NOTE: TheclusteringfeatureisnotavailableontheSA700SeriesAppliance.
YoucanrunanSASeriesAppliancewithanIVSlicenseinacluster.
Ifyouarecontentwithyourcurrentlicensingprocess,youcancarrythatforwardwith
thenewlicensescheme.Upgradingmayresultinafewchangesifyouhavemismatched
concurrentuserandCLlicenses.Aclusterthatwasonce“unqualified”maybecome
“qualified”andwillbeabletosupportuserloads.Yourusercapacityshouldnotdecrease
whenupgradingtothenewlicensingscheme.
Themaximumnumberofconcurrentusersallowedinaclusteristhesumofalluser
licensesofallconnectednodes.Ifanodedisconnectsfromthecluster(eitherA/Aor
A/P),upuntilthegraceperiodendsthemaximumlicensepereachremainingnodeis
theircurrentlicenseplustheminimumoftheirownlicenseandthelicensesoftheother
nodes.Thefollowingexamplesexplainthisinmoredetail.
Example1:LicensesDistributedEquallyAmongNodes
SupposeNodeAandNodeBarepartofaclusterandeachnodehas500concurrent
userlicenses.Aslongasbothnodesareconnected,themaximumnumberoflicensesis
1000.
SupposeNodeBdisconnectsfromthecluster.Upuntiltheclusteringgraceperiodends,
themaximumnumberoflicensesonNodeAis500(fromNodeA’soriginallicense)+
minimum(licensesonNodeA(500),licensesonNodeB(500))=500+500=1000.
Afterthegraceperiodends,themaximumnumberoflicensesonNodeArevertstoits
originallicenseof500.
Example2:LicensesDistributedUnequallyAmongNodes
SupposeNodeAandNodeBarepartofacluster.NodeAhas600ADDlicensesand
NodeBhas400ADDlicenses.Aslongasbothnodesareconnected,themaximum
numberoflicensesis1000.
SupposeNodeBdisconnectsfromthecluster.Upuntiltheclusteringgraceperiodends,
themaximumnumberoflicensesonNodeAis600(fromNodeA’soriginallicense)+
minimum(licensesonNodeA(600),licensesonNodeB(400))=600+400=1000.
Afterthegraceperiodends,themaximumnumberoflicensesonNodeAis600.
SupposeNodeAdisconnectsfromthecluster.Upuntiltheclusteringgraceperiodends,
themaximumnumberoflicensesonNodeBis400(fromNodeB’soriginallicense)+
minimum(licensesonNodeA(600),licensesonNodeB(400))=400+400=800.
Afterthegraceperiodends,themaximumnumberoflicensesonNodeBis400.
Example3:LicensesDistributedUnequallyAmongNodes(ExtremeCase)
SupposeNodeAandNodeBarepartofacluster.NodeAhas1000ADDlicensesand
NodeBhas0ADDlicenses.Aslongasbothnodesareconnected,themaximumnumber
oflicensesis1000.
845
Copyright©2012,JuniperNetworks,Inc.
Chapter33:Clustering
Adjust size of pdf - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
apple compress pdf; best pdf compressor
Adjust size of pdf - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
advanced pdf compressor online; batch pdf compression
SupposeNodeBdisconnectsfromthecluster.Upuntiltheclusteringgraceperiodends,
themaximumnumberoflicensesonNodeAis1000(fromNodeA’soriginallicense)+
minimum(licensesonNodeA(1000),licensesonNodeB(0))=1000+0=1000.After
thegraceperiodends,themaximumnumberoflicensesonNodeAis1000.
SupposeNodeAdisconnectsfromthecluster.Upuntiltheclusteringgraceperiodends,
themaximumnumberoflicensesonNodeBis0(fromNodeB’soriginallicense)+
minimum(licensesonNodeA(1000),licensesonNodeB(0))=0+0=0.Afterthegrace
periodends,themaximumnumberoflicensesonNodeBis0.
