not mistaken.
Then the question that arises is or place vCenter? Place it in a virtual machine or in physics?
According to what I've read, the best would be to put it in a virtual machine. So in this case, is it possible to put the DC also in a VM or does is in physics by taking into account the possibility of "unavailability.
Another question: should Hook the ESX version with a license or a version ESXi is sufficient?
Thank you in advance if someone would have an opinion.
Hi Tatuxp,
Welcome to the VMware forums.
Pour a DC Windows Virtualization, you can find a lot of info in this document:
You can't start a band with the free version of vSphere. You'll have more info in the FAQ:
Pour the network config, it depends on a lot of your physical infrastructure. If you have physical networks separated, it normal morphologies of ports need you two network for redundancy. If you only have one big switch output and you use a VLAN, you trunk ports and you can put your cards in redundancy to each other. You have a good document that presents the main principles of virtual networks here:
Finally pour your VMs DC, the fact of having two and use rules qualifirons-affinity allows you to always have an available in even if one of the nodes in the cluster.
Good luck!
A +.
Franck
-
It is possible and effective: high availability (failover) on 2 guests with local storage?
Hello
I have a discussion on the implementation of ha (failover) with 2 guests with local storage.
My advice is to go with a shared storage. But there is another view, use the cluster failover MS with local storage service to save on the shared storage hardware.
2 "mirorred" on each host machines. Is it feasible at all?
The HughesNet: have 2 virtual machines (SQL server and server applications in a highly available environment). The workload of the machines will be raised to 2 very powerful servers that are supposed to be buying.
1. Please briefly explain a feature of local storage to provide HA.
2. I got to cluster in the virtual environment, not so I guess that the shared storage is used only in the virtual environment.
Thank you.
Michael.
There is software that can replicate a running, physical or virtual machine to another accessible location on the network. This could be as simple that between two close hosted ESXi of VMS or high-speed WAN. Take a look at things like neverfail, doubletake others. The costs would probably be a bit prohibitive in a smaller environment. It might be possible and maybe even practice to use a virtual storage device having a failover replication. Use of storage on each host and allows to provide the data store. Open-e
The Microsoft Clustering solution needs a shared storage.
-
Configuration of high availability.
Hello
Please help me to configure high availability for Foglight existing environment, please send me the steps and requirements of pre.How many servers can exist in a cluster?
Capacity how do we need on the primary server and the other servers if there is a failure?
We currently have 1 unifying and 3 child FMS.
version: 5.6.10
Thank you
Vicky
Vicky,
There are 2 very useful field guides that go through the requirements and the Setup process.
High Availability Guide - http://edocs.quest.com/foglight/5610/doc/wwhelp/wwhimpl/common/html/frameset.htm?context=field&file=HA-field/index.php&single=true
Federation of field guide-
http://eDOCS.quest.com/Foglight/5610/doc/wwhelp/wwhimpl/common/HTML/frameset.htm?context=field&file=Federation-field/index.php&single=true
Note the following points, known issue
"A master of the Federation running in mode high availability is not supported. Only children Federated can be run by high availability. »
Golan
-
High availability of components in the design of vWorkspace tips
Hi all
Would ask you some advice regarding the design of vWorkspace components highly available. Suppose that vWorkspace components will be deployed in vSphere or hypervisors managed SCVMM hence HA is in place, if the failure of a host. In this situation, if we still need components redundant (n + 1 VMS) vWorkspace?
On the other note, I understand that we can add a couple of broker for vWorkspace in vWorkspace Management Console connections and based on KB 99163 it would just work. I'm not sure how the traffic would be when an application is web access? As in, I guess that the connection broker news would be 'defined' at the request of the web call to the broker for connections. Or this is done automatically? Access Web would choose randomly from the broker for connections to go?
Thanks for any advice in advance
Kind regards
Cyril
Hi Cyril,.
