Re: SSM on-prem High Availability Server Deployment

shibin.kumar.ic · ‎12-01-2022

Hello experts, I am trying to deploy SSM on-prem server in high availability. In our environment we have a firewall between each server hence need to open the ports to allow any communication between Primary and Secondary server in SSM on-prem high availability cluster. Can you please let me know if this is a supported deployment (Firewall between SSM on-prem Primary and Secondary Server) and if yes what are the ports we need to enable between Primary and Secondary Server.

I have currently opened port 22 between Primary and Secondary server private IP addresses. When I try to enter the primary server IP during the high availability setup, I get an error Primary IP is unreachable! aborting... error.

Roger Kallberg · ‎12-02-2022

Hi,
This is not related to any Unified Communication topic, so I would advise you to move your post into a better suited part of the community.

Nithin Eluvathingal · ‎12-03-2022

I couldn't find a document which explains the port usage of SSM HA. The reason could be this is not common deployment model. In this case probably you need to have a policy on firewall any any between these two subnet , There are tools available which can find the ports used, find them and allow them on firewall.

TAC will be able to help you.

Roger Kallberg · ‎12-04-2022

With just the firewall and the logging function in it the OP should be able to figure out what posts are blocked and add them to the needed rules.

shibin.kumar.ic · ‎12-04-2022

Yes, I engaged the firewall team to check the logs when I get primary IP unreachable error, unfortunately they dent see any logs between primary and secondary during this window.

Roger Kallberg · ‎12-05-2022

In that case the likeliest reason would be routing as it sounds like traffic doesn’t reach the destination.

Nithin Eluvathingal · ‎12-05-2022

If no traffics are seen, probably there is a routing issues as @Roger Kallberg highlighted,