GiventhescenariosinExamples2and3,werecommendyoudistributethelicenses
equallyamongstthenodes.
UpgradingFromPreviousVersions
PriortoSAseriessoftwareversion7.0,tocreateann-nodeclustersupportingcccc
concurrentusers,youwererequredtopurchaseoneADD-ccccElicenseforonecluster
node,andn-1CLlicenses(oneforeachoftheremainingclusternodes).Forexample,to
createa4-nodeclustersupporting2000concurrentusers,youneededtopurchaseone
ADD-2000Elicenseand3CLlicenses.
WhenupgradingtoSASeriessoftwareversion7,yourexistinglicenseswillcontinueto
work.Thetotalconcurrentusercapacityisstillthesumtotalofalluserlicensesaslong
asallnodesareconnected.However,whenanodedisconnectsthecapacitycomputation
changesasfollows:
Licensesonconnectednodescounttowardsthetotalclustercapacity.
Ifuserlicensesarepresentonthecomputingnode,thatsamenumberofuserlicenses
canbeborrowedfromeachdisconnectednodethatfallswithintheclustergraceperiod.
IfCLlicensesarepresentonthecomputingnode,userlicensescanbeborrowedfrom
thedisconnectednodessothattheytotalthenumberofCLlicenses.
Thefollowingexampleexplainsthisinmoredetail.
Supposeyouhavethefollowingfour-nodeclusterconfiguration:
NodeAwith1000userlicensesisconnectedtothecluster
NodeBwith400userlicensesand200CLlicensesisconnectedtothecluster
NodeCwith500userlicensesand500CLlicensesisdisconnectedfromthecluster
for17hours
NodeDwith1000userlicensesisdisconnectedfromtheclusterfor6days
ThetotalclustercapacityfromNodeB’spointofviewisasfollows:
1000licensesfromNodeAbecauseitisconnected.
400licensesfromNodeBbecausethat’sitsownlicense.
Copyright©2012,JuniperNetworks,Inc.
846
JunosPulseSecureAccessServiceAdministrationGuide
VB.NET Image: How to Draw Annotation on Doc Images with Image SDK
multi-page TIFF, Microsoft Office Word and PDF file that, you are also able to adjust various image control the annotation shapes, the outline size (width and
pdf markup text size; can pdf files be compressed
C# Image: Zoom Image and Document Page in C#.NET Web Viewer
jpeg), gif, bmp (bitmap), tiff / multi-page tiff, PDF, etc. APIs for Visual C# .NET developers to adjust the image & document page viewing size with this
pdf paper size; change font size fillable pdf
NodeCfallswithintheclustergraceperiodof5days.Usingbullet2fromtheabove
computationnotes,sinceNodeBhas400userlicensesitcanborrow400licenses
fromNodeC’s500licenses.
NodeBalsohas200CLlicenses.However,italreadyborrowed400ofNodeC’s500
userlicensessoonly100ofNodeC’suserlicensesremaintobeusedtowardsNode
B’sCLlicensecount.
NodeBcounts400+100=500licensesfromNodeC.
SinceNodeDhasbeendisconnectedfromtheclusterlongerthantheclustergrace
period,NodeBcannotborrowNodeD’suserlicenses.
NodeBhas200CLlicenses.Italreadyborrowed100userlicensesfromNodeC,
thereforeitcanborrow100userlicensesfromNodeD.
NodeBcounts100licensesfromNodeD.
ThetotalclustercapacityfromNodeB’spointofviewis1000+400+500+100=2000.
Related
Documentation
TaskSummary:DeployingaClusteronpage847
TaskSummary:DeployingaCluster
Werecommendthatyoudeployaclusterinastagingenvironmentfirstandthenmove
toaproductionenvironmentaftertestingauthenticationrealm,userrole,andresource
policyconfigurations,aswellasanyapplicationsyourend-usersmayaccess.
TocreateanSASeriesAppliancecluster:
1.
