Hi Ritesh,

Centralized Management is well covered in the manuals. if you are on 7.6 it is in the Advanced User Guide chapter 8.  Or you could use the online help which has the same information (make sure you spell centralized with a "z" not an "s").

Centralized Management is basically about how to manage a set of appliances in a cluster, so that if you configure one you configure them all.

Article #392: What are the requirements for setting up a cluster?

Link: http://tools.cisco.com/squish/5562B

Before you start, please make sure that you have a valid centralized management feature key on each Cisco IronPort Email appliance that you wish to join into a cluster.

For the most current version of this information, see the AsyncOS Advanced User's Guide/Online Help for your version of AsyncOS.

Machines in a cluster must have resolvable hostnames in DNS. Alternatively, you can use IP addresses instead, but you  may not mix the two.

• All machines in a cluster need to use the exact same IP interface names.
• A cluster must consist entirely of machines running the same version of AsyncOS.
• Machines can either join the cluster via SSH (typically on port 22) or via the Cluster Communication Service (CCS).
• Once machines have joined the cluster, they can communicate via SSH or via Cluster Communication Service.

The port used is configurable. SSH is typically enabled on port 22, and by default CCS is on port 2222, but you can configure either of these services on a different port.

In addition to the normal firewall ports that must be opened for the appliance, clustered machines communicating via CCS must be able to connect with each other via the CCS port.

You must use the Command Line Interface (CLI) command clusterconfig to create, join, or configure clusters of machines. Once you have created a cluster, you can manage non-cluster configuration settings from either the GUI or the CLI.

#########################

Article #1385: What is IronPort centralized management for? How do I create a new centralized management cluster?

Link: http://tools.cisco.com/squish/c64a9

The IronPort centralized management feature allows you to manage and configure multiple appliances at the same time, to provide increased reliability, flexibility, and scalability within your network, allowing you to manage globally while complying with local policies.  A cluster consists of a set of machines with common configuration information.  Within each cluster, the appliances can be further divided into machine groups, where a single machine can be a member of only one group at a time.  Clusters are implemented in a peer-to-peer architecture - with no master/slave relationship.  You may log into any machine to control and administer the entire cluster or group.  This allows the administrator to configure different elements of the system on a cluster-wide, group-wide, or per-machine basis, with based on their own logical groupings.

Before implementing a cluster there are a few requirements to keep in mind:

• All machines must have IP connectivity
• If using hostnames make sure everything resolves correctly - with matching forward "A" and reverse "PTR" DNS records
• There must be connectivity on either TCP port 22 (SSH) or 2222 (IronPort Cluster Communication Service) or the customized port of your choice
• All appliances must have the exact same AsyncOS version and be of the same product family (NOTE: C and X series appliances are interoperable)
• All appliances must also have the "Centralized Management" feature key
• You will need command-line access as the cluster management tool "clusterconfig" is not available in the GUI

Note that many settings can be altered for individual machines or machine groups to override various settings.  The order in which clustered appliances inherit their settings is as follows:

1) MACHINE

2) GROUP

3) CLUSTER. 

Some settings such as hostnames and IP interfaces, however, are only available at the machine level and not replicated to other cluster members.

Please also note that the clustering feature is for configuration management purposes only.  It does not provide any inherent mechanism to prioritize or schedule the flow of e-mail traffic between different members.  To achieve this, one would need to use identical DNS record pre fences (MX) or a separate load balancing device or some other external mechanism.

Solution:

To begin with a new cluster, you should choose an appliance that has already been fully implemented as a standalone machine.  This machine should be completely configured with all desired features such as host / recipient access tables (HAT / RAT), mail flow policies, content filters, and so on.  This will be a point of reference by which you can form the cluster.  There are a few cautionary steps you should take:

1. Verify that all machines have their correct IP address and host name
2. Ensure the connectivity to all appliances on the desired port for device communication (using the 'telnet' command)
3. Make sure the appropriate service you choose (SSH, CCS, or custom port) has been enabled on the interface of this machine using 'ifconfig': ifconfig > edit
4. Create a configuration backup (with passwords unmasked) before continuing by using 'mailconfig' or 'saveconfig' for instance

Next, we can create both the cluster and machine groups using the 'clusterconfig' command, and join one or more additional appliances to it:

Begin the "clusterconfig" configuration sequence and provide a name for your new cluster

clusterconfig > Create A New Cluster

Define the IP communication parameters, choosing either IP address or hostname resolutionNOTE: at this point the cluster may take a few seconds to build and the changes will be committed automatically

Here you may choose to create a new group before adding machines to the new cluster. When you create a new cluster, a default group called Main_Group is created automatically. However, you may decide to rename this or create additional groups using the following commands:

clusterconfig > renamegroup

clusterconfig > addgroup

Add new machines to the cluster and group. These steps are to be performed on any remaining machines that have yet to be made cluster members and can be repeated as needed. The process can be slightly different depending on the communication protocol chosen earlier.

clusterconfig > Join an existing cluster over SSH

1. You will be prompted to start the Cluster Communication Service, which we can ignore since we are not using that protocol.
2. Enter the IP address of an existing cluster machine. This can be any cluster machine but must be referenced by IP, regardless of your communication preferences.
3. Select the port for SSH communication as defined during cluster creation.
4. Enter the password for the 'admin' account on the existing cluster machines.
5. You are shown the public key for this host for confirmation. You can further verify this on any appliance in the cluster with the following commands: logconfig > hostkeyconfig > fingerprint NOTE: there will be another delay while the new member retrieves and applies the cluster configuration automatically

clusterconfig > Join an existing cluster over CCS:

1. In order to join a cluster over CCS, you must first log in to a cluster member and tell it that this system is being added. On any machine in the cluster run: clusterconfig > prepjoin > new
2. Copy the hostname, serial number, SSH key information in order to paste it into the 'prepjoin' prompt from above on the existing cluster member. Hit twice to get to the main prompt, then run 'commit' to apply the changes. The 'commit' at this time is very important, as otherwise the new appliance will receive an authentication failure.
3. You will be prompted to start the Cluster Communication Service, which opens a new service over TCP port 2222 on the interface of your choice.
4. Enter the IP address of an existing cluster machine. This can be any cluster machine but must be referenced by IP, regardless of your communication preferences.
5. Select the port for CCS use as defined during cluster creation.
6. You are shown the public key for this host for confirmation. You can further verify this on any appliance in the cluster with the following commands: logconfig > hostkeyconfig > fingerprintNOTE: there will be another delay while the new member retrieves and applies the cluster configuration automatically

Use outputs such as 'status' and your 'System Overview' report to verify all mail flow and system operation is intact before making another configuration backup. If at any point something does not seem right - simply use 'clusterconfig > removemachine' to remove the device from the cluster and revert back to its machine-level settings.NOTE: removing the final machine from a cluster is no different from removing machines in general, and will effectively eliminate the cluster altogether.

Now that the cluster is created and functioning properly, you can begin to make different group and cluster changes and see them apply across each appliance.

Hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)