addingrsync

SecureWebGatewayVersion11.
8HighAvailabilitySecureWebGateway11.
8HighAvailabilityiiCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
LegalNoticeCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
Thisdocumentisprotectedbycopyrightandanydistribution,reproduction,copying,ordecompilationisstrictlyprohibitedwithoutthepriorwrittenconsentofTrustwave.
NopartofthisdocumentmaybereproducedinanyformorbyanymeanswithoutthepriorwrittenauthorizationofTrustwave.
Whileeveryprecautionhasbeentakeninthepreparationofthisdocument,Trustwaveassumesnoresponsibilityforerrorsoromissions.
Thispublicationandfeaturesdescribedhereinaresubjecttochangewithoutnotice.
Whiletheauthorshaveusedtheirbesteffortsinpreparingthisdocument,theymakenorepresentationorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisdocumentandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessforaparticularpurpose.
Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensalesmaterials.
Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.
Youshouldconsultwithaprofessionalwhereappropriate.
NeithertheauthornorTrustwaveshallbeliableforanylossofprofitoranycommercialdamages,includingbutnotlimitedtodirect,indirect,special,incidental,consequential,orotherdamages.
Themostcurrentversionofthisdocumentmaybeobtainedbycontacting:TrustwaveTechnicalSupport:Phone:+1.
800.
363.
1621Email:support@trustwave.
comTrademarksTrustwaveandtheTrustwavelogoaretrademarksofTrustwave.
Suchtrademarksshallnotbeused,copied,ordisseminatedinanymannerwithoutthepriorwrittenpermissionofTrustwave.
RevisionHistoryVersionDateChanges11.
0July2013Firstrelease11.
5December2013Minorrevisions11.
6December2014Versionupdate11.
7March2015Versionupdate11.
8August2016VersionupdateSecureWebGateway11.
8HighAvailabilityCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
iiiFormattingConventionsThismanualusesthefollowingformattingconventionstodenotespecificinformation.
FormatsandSymbolsMeaningBlueBluetextindicatesaWebsiteore-mailaddress.
BoldBoldtextdenotesUIcontrolandnamessuchascommands,menuitems,tabandfieldnames,buttonandcheckboxnames,windowanddialogboxnames,andareasofwindowsordialogboxes.
CodeTextinCourierNew9ptinblueindicatescomputercodeorinformationatacommandline.
ItalicsItalicsdenotesthenameofapublishedwork,thecurrentdocument,nameofanotherdocument,textemphasis,tointroduceanewterm,andpathnames.
[Squarebrackets]Squarebracketsindicateaplaceholderforvaluesandexpressions.
Notes,Tips,andCautionsNote:Thissymbolindicatesinformationthatappliestothetaskathand.
Tip:Thissymboldenotesasuggestionforabetterormoreproductivewaytousetheproduct.
Caution:Thissymbolhighlightsawarningagainstusingthesoftwareinanunintendedmanner.
Question:Thissymbolindicatesaquestionthatthereadershouldconsider.
SecureWebGateway11.
8HighAvailabilityivCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
TableofContentsLegalNoticeiiTrademarks.
iiRevisionHistoryiiFormattingConventionsiiiNotes,Tips,andCautionsiii1Overview51.
1Requirements52HowitWorks62.
1ha_manager72.
1.
1SystemLogs92.
2Heartbeat92.
2.
1ConfiguringHeartbeat.
92.
2.
2HAScript112.
3Notifier.
112.
4ReplicatingData.
112.
4.
1PostgreSQL(Postgres)122.
5Versioninstallationfromscratch132.
6SystemUpdates132.
6.
1VersionUpgrades132.
6.
2SecurityUpdates132.
6.
3Hotfix/MaintenanceReleases.
133GUI143.
1StatusTabFieldsintheHighAvailabilityDeviceIPWindow143.
2ImplementingHighAvailabilityinSWG.
154OtherConsiderations165Scenarios175.
1ActivePolicyServercrashes175.
1.
1PassivePolicyServer.
175.
1.
2ActivePolicyServer175.
2PassivePolicyServerCrashes.
175.
2.
1PassivePolicyServer.
175.
2.
2ActivePolicyServer17AboutTrustwave18Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
51OverviewToensurecontinuousoperationincaseofapolicyserverfailure,SWGsupportsHighAvailability,whichisimplementedbyaddingasecondaryPassivePolicyServerdevicetothesystem.