EnsurethatallintendedSASeriesAppliancenodesusethesamehardwareplatform
(forexample,allareSA6500SeriesAppliances).
2.
EnsurethatallintendedSASeriesAppliancenodeshavebeeninitiallyconfigured(for
example,SASeriesAppliancehostnameisspecifiedandtheinternalandexternalIP
addressesareassigned),andtheyarerunningthesameservicepackageversion.
3.
Fromtheadminconsole.chooseSystem>Configuration>Licensingandenablethe
clusteringfeatureontheprimaryserverbyenteringastandalonelicenseandany
featurelicenses.
4.
FromtheSystem>Clustering>CreateClusterpage,initializetheSASeriesAppliance
clusterbydefiningtheclusternameandaddingthefirst/primarySASeriesAppliance
tothecluster.
5.
FromtheSystem>Clustering>Statuspage,addthenamesandIPaddressesof
futureclusterSASeriesAppliancestotheprimarySASeriesAppliance.
6.
FromtheSystem>Clustering>JoinClusterpage,populatetheclusterwithadditional
SASeriesAppliancesasnecessary.
847
Copyright©2012,JuniperNetworks,Inc.
Chapter33:Clustering
VB.NET Image: VB.NET Code to Create Watermark on Images in .NET
font type "Times New Roman", size "16", and style "Bold"), and then adjust brush color provide powerful & profession imaging controls, PDF document, tiff
pdf change page size; pdf page size limit
C# PowerPoint: How to Set PowerPoint Rendering Parameters in C#
this SDK to render PowerPoint (2007 or above) slide into PDF document or Generally, you are allowed to set image resolution, image size, batch conversion and
adjust pdf page size; adjust size of pdf
7.
IfyouarerunningNetworkConnectonamulti-siteclusterwherenodesresideon
differentsubnets:
a.
ConfigureanIPaddresspoolpolicyontheUsers>ResourcePolicies>Network
Connect>NetworkConnectConnectionProfiles>NewProfilepagethataccounts
forthedifferentnetworkaddressesusedbyeachnodeinthecluster.
b.
Foreachnodeinthecluster,usesettingsintheSystem>Network>Network
ConnectpageoftheadminconsoletospecifyanIPfilterthatfiltersoutonlythose
networkaddressesavailabletothatnode.
c.
CreateastaticrouteonyourgatewayrouterthatindicatestheIPaddressofthe
internalportofeachclusternode.EachIPaddressspecifiedontherouterneeds
tobeinthesamesubnetworkasthecorrespondingclusternode.
8.
IfyouarecreatingaclusterofSASeriesFIPSAppliances,manuallyupdatethesecurity
worldoneachofthemachines.
WhenrunningNetworkConnectonanActive/Activecluster,youmustsplittheIPaddress
poolacrossthenodestoensureproperroutingfromthebackendtotheNCend-user.
ThisisarequirementwhethertheIPaddresspoolisprovisionedstaticallyontheSA
SeriesApplianceordynamicallybywayofDHCP.
TheclientIPpoolconfigurationissynchronizedamongallnodesinacluster;however,
administratorsmayconfigureeachSASeriesAppliancetouseacertainsubsetofthe
globalIPpool.ConfiguretheclientIPpoolintheNetworkSettings>NetworkConnect
tab,usinganIPfiltermatch.
Junipernetworksrecommendsthatyoudeployaclusterinastagingenvironmentfirst
andthenmovetoaproductionenvironmentaftertestingauthenticationrealm,userrole,
andresourcepolicyconfigurations,aswellasanyapplicationsyourend-usersmayaccess.
Related
Documentation
JoininganExistingClusteronpage849
DefiningandInitializingaClusteronpage848
SerialConsoleProceduresonpage868
AdminConsoleProceduresonpage863
DefiningandInitializingaCluster
IfyouarecurrentlyrunningstandaloneSASeriesAppliancesthatyouwanttocluster,
werecommendthatbeforeyoucreateacluster,youfirstconfiguresystemanduser
settingsononemachine.Afterdoingso,usethesamemachinetocreatethecluster.This
machinejoinstheclusteraspartofthecreationprocess.WhenotherSASeriesAppliances
jointhecluster,thismachinepropagatesitsconfigurationtothenewclustermember.