Big questions. As with any IT architecture in layers, you must plan HA and redundancy at all points of failure required by your environment or level of Service (SLA) agreements. For vWorkspace, the center of his universe is SQL and you must plan accordingly the failure and recovery. In some environments, full backup can meet the requirement of HA. In others, full SQL Cluster, Mirroring, replication, or Always-On configurations may be required. With our broker, we recommend N + 1 deployment in most scenarios HA. When you move peripheral components or enabling, you must evaluate each component and needs its impact of failure as well as its valuation to determine the appropriate AP.
Load balancing between several brokers is done automatically by logic in the client connectors. In the case of Web access, when you configure the site Web Access in the Management Console, it includes broker list in the Web access configuration xml file. As client connectors, Web Access includes balancing logic that distributes the client load on brokers available automatically.
If you have any questions about specific components and requirements of HA or architecture, please add them in the discussions.
-
Hello
Today I have two WLC 5508 (with license for 100 AP each of them), on a single site.
The WLC work availability (active-standby).
However, we have a new scenario, with 02 sites: A and B (attachment).
I would like to know if it is possible to work as follows:
The WLC - A as the main controller of site A. WLC - B as a backup (BDC) of WLC.-a.
The WLC - B that has the PDC site B. WLC - as a backup (BDC) to WLC - B.
For example:
If WLC - a falls, site access Points are managed by B WLC site - B and vice versa.
Is this possible?
How can I configure the new scenario? Don't forget, there is a site-to-site between Site A and Site b.
Another point:
If I add more than 50 APs on Site A. How does the license number?
Should I buy a license for the two WLC?
TKS,
>....
>.. .is it possible?
No. , high availability in terms of controller is supposed to be what is said, the backup controller is not 'full' - stby and cannot play other roles.
M.
-
Does anyone know if Cisco will provide redundancy standby high availability of IPCC express?
Chris
Search in the next major version of the IPCC Express. Last I heard it was scheduled for release next month some time.
Jim
-
Deployment of high availability of the IPCC 4.5
In a future HD architecture implementation, the voice service will provide CallManager 5.0, that will integrate with 4.5 of the IPCC. 4.5 (required with 5.0 CM) IPCC does implement a high availability. How can we ensure that technical support continues to operate if the IPCC goes down? One possibility might be to configure CM such that if the IPCC goes down, all the number of help desk calls are automatically and immediately headed to a group (which includes all extensions help desk). This redirection can be configured in CM? Is there a better option?
Thanks in advance,
SB
This is your best bet. On the road Points for your call center just put the call before busy, no answer and failure to the fighter pilot. Thus, when the IPCC Express Server is down it will sent to your fighter pilot.
Please evaluate the useful messages.
adignan - berbee
Maybe you are looking for
-
I activated the "Save password" function on & off, press on save and even restarted my computer and I nothing will cause the box 'Save password' open pop and give me a chance to save my passwords. It burst open for a few sites, but for most, it pops
-
Someone had problems with Firefox 13.1 while scrolling of web pages
While most but not all of the words scrolling Web page get nervous and fuzzy. This same thing happened on version 13. I had no problem with 12 or those in front of her.
-
Equium A300D-13 x - No battery is detected
Hello Recently, I thought it would be time for me to buy a new laptop for my Toshiba Equium A300D-13 x from the current battery is so old, I get about 5-7 minutes to load off of him. So I looked online and shopped and the official Toshiba who were £1
-
Qosmio G50-129 - can I have it with Blu - ray?
I was looking for a laptop for a few weeks now and I fell on the Toshiba Qosmio G50-129. I had already seen the X 300 range, which had the quad processor, I prefer, but I did not like the colors of this laptop "boy racer". I thought that the G50 was
-
Signal affecting laptop computer charger
I use an NI USB-6216 data acquisition and my held my load cell signal cuts out when I plugged into a laptop. When I unplugged the power cord, everything works fine. See the results below: The top graph: unplug the power cord. Average chart: full, con