Specificdataisautomaticallyreplicated,updatedandsynchronizedbetweentheservers.
IntheeventoffailureoftheActivePolicyServer,SWGautomaticallyfailsovertothePassivePolicyServer,makingittheprimaryActivePolicyServer.
Whenthefailedservercanagainbeused,SWGdesignatesitasthePassivePolicyServer.
Note:ToswitchaPassivepolicyservertoActive,youmustmanuallyperformthechangeontheactivedeviceusingthefailoverLimitedShellcommand.
FormoreinformationonLimitedShellcommands,seetheSWGManagementConsoleReferenceGuide.
Thehighavailabilityprocessincludes:Decidingwhichdeviceisactiveandwhichispassive.
Switchingautomaticallybetweenactiveandpassivedeviceswhentheactivedeviceisnotfunctioning.
SettingavirtualIPontheactivedevicesothattheusercanviewtheactiveGUIwithoutknowingtheactivedeviceIP.
1.
1RequirementsOnlyoneActivePolicyServerisdefinedandonlyonePassivePolicyServerisusedforfailover.
TheprimaryActiveandsecondaryPassivePolicyServersareonseparatedevices,notonanAll-In-Onedevice.
ThedevicethathousesthesecondaryPassivePolicyServerisaccessibleanditsIPaddressisknown.
Bothpolicyserversareonthesamenetwork.
BothpolicyserversarerunningthesameSWGversion.
Linux-haisinstalledoneachpolicyserver.
AvirtualIPgiventothehighavailabilitysystem(thesetofactiveandpassivedevices).
AccesstotheGUIisrecommendedviathevirtualIP.
Inaddition,thescannerswillsendtrapstothepolicyserverviathisvirtualIP.
Linux-haisresponsibleforshiftingthevirtualIPtotheactivedevice.
Topreventasplitbrainsituation,theactiveandpassivepolicyserversmustbeconnectedbytwoswitches.
Thispreventsasituationwherebothpolicyserverscancommunicatewiththescannersbutnottoeachother,thusthinkingtheyarebothactive.
SecureWebGateway11.
8HighAvailability6Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
2HowitWorksTheManagerrunsseveralrolesonthepassivePolicyServer.
Theserolesarewritteninthe/etc/Manager/commander_passive_module.
xmlfile:TheHAroleaddedtomanager.
conf.
xmlholdstwoprocesses:ha_managerandheartbeat.
ha_manager–Theprocessthatmanagesthehighavailabilitysystem.
heartbeat–AnopensourceLinux-haprocesswhosemaincomponentimplementsaHeartbeatprotocol.
FormoreinformationaboutLinux-HA,seehttp://www.
linux-ha.
orglogrelay–TheprocessthatenablestheActiveServertoretrievesystemlogs.
TheManagertreatstheactivePolicyServerinthesamewayasaregularpolicyserver.
TheroleHAshouldbeenabledintheCommander/module.
xmlfile.
TheManagerlistenstotheNotifierrunningontheactivePolicyServer.
ItstopslisteningtothelocalNotifierwhentheNotifierontheactivedevicesendstheisPassive=1flagwithinthestatuscommand.
RunningtheManager-ctlreload[passive]commandinManager-ctltellstheManagertostopallrolesandstartonlyroleslistedasenabledincommander_passive_module.
xmlorCommander/module.
xml.
WhentheManagerrunsinpassivemode,itcreatesthe/etc/Manager/passive_devicefile.
WhentheManagerstarts,itchecksfortheexistenceofthefile,andifitexists,itloadstheconfigurationfromcommander_passive_module.
xml.
WhentheManagerrunsinanactivemode,itdeletestheManager_passivefileifitexists.
SecureWebGateway11.
8HighAvailabilityCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
7ThePolicyServersavesitsconfigurationinthedatabaseaccordingtoitsdeviceID.
Whenrunningfull_replicate,theconfigurationsinthedatabasearecopiedtofileslocatedat/var/policyserver/configuration/base/[global|deviceId].
InorderfortheactivepolicyserverconfigurationtobereplicatedtothepassivePolicyServerdevice,thedeviceIDinthepolicyserverdatabaseischangedtosuitthepassivedeviceID.