Todefineandinitializeacluster:
1.
ConfigureoneSASeriesAppliancewiththeappropriatelicenseandsystem,user,
resource,andapplicationdata.
Copyright©2012,JuniperNetworks,Inc.
848
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF: Use C# APIs to Control Fully on PDF Rendering Process
PDF document PDFDocument doc = new PDFDocument(@"c:\sample.pdf"); // compute zoom new Rectangle(0, 0, originalWidth, originalHeight), size); // adjust with a
pdf optimized format; adjust pdf size
VB.NET Excel: VB Methods to Set and Customize Excel Rendering
on the fixed image size ration that the size is limited by Adjust Image Scaling Factor. supports converting Excel to other document files, like PDF with online
adjust file size of pdf; change font size in pdf form
2.
FromtheadminconsoleselectSystem>Clustering>Createandenteranamefor
thecluster,aclusterpassword,andanameforthismachine,suchasServer-1.
YouneedtoenterthepasswordagainwhenconfiguringadditionalSASeries
Appliancestojointhecluster.Allmachinesintheclusterusethispasswordto
communicate.
3.
ClickCreateCluster.Whenpromptedtoconfirmtheclustercreation,clickCreate.
AftertheSASeriesApplianceinitializesthecluster,theClusteringpagedisplaysthe
StatusandPropertiestabs.UsetheStatustabtospecifyadditionalclustermembers
beforetryingtoaddanotherSASeriesAppliancetothenewcluster.
Related
Documentation
TaskSummary:DeployingaClusteronpage847
JoininganExistingClusteronpage849
JoininganExistingCluster
ThemethodyouusetoaddanSASeriesAppliancetoaclusterdependsonwhetheror
nottheSASeriesApplianceisconfiguredoruninitialized(stillinitsfactorystate).Foran
SASeriesApplianceinitsfactorystate,werecommendthatyouusetheserialconsole
procedurebecauseitrequiresyoutoenterminimalinformationforthemachinetojoin
acluster.
849
Copyright©2012,JuniperNetworks,Inc.
Chapter33:Clustering
C# PDF Convert: How to Convert Word, Excel, PowerPoint, Tiff
Support rendering image to a PDF document page, no change for image size. Able to adjust and customize image resolution to meet various C# PDF conversion
change page size pdf acrobat; change page size pdf
C# Word: How to Draw Text, Line & Image in C#.NET Word Project
copy the sample codes below to adjust text properties such as image color, picture size, location of powerful & profession imaging controls, PDF document, image
reader compress pdf; change font size pdf form reader
NOTE:
IfyoupurchasedtheJuniperNetworksSACentralManager,youcancreate
aclusterusingtheSASeriesAppliancerunningthelatestOSversionand
thenaddadditionalnodesusingthe“upgradeandjoin”functionality.When
youaddanodetoaclusterusingthisfeature,thefirstSASeriesAppliance
nodeupgradesthejoiningnodewiththemorecurrentservicepackage.
ThisfunctionalityworksonlywhenalltheSASeriesAppliancesarerunning
version4.0orlateroftheOS.
IfyouwanttoaddanSASeriesAppliancecurrentlyrunningasastand-alone
machinetoaclusterthroughitsadminconsole,andyoudonothaveCentral
Manager,itmustberunningthesameoramorerecentversionservice
packageonthesamehardwareplatformastheothermembers.
IfyouaddanSASeriesAppliancerunningapreviousversionservicepackage
toacluster,theSASeriesApplianceautomaticallydetectsthemismatch,
getsthenewerpackagefromthecluster,andjoinsthecluster.Ifthenew
nodehasnolicense,itisaddedwithclusterstatussettoEnabled,
UnqualifieduntilyouapplyavalidCLlicenseusingthenewnode’smachine
ID.
