Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2251
Views
5
Helpful
1
Replies

Creating C300V cluster in vSphere

Go to solution
MarcHack93009
Level 1
Level 1

‎10-09-2020 07:22 AM

Hello, I’m reaching out to get some expertise advise on how to proceed with adding a second email security appliance C300V on VMWare for redundancy/cluster. We currently have a C300V in production and I want to add another one for a cluster. Also we have a new network solution “Nutanix” that is running hypervisor and would like to see if that platform is supported. Any deployment recommendations with limited impact would be preferred. Any assistance on this would be greatly appreciated.

 

  • Do we need 2 new I.P addresses or a heartbeat I.P for the new appliance(for inbound and outbound)
  • How to create a cluster so both C300V's work together
  • Can we build a new VM with C300V installed with the updated AOS and then have that in production while we upgrade the existing appliance ?
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marc.luescherFRE
Spotlight
Spotlight

‎10-09-2020 01:17 PM

My recommendation is as follows:

 

a) decide if you want to run your Nutanix hypervisor with either KVM or VMware vSphere support 

b) setup a second Ironport ESA (v300) and request from your networking a dedicated IP address for the ESA management interface and a NATed IP for the outside connection

c) built your new ESA with the latest recommended release

d) upgrade your existing ESA to the same release

e) merge the new Nutanix based ESA with your existing ESA into an ESA application cluster

f) point your external MX to both Nated IP devices 

 

While you could switch traffic to use the new appliance it might be easier to have a cluster first so that all configurations will be available on both appliances. From now on your Nutanix folks can use ESX vMotion to move your ESA's around, assuming their setup supports the correct VLAN's.

 

 

The Ironport ESA will use the management port of the appliances for the application heartbeat, so no dedicated is required and even recommended.

 

I hope that helps

 

-Marc Luescher

(www.emailsecurityblog.info)

View solution in original post

1 Reply 1

Go to solution
marc.luescherFRE
Spotlight
Spotlight

‎10-09-2020 01:17 PM

My recommendation is as follows:

 

a) decide if you want to run your Nutanix hypervisor with either KVM or VMware vSphere support 

b) setup a second Ironport ESA (v300) and request from your networking a dedicated IP address for the ESA management interface and a NATed IP for the outside connection

c) built your new ESA with the latest recommended release

d) upgrade your existing ESA to the same release

e) merge the new Nutanix based ESA with your existing ESA into an ESA application cluster

f) point your external MX to both Nated IP devices 

 

While you could switch traffic to use the new appliance it might be easier to have a cluster first so that all configurations will be available on both appliances. From now on your Nutanix folks can use ESX vMotion to move your ESA's around, assuming their setup supports the correct VLAN's.

 

 

The Ironport ESA will use the management port of the appliances for the application heartbeat, so no dedicated is required and even recommended.

 

I hope that helps

 

-Marc Luescher

(www.emailsecurityblog.info)

Customers Also Viewed These Support Documents