Thisisdoneonfailover,whenpassivebecomesactive,bycallingactive_request_cli.
(Theha_managerisresponsibleforthis.
)Inorderfortheconfigurationlocatedin/var/policyserver/configuration/base/[passive_device_id]tomatchtheactivepolicyserverconfiguration,onfailoverafterrunningactive_request_cli,theha_managerwillcallfull_replicate.
2.
1ha_managerha_manageristheprocessdesignedforHighAvailability.
Itsmaintaskisto:Start,stopandmonitorthePostgreSQL(Postgres)replication.
CopyadditionalfilestothepassivePolicyServerondemand.
Performfailoverwhenrequired.
ha_managersupportsthefollowingsignals:1.
SIGHUP–reloadsconfiguration.
2.
SIGUSR1–performsafailover(byrestartingHeartbeat)TheManagerstarts,stopsandmonitorstheha_managerprocessonbothactiveandpassivepolicyservers.
Itdoesnotrunonscanners.
ha_managerwillkeeprunninguntilstoppedbytheManager.
PostgresReplication:SecureWebGateway11.
8HighAvailability8Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
Theha_managerchecksthestatusofHeartbeateveryxinterval(asdefinedinHA/module.
xml)byrunningtheLinux-haclicommandcl_statusnodestatus.
Accordingtothestatus,itdecidesifthedeviceisactiveorpassive.
Thecl_statuscanbeoneofthefollowing:1.
All:Thisistheactivedevice2.
None:Thisisthepassivedevice3.
Local:a.
Ifthedeviceisthedefaultactive(theHAwasconfiguredonthisdevice)thenthisistheActivedevice.
b.
Ifthedeviceisthedefaultpassive(thisdevicewasfirstattachedtotheActivedevice):ThisdevicewillbepassiveifitwaspassivebeforeoriftheotherdeviceisActive.
Thisdevicewillbeactiveonlyifitwasactivealreadyandtheotherdeviceispassive.
Thiscanhappenonlyifthedevicewasactivebefore,andtheheartbeatwaskilledandrestartedbeforethedeadtimetimeout.
Ifthedeviceisactive,theha_managerwill:1.
Createafile/etc/ha_manager/activeindicatingthisdeviceistheActivedevice.
2.
Checkifafailoveroccurred(Ifthedevicewaspassivebefore).
Ifso,itwill:a.
Copy/var/wasp/conf_readyto/var/policyserver/configuration/baseb.
Runmanager-ctlreload,whichwilltelltheManagertostartallrolesdefinedinCommander/module.
xml.
c.
Movewatchedfilesfrom/opt/finjan/configuration/hatotheiroriginallocation.
d.
CreateaPostgrestriggerfiletellingitthatitshouldruninActivemode.
e.
StartthePolicyServerandrunactive_request_cliwhichtellsthepolicyserverthatthisistheActivedevice.
f.
Runfull_replicate.
3.
CheckthePostgresstatusoftheactiveandpassivedevice.
IfPostgresisnotrunninginreplicationmodeonbothdevices,theha_managerwillcopythePostgresdatadirectorytothepassivedeviceasdescribedabove.
4.
CopyfilesdefinedinHA/module.
xmltothepassivedevicedirectory/opt/finjan/configuration/.
Ifthedeviceispassive,theha_managerwill:1.
Createafile/etc/ha_manager/passiveindicatingthisdeviceisthepassivedevice.
2.
Runmanager-ctlreloadpassivewhichwilltelltheManagertorunonlyrolesdefinedincommander_passive_module.
xml.
3.
StopthePolicyServer.
4.
Listentocommandsfromha_managerattheactivedevice.
SecureWebGateway11.
8HighAvailabilityCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
9SystemLogsTheha_managerwillsendsystemlogswhenit:1.
FindsoutfromtheHeartbeatthatthestatusofthedevicewaschangedtoactiveorpassive.
2.
StartsPostgresreplication.
3.
FinishestheinitializationofthePostgresreplication.
4.
Failstoconnecttotheha_managerrunningonthepassivePolicyServer.
2.
2HeartbeatTheHeartbeatprocessrunsonbothactiveandpassivepolicyservers(notonscanners).
TheManagerwillstart,stopandmonitortheHeartbeatprocess.
Inthisprocess,intervalmessagesaresentbetweendevices.