Existingnode-specificsettingsareerasedwhenanSASeriesAppliance
nodejoinsacluster.Thesesettingsincludenetworkinterfaceaddresses,
routetables,virtualports,ARPcaches,VLANinterface,SNMPsettings,
andsoforth.Theadministratormustmanuallyreconfigurethesesettings
forthenewlyjoinednode.YoucannotusetheImportsystemconfiguration
featuretoimporttheseconfigurationsandsettingsontoanSASeries
Appliancenodethathasbeenjoinedtothecluster.
Ifthemanagementportontheprimarynodeisconfiguredandenabledbut
thesecondarynodeisnotconfiguredanddisabled,thesecondarynode
becomesenabledoncetheSASeriesAppliancejoinsthecluster.
InanSASeriesFIPSenvironment,youmustusetheadminconsoletoaddanSASeries
Appliancetoacluster.Youalsomusthavephysicalaccessto:
Thecryptographicmodulesinstalledinthefrontpanelsoftheclustermembers’SA
SeriesAppliances
Asmartcardreader
Anadministratorcardthatispre-initializedtotheactiveclustermember’ssecurity
world
SpecifyinganSASeriesAppliancetoJointoaCluster
BeforeanSASeriesAppliancecanjoinacluster,youmustspecifyitsnetworkidentity
onanactiveclustermember.
Copyright©2012,JuniperNetworks,Inc.
850
JunosPulseSecureAccessServiceAdministrationGuide
C# Word: Set Rendering Options with C# Word Document Rendering
& raster and vector images, such as PDF, tiff, png rendering application still enables users to adjust and set developers can choose a target size or resolution
adjust pdf size preview; reader shrink pdf
VB.NET Image: Image Resizer Control SDK to Resize Picture & Photo
VB.NET Code for Adjusting Image Size. In order to resizer control add-on, can I adjust the sizes of powerful & profession imaging controls, PDF document, image
change font size pdf form; change font size in fillable pdf
TospecifyanSASeriesAppliancethatyouintendtojointoanexistingcluster:
1.
Fromtheadminconsoleofanactiveclustermember,selecttheSystem>Clustering
>ClusterStatustab.
2.
ClickAddMemberstospecifyanSASeriesAppliancethatwilljointhecluster:
a.
Enteranameforthemember.
b.
Enterthemachine’sinternalIPaddress.
c.
Enterthemachine’sexternalIPaddressifnecessary.NotethattheExternalIP
addressfielddoesnotappearifyouhavenotenabledtheexternalportonthe
System>Network>ExternalPorttab.
d.
Changethenetmaskandgatewaysettingsforthenodeifnecessary.
e.
ClickAddNode.Whenpromptedtoconfirmaddingthenewmember,clickAdd.
f.
RepeatthisprocedureforeachSASeriesApplianceyouintendtoaddtoacluster.
AddinganSASeriesAppliancetoaClusterThroughItsAdminConsole
BeforeyoucanaddanSASeriesAppliancetoacluster(eitherthroughtheWeborserial
console),youneedtomakeitsidentityknowntothecluster.NotethatifanSASeries
Appliancehasaclusterlicensekey,ithasonlyaClustering>Jointab.
ToaddanSASeriesAppliancetoaclusterthroughitsadminconsole:
1.
Fromanexistingclustermember,selecttheSystem>Clustering>ClusterStatus
tabandspecifytheSASeriesApplianceyouwanttoaddtothecluster.
2.
FromtheadminconsoleoftheSASeriesApplianceyouwanttoaddtoacluster:
a.
ChoosetheSystem>Configuration>Licensingtabandenterthecorrectlicense
keytoenabletheclusteringfeature.
b.
SelecttheSystem>Clustering>Jointabandenter:
TheNameoftheclustertojoin
TheclusterPasswordyouspecifiedwhendefiningthecluster
TheIPaddressofanactiveclustermember
c.
