Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
9
Helpful
4
Replies

CSA MC Cluster : is it possible

connect101
Level 1
Level 1

‎12-26-2008 12:00 AM - edited ‎03-10-2019 04:26 AM

How to do a cluster with CSA MC.

I have 2 server, and want that is the first CSA fall, then the second take the hand and all All agents register to the second CSAMC till the first comme back.

Is there any issue or any link about documentation?

Best Regards,

Labels:
0 Helpful
4 Replies 4

pmccubbin
Level 5
Level 5

‎12-29-2008 06:59 AM

Good question and a possible feature request for Cisco. I see what you are asking for in an automatic failover of the Management Center.

Unfortunately, a cluster cannot be done. The issue, from my understanding, involves the Security Certificate. Typically a server-side certificate is generated for the SSL connection between Agents and the Management Center (MC). The communications between the Agents and MC consists of things like policy updates, agent polling, and alert message communications. The files are signed with the CSA MC certificate to prove their authenticity so that nobody can intercept the communications and alter its content.

Since the agents can function without an active MC it has always been the best practice to back up configurations and policies in the event of a MC failure. Then all that needs to be done is a restore of the configuration and license to this new MC.

Hope this helps.

Best,

Paul

jan.nielsen
Level 7
Level 7

‎01-23-2009 03:09 PM

Well, there is a difference between what you can do, and what is supported. You CAN create a hot standby, by using ex. Veritas storage management client, and making it control the csamc services on two servers, you will need to use a remote db, and make some dependencies so that the two servers are never active at the same time, registrations to the server are kept in the db, so there is no change to the actual server. Only thing is if you create a new agent kit, it will be on the server that was active, so you will need to define some shared storage between the two servers for the agent kit directory on the server. This is not supported, so you will probably get problems with support if you attempt this and it fails for some reason.

0 Helpful

paul.pearston
Level 1
Level 1
In response to jan.nielsen

‎02-11-2009 12:47 AM

Hi,

Your suggestion sounds similar to the HA solution for CSM, i.e., use Veritas storage foundation HA/DR. Have you implemented this for CSA MC?

Cisco have added a new white paper Management Center for Cisco Security Agents High Availability White Paper .Its dated the 2nd of Feb 2009, has anyone had the time to test yet? It reads like a single site HA solution but I can't see why it wouldn't scale to an HA/DR implementation across multiple data centres.

0 Helpful

jan.nielsen
Level 7
Level 7
In response to paul.pearston

‎02-11-2009 08:37 AM

Yes, it is very similar to the supported CSM HA solution with veritas storage mng agent. I have tested it with a friend who works for symantec, and used to be a veritas technician, it works very well as i recall. I have not implemented it in production environments yet. I will have to check out that paper, sounds interesting

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card