Ifamessageisnotreceivedfromadevicethenthedeviceisassumedtohavefailed.
Incasethefaileddeviceistheactivedevice,Heartbeatperformsafailoverandthepassivedevicebecomestheactivedevice.
WhenrunningapropershutdownoftheHeartbeatusingthe/etc/init.
d/heartbeatstopcommand,itwillcauseafailover.
Toavoidafailovereveryshutdown,SWGkillstheheartbeatwhenrestarting(usingkillall-9heartbeat).
ConfiguringHeartbeatTheHAconfigurationissavedinthefile/var/wasp/conf/ha/current/module.
xmllikeanyotherprocessinthesystem.
Themodule.
xmlfileholdsthefollowingparameters:ha_enabled-IfHAisenabled,itwillholdthevalue1.
Otherwise0.
virtual_ip-ThevirtualIPoftheHAsystem.
CanbeemptyifnovirtualIPisdefined.
default_active-TheIPandthename(asitappearsintheuname–ncommand)ofthedefaultactivePolicyServer.
default_passive-TheIPandthename(asitappearsintheuname–ncommand)ofthedefaultpassivePolicyServer.
device_unameportandtimeout-Thedevice_unameisanApachehandlerwhichreturnsthedeviceuname.
(UsedforconfiguringHeartbeat).
ha_managerconfiguration-suchasha_managerportandtimeout.
AlistoffilesthatarenotlocatedunderthebasedirectoryandarerequiredtobecopiedtothepassivePolicyServer.
(Thiswillbediscussedlaterinthisdocument.
)Foreachfile,wecanconfigurewhetheritwillbecopiedtothepassivedeviceassoonasitismodifiedusingtheinotifyutility(inotify=1),orwillbecopiedeveryXinterval(inotify=0).
SecureWebGateway11.
8HighAvailability10Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
Forexample:TheHeartbeatconfigurationfilesarelocatedat/etc/heartbeat/.
Twofilesshouldbeconfigured:1.
Ha.
cf–holdsthefollowing:Theactiveandpassivenames.
Heartbeatdebugfileanddebuglevel.
AllkindsofHeartbeatconfigurations(forexampleautofailback).
PortthroughwhichbothHeartbeatscommunicate.
2.
haresources–holdsthevirtualIPoftheHAsystem.
Thefileisintheformat:[defaultactivedevicename][virtualip]Forexample:vs-166192.
168.
120.
185SecureWebGateway11.
8HighAvailabilityCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
11HAScriptThe/usr/bin/hascriptperformsthefollowing:1.
start-ConfiguresHeartbeatandPostgres,andstartstheHeartbeatprocess.
2.
stop-ConfiguresPostgresandstopstheHeartbeatprocess.
3.
restart-RestartstheHeartbeatprocess.
(performsstopandstart)4.
status-Returns1ifHeartbeatisrunning,0otherwise.
5.
amIactive-Returns1ifthedeviceisactive,0otherwise.
6.
Failover-Performsafailover.
2.
3NotifierThepassivedeviceislistedinthedevices.
xmlfilewithdevice_typeequaltoManagementServer.
TheNotifiertreatsthepassivedeviceinthesamewayasittreatsallotherscanners,withafewexceptions:1.
TheNotifiersendsanewflaginthestatuscommandtellingthepassiveManageritisapassivedevice(isPassive=1).
2.
TheNotifiergivesallpolicyserversahigherpriorityonscannersintheorderofapplyingtheconfiguration.
3.
Whenthereisasecurityupdateormaintenancerelease,theNotifierdoesnotcopytheps_debpackagesdirectorytoscanners,thoughitshouldbecopiedtoallpolicyservers.
Oncommit,theNotifiercopiesthebasedirectorytothestabledirectory,andthestabledirectorytotheconf_readydirectorylocatedateachdevice.
Thesamehappenswiththepassivedevice.
Onfailover,whenthepassivebecomesactive,thepassivewillcopytheconf_readydirectorytothebasedirectorysothattheNotifierwillbeabletosynctheconfigurationtothescanners.
TheNotifierwillgetthepassivepolicyserverstatusinthesamewayasitgetsthestatusofallscanners.
2.
4ReplicatingDataThetaskofreplicatingdataisdividedbetweenthreeutilities.