ClickJoinCluster.Whenpromptedtoconfirmjoiningthecluster,clickJoin.After
theSASeriesAppliancejoinsthecluster,youmayneedtosigninagain.
3.
(SASeriesFIPSenvironmentsonly)Initializethenodewiththeactiveclustermember’s
securityworld.
Whilethenewnodesynchronizesitsstatewiththeexistingclustermember,eachnode’s
statusindicates“Enabled,”“Enabled,Transitioning,”or“Enabled,Unreachable.”
Whenthenewnodefinishesjoiningthecluster,itsClusteringpageshowstheStatusand
Propertiestabs.Theoriginalclustermember’sstatedata,includingsystem,user,and
851
Copyright©2012,JuniperNetworks,Inc.
Chapter33:Clustering
licensingdata,existsonthenewclustermember.Inthisexample,theoriginalmember’s
userinterfacecoloringisreflectedonthenewnode.
Related
Documentation
SerialConsoleProceduresonpage868
Obtaining,EnteringandUpgradingYourLicenseKeysonpage704
ImportingandExportingSecureAccessServiceConfigurationFilesonpage768
Re-addingaNodetoaCluster
Withsomemaintenanceoperations,itmaybenecessarytoremoveanodefromacluster,
thenre-addandre-joinittothecluster.
WhenanSASeriesAppliancenodejoinsacluster,allofitsnode-specificsettings
(includingnetworkinterfaceaddresses,routetables,virtualports,ARPcaches,VLAN
interface,SNMPsettings)areoverwrittenbythecorrespondingconfigurationsettingit
receivesfromthecluster.
Topopulatethenewlyjoinednodewiththecorrectnode-specificsettings:
1.
Addthenodetothecluster.
2.
Fromanyoftheexistingnodesinthecluster,manuallyconfigurethedesired
node-specificsettingsforthenewlyaddednode.
3.
Jointhenodetothecluster.
Whenthenodejoinsthecluster,itreceivesitsnewlyconfigurednode-specificsettings
fromthecluster.
NOTE: Youconfigurethenode-specificsettingsforthenewlyaddednode
manuallybecausebinaryimportoptionsarenotuseful.Theonly
recommendedbinaryimportoptionintoaclusteris“Importeverythingexcept
networksettingsandlicenses”fromtheMaintenance>Import/Export>
Configurationpagewhichrestorescluster-wideconfiguration(sign-in,realms,
roles,resourcepoliciesetc.)fromabackupbinaryfile.Becausethisoption
skipsnode-specificsettings,youmustperformstep2asamanualstepin
ordertopopulatethenewly-joinednodewiththerightsetofnode-specific
settings.
Related
Documentation
JoininganExistingClusteronpage849
DeployingTwoNodesinanActive/PassiveCluster
YoucandeploySASeriesAppliancesasaclusterpairinActive/Passivemode.Inthis
mode,oneSASeriesApplianceactivelyservesuserrequestswhiletheotherSASeries
Appliancerunspassivelyinthebackgroundtosynchronizestatedata,includingsystem
state,userprofile,andlogmessages.UserrequeststotheclusterVIP(virtualIPaddress)
Copyright©2012,JuniperNetworks,Inc.
852
JunosPulseSecureAccessServiceAdministrationGuide
arepassedtotheactiveSASeriesAppliance.IftheactiveSASeriesAppliancegoes
off-line,thestandbySASeriesApplianceautomaticallystartsservicinguserrequests.
Usersdonotneedtosigninagain,howeversomeSASeriessessioninformationentered
afewsecondsbeforetheactivemachinewentoff-line,suchascookiesandpasswords,
maynothavebeensynchronizedonthecurrentSASeriesAppliance,inwhichcaseusers
mayneedtosignintoback-endWebserversagain.