PostgreSQL9:Replicatesthedatabasesnotifier-Manager:Replicatesthefileslocatedunder/var/policyserver/configuration/baseha_Manager:CopiesallotherfilesAllfilesarecopiedusingrsynctodirectorieslocatedunder/opt/finjan/configuration.
Thisisbecausersynchaspermissionstowriteonlytothatdirectoryonaremotedevice.
ForthisreasonthePostgresdatadirectoryandtheconf_readydirectoryarelocatedat/opt/finjan/configuration.
Filessuchas/etc/logserver/status.
confarecopiedtotheiroriginallocationonlyonfailover.
SecureWebGateway11.
8HighAvailability12Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
Thedatathatisreplicatedfromtheactivetothepassivepolicyservercontainsthefollowing:1.
Databases-policy_server,logs,reports,system_logs2.
Allthemoduleconfigurationsanddatfilesthatarelocatedat/var/policyserver/configuration/base.
Thisdirectoryalsoincludesthedebpackagesincaseofmaintenancereleasesandhotfixes.
3.
Licensesfile-/etc/policyserver/.
license-ThisfiledefinestheSWGlicenseandisreplicatedwhenthefileismodified.
4.
Shadowfile-holdsencryptedpasswordssuchasrootandadministratorpasswords.
Isreplicatedwhenthefileismodified.
5.
Archivedirectory-/var/logserver/archive.
IsreplicatedeveryXinterval(definedinHA/module.
xml).
6.
LogServerstatusfile-/etc/logserver/status.
conf.
IsreplicatedeveryXinterval.
PostgreSQL(Postgres)PostgreSQLisanobject-relationaldatabasesystemwithabuilt-inreplicationfeaturethatreplicatesalldatabasesinthedevice.
Note:Tousethebuilt-inreplicationinPostgres,itmustbeupgradedfromPostgreSQL8.
4toPostgreSQL9.
Replicationisasynchronousbutoccursautomatically(notondemand),andveryclosetothetimeofthechangesintheactivedevice.
AccordingtothePostgresmanual:"Streamingreplicationisasynchronous,sothereisstillasmalldelaybetweencommittingatransactionintheprimaryandforthechangestobecomevisibleinthestandby.
Thedelayishowevermuchsmallerthanwithfile-basedlogshipping,typicallyunderonesecondassumingthestandbyispowerfulenoughtokeepupwiththeload.
"Theactivedatabasesremainread-write,whilethepassivedatabasesareread-only.
BeforePostgresstartsreplicatingthedatabases,youmustcopyallfilesinthePostgresdatadirectory(/opt/finjan/configuration/data/postgresql/main)fromtheactivedevicetothepassivedevice.
Notethatthissynccantakealongtime(dependingonthesizeofthedatabase),butPostgresrequiresthisbeforestartingcontinuousreplication.
(Forexample,copyinga1.
5Gdatabasefromonedevicetoanotherusingrsynctakes1m24s.
)FormoreinformationaboutPostgreSQLreplication,seehttp://wiki.
postgresql.
org/wiki/Binary_Replication_TutorialSecureWebGateway11.
8HighAvailabilityCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
132.
5VersioninstallationfromscratchWheninstallinganewversion,onemustfirstdisabletheHA,theninstallthenewversiononbothpolicyservers.
HAcanbere-enabledonlyafterbothpolicyservershavethesameversioninstalled.
2.
6SystemUpdatesNormally,whenyouconfigureautomaticupdateofScanningServerswiththelatestSWGupdates,allScanningServersareupdatedatonce.
However,theSystemUpdatesnodeletsyouchoosetoupdateselectedscanningserverswiththelatestOperatingSystemupdateinsteadofsendingtheupdatetoallthescanningserversatthesametime.
Thisensuresgreatersystemstabilityandprovidesyougreatercontrolovertheindividualscanningserversinyourconfiguration.
ThisfeatureisalsousefulwhenupdatingthepolicyserveroperatingsysteminaHighAvailabilityconfiguration.
Inthisscenario,somescanningserverscanbeleftuntouched,sothatiftheupdatefails,thePolicyServerwillstillbeabletocontroltheselectedscanningservers.
Note:ToupgradetoSWGVersion11.
0,11.
5,11.
6,11.
7or11.
8onaHighAvailabilitySetup,refertotheSWGUpgradeReleaseNotes.
VersionUpgradesVersionupgradesareperformedthesameasversionupdates.
Thepassivemustfirstbedisconnectedfromtheactivepolicyserver.
SecurityUpdatesSecurityupdatesworkthesameasconfigurationupdates.
ThenewfilesarecopiedtothepassivepolicyserverthesamewayastheyarecopiedandinstalledattheManagers.
Hotfix/MaintenanceReleasesHotfixandmaintenancereleaseswillbecopiedtothepassivepolicyserverthesamewayastheyarecopiedandinstalledattheManagers.
However,theNotifiercopiesthedirectoryps_debpackagestothepassivepolicyserveralthoughitisnotcopiedtothescanners.
SecureWebGateway11.
8HighAvailability14Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
3GUIThepassivepolicyserverisaddedasadeviceintheDevicesscreenoftheactivepolicyserver.
Itiswrittentothedevices.
xmlfilewiththesameManagementServerdevicetype.
TheGUIverifiesthatbothpolicyserversarerunningthesameSWGversion.
TheGUIshowsthestatusofthepassivepolicyserverwhichincludes:FieldDescriptionSyncStatuswhetherthepassivedeviceissyncedtobasedirectoryConnectionStatuswhethertheactiveisconnectedtothepassiveReplicationStatuswhetherthePostgresisrunninginreplicationmodeonbothdevices.
(Theha_managerwritesthisstatustothefile/etc/ha_manager/ha_manager_status)1.
TheGUIshouldenableconfigurationofthefollowingfields:PassiveIPVirtualIP2.
AmanualswapbetweenactiveandpassivecanbedoneonlybyusingtheLimitedshellontheactivedevicebycalling/usr/bin/hafailover.
3.
IftheuserentersthepassiveIPattheURLbrowser,theyshouldberedirectedtothevirtualIP.
3.
1StatusTabFieldsintheHighAvailabilityDeviceIPWindowThefollowingtabledescribesthefieldsintheStatustabintheDeviceIPwindowoftheHighAvailability(secondary)server.
FieldDescriptionSyncStatusIndicateswhethertheDeviceissynchronizedwiththePolicyServerConnectionStatusIndicatesifthedeviceisavailable(Active)CommittingStatusIndicateswhetherthedeviceisundergoingaPreparingtoCommitstatus,CommittingChangesstatus,orisStableReplicationStatusStatusofthereplicationLastConnectionTimeIndicatesthelasttimethisdevicewasconnectedtothePolicyServerSecureWebGateway11.
8HighAvailabilityCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
153.
2ImplementingHighAvailabilityinSWGTocreateanHAsystem,theuseraddsapassivepolicyservertotheManagementDevicesGroup.
Note:TheManagementConsoleGUIisnotaccessiblefromthePassivePolicyServerdevice.
Whenthechangeiscommitted,thepolicyserver:1.
AddsthepassivepolicyserverIPtothedevices.
xmlfile.
2.
ConfiguresthefileHA/module.
xml.
3.
EnablestheroleHAintheCommander/module.
xmlfile.
Afterthechangesarecommitted,theNotifierontheactivedevicesendsagetstatuscommandtothepassivedevicetellingittostartlisteningtotheactiveNotifier.
ThistriggerstheNotifierontheactivedevicetosendtheconfigurationtothepassiveManagerwhichstartsHeartbeatandha_managerprocesses.
TheHeartbeatprocesssetswhichpolicyserverisactiveandwhichispassive.
Theha_managerontheactive:4.
Tellsthepassiveha_managertocommandtheManagertoreloaditsconfigurationwiththeCommander/module.
xml.
passivefile.
Thisstopsallrolesandstartsonlytherolesneededforapassivedevice.
5.
StartsPostgresreplication.
ToimplementHighAvailability:1.
SelectAdministration|SystemSettings|SWGDevices.
2.
IntheDevicestree,right-clicktheManagementDevicesGroupnodeandchooseAddHADevice.
3.
Inthemainwindow,enterthemandatoryDeviceIP,andoptionallyenteradescription.
NotethatthedevicetypeisautomaticallysettoPassivePolicyServer.
4.
ClickSave.
5.
Optionally,specifyavirtualdeviceIP,whichwillautomaticallyroutetowhicheverpolicyserverisactiveatanygiventime,asfollows:a.
Inthetreepane,selectManagementDevicesGroup.
TheManagementDevicesGroupwindowcontainsonlyoneeditablefield:VirtualIP:EnablesyoutospecifyaVirtualIPthatwillautomaticallyresolvetoyourcurrentlyactivepolicyserverdevice.
IfyoudefineavirtualIPvalue,youcanusethisvalueforaccessregardlessofwhetherSWGhasfailedovertothepreviouslypassivepolicyserverdevice.
b.
SpecifyavirtualDeviceIPandclickSave.
6.
TocompleteimplementationofHighAvailability,includingsynchronizationofthedatabaseandconfigurationfiles,clickCommit.
SecureWebGateway11.
8HighAvailability16Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
4OtherConsiderationsIfHighAvailabilityisenabled,youmustdisabletheHighAvailabilityPolicyServerfeaturebeforeperformingarestore.
BothactiveandpassivepolicyserversmustbesyncedwiththesameNTPserver.
PingNode—Pingnodedetectsasituationinwhichthereisanetworkcommunicationbetweenactiveandpassivepolicyservers,butnonetworktoscanners.
Ifnopingbetweentheactivepolicyserverandthepingnodeexists,thesystemwillfailoverandthepassivepolicyserverwillbecomeactive.
ItisrecommendedthattheIPofthepingnodebethedefaultgateway.
TheManagementConsoleGUIisnotaccessibleonthePassivePolicyServerdevice.
Warning:WhendisablingHA,ensurethatthePassivePolicyServerisconnectedtotheActivePolicyServer.
SecureWebGateway11.
8HighAvailabilityCopyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
175Scenarios5.
1ActivePolicyServercrashesPassivePolicyServerTheHeartbeatprocess:1.
Setsthedevicetoactive.
2.
StartsthevirtualIP.
Theha_managerprocess:3.
Changesitsstatustoactive.
4.
Runsthemanager-ctlreloadcommand,whichtellstheManagertostopallrolesandstartthemaccordingtotheCommander/module.
xmlfile.
5.
Copiesthedirectory/var/wasp/conf_readyto/var/policyserver/configuration/base6.
Ifthereisaconnectiontothepassivepolicyserver,configuresandstartsPostgresreplication.
Ifthereisnoconnectiontothepassivepolicyserver,steps3-4occurwhentheconnectionisresumed(theha_managercheckseveryXsecondsiftheconnectionisresumed).
ActivePolicyServerThefollowingoccurswhentheconnectionbetweenthetwopolicyserversisresumed:TheHeartbeatprocess:1.
Setsthedevicetopassive.
2.
StopsthevirtualIP.
Theha_managerprocesswaitsforcommandsfromthenewactiveha_managerprocess.
5.
2PassivePolicyServerCrashesPassivePolicyServerWhenapassivepolicyservercomesbackupagain:1.
TheManagercomesupwiththepassiveCommander/module.
xml.
passiveconfiguration(becausethemanager_passivefileexists)andlistenstotheNotifierattheactive(asitdidbeforethecrash).
2.
TheHeartbeatprocesssetsthedevicetopassive.
3.
Theha_managerprocesswaitsforcommandsfromtheactiveha_managerprocess.
ActivePolicyServerTheha_managerattheactivepolicyserverchecksthestatusofthepassiveeveryXseconds.
Whenitdiscoverstheconnectiontothepassiveisresumed,itconfiguresandstartsPostgresreplication.
Copyright2016TrustwaveHoldings,Inc.
Allrightsreserved.
18AboutTrustwaveTrustwavehelpsbusinessesfightcybercrime,protectdataandreducesecurityrisk.
Withcloudandmanagedsecurityservices,integratedtechnologiesandateamofsecurityexperts,ethicalhackersandresearchers,Trustwaveenablesbusinessestotransformthewaytheymanagetheirinformationsecurityandcomplianceprograms.
Morethan2.
7millionbusinessesareenrolledintheTrustwaveTrustKeepercloudplatform,throughwhichTrustwavedeliversautomated,efficientandcost-effectivethreat,vulnerabilityandcompliancemanagement.
Trustwaveisaprivatelyheldcompany,headquarteredinChicago,withcustomersin96countries.
Formoreinformation,visithttps://www.
trustwave.
com.