Youmightneedtofail-overtheclusterVIPtotheothernode,manually.Youcanperform
amanualfailoverbyusingtheFail-OverVIPbuttonontheClusteringStatuspage.
Thefollowingfiguresillustratesanactive/passiveSASeriesAppliancecluster
configurationusingtwoSASeriesAppliancesthathaveenabledexternalports.Note
thatthismodedoesnotincreasethroughputorusercapacity,butprovidesredundancy
tohandleunexpectedsystemfailure.
UserrequestsaredirectedtotheclusterVIP,whichthenroutesthemtothecurrently
activemachine.
Figure23:Active/PassiveClusterPair
Related
Documentation
FailingOvertheVIPtoAnotherNodeonpage853
SpecifyingActive/Passive,Active/Active,andOtherClusterSettingsonpage858
UsingDeviceCertificatesonpage727
FailingOvertheVIPtoAnotherNode
Inanactive/passivecluster,youmightneedtofail-overtheVIPtotheothernode,
regardlessofwhichnodeyouarecurrentlyusing.
TofailovertheVIP:
1.
SelectSystem>Clustering>ClusterStatusfromtheadminconsole.
2.
ClicktheFail-OverVIPbuttontomovetotheothernode.TheFail-OverVIPbutton
isatogglebutton,soyoucanmovefromonenodetotheother,regardlessofwhich
istheleader.
853
Copyright©2012,JuniperNetworks,Inc.
Chapter33:Clustering
Thefailoveroccursimmediately.
NOTE: VIPfailoverdoesnotoccurwhenthemanagementportfails.
Related
Documentation
DeployingTwoNodesinanActive/PassiveClusteronpage852
DeployingTwoorMoreUnitsinanActive/ActiveCluster
InActive/Activemode,allthemachinesintheclusteractivelyhandleuserrequestssent
byanexternalloadbalancer.TheloadbalancerhoststheclusterVIPandroutesuser
requeststoanSASeriesAppliancedefinedinitsclustergroupbasedonsource-IProuting.
IfanSASeriesAppliancegoesoff-line,theloadbalanceradjuststheloadontheactive
SASeriesAppliances.Usersdonotneedtosigninagain,howeversomeSASeriessession
informationenteredafewsecondsbeforetheactivemachinewentoff-line,suchas
cookiesandpasswords,maynothavebeensynchronizedonthecurrentSASeries
Appliance,inwhichcaseusersmayneedtosignintoback-endWebserversagain.
NOTE:
Whenchoosingandconfiguringaloadbalancerforyourcluster,we
recommendthatyouensuretheloadbalancer:
SupportsIPsec
Listensfortrafficonmultipleports
Canbeconfiguredtomanagetrafficusingassignedsourceanddestination
IPaddresses(notdestinationport)
TheSASeriesclusteritselfdoesnotperformanyautomaticfail-overorload-balancing
operations,butitdoessynchronizestatedata(system,user,andlogdata)amongcluster
members.Whenanoff-lineSASeriesAppliancecomesbackonline,theloadbalancer
adjuststheloadagaintodistributeitamongallactivemembers.Thismodeprovides
increasedthroughputandperformanceduringpeakloadbutdoesnotincreasescalability
beyondthetotalnumberoflicensedusers.
TheSASeriesAppliancesynchronizesstatedataonallnodesifyouaddordeletethe
hostentrybyusingtheNetworkSettingspages.Ifyouaddordeletethehostentryusing
theClusteringtabforaclustermember,thestatedataonlyaffectsthenodeandtheSA
SeriesAppliancedoesnotsynchronizethedataacrosstheentirecluster.
TheSASeriesAppliancehostsanHTMLpagethatprovidesservicestatusforeachSA
SeriesApplianceinacluster.Externalloadbalancerscancheckthisresourcetodetermine
howtoeffectivelydistributetheloadamongalltheclusternodes.
ToperformtheLayer7healthcheckforanode:
Fromabrowser—EntertheURL:
Copyright©2012,JuniperNetworks,Inc.
854
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested