Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating an HA Cluster

 

Pairing a primary host, secondary high-availability (HA) host, and a virtual IP address using JSA creates an HA cluster.

  • For a software installation of JSA, you must run the following script before the installation to enable HA:

    /media/cdrom/post/prepare_ha.sh
    Note

    Running this command on an existing stand-alone JSA server reformats the /store partition and causes data loss.

    For more information, see the Juniper Secure Analytics Installation Guide.

  • If external storage is configured for a primary HA host, you must also configure the secondary HA host to use the same external storage options. For more information, see the Juniper Secure Analytics Configuring Offboard Storage Guide.

  • Ensure that no undeployed changes exist before you create an HA cluster.

If disk synchronization is enabled, it might take 24 hours or more for the data in the /store partition on the primary HA host /store partition to initially synchronize with the secondary HA host.

If the primary HA host fails and the secondary HA host becomes active, the Cluster Virtual IP address is assigned to the secondary HA host.

In an HA deployment, the interfaces on both the primary and secondary HA hosts can become saturated. If performance is impacted, you can use a second pair of interfaces on the primary and secondary HA hosts to manage HA and data replication. Use a crossover cable to connect the interfaces.

  1. Click the Admin tab.
  2. On the navigation menu, click System Configuration.
  3. Click the System and License Management icon.
  4. Select the host for which you want to configure HA.
  5. From the Actions menu, select Add HA Host and click OK.
  6. Read the introductory text. Click Next.
  7. Type values for the parameters:

    Option

    Description

    Primary Host IP address

    A new primary HA host IP address. The new IP address replaces the previous IP address. The current IP address of the primary HA host becomes the Cluster Virtual IP address.

    The new primary HA host IP address must be on the same subnet as the virtual host IP address.

    For IPv6, if you selected Yes to auto-configure JSA for IPv6 during the installation, enter the IP address that you recorded.

    Secondary HA host IP address

    The IP address of the secondary HA host. The secondary HA host must be on the same subnet as the primary HA host.

    Enter the root password of the host

    The root password for the secondary HA host. The password must not include special characters.

    Confirm the root password of the host

    The root password for the secondary HA host again for confirmation.

  8. To configure advanced parameters, click the arrow beside Show Advanced Options and type values for the parameters.

    Option

    Description

    Heartbeat Interval (seconds)

    The time, in seconds, that you want to elapse between heartbeat pings. The default is 10 seconds.

    For more information about heartbeat pings, see Heartbeat ping testsYou can test the operation of the primary high-availability (HA) host by configuring the time interval of heartbeat ping tests..

    Heartbeat Timeout (seconds)

    The time, in seconds, that you want to elapse before the primary HA host is considered unavailable if no heartbeat is detected. The default is 30 seconds.

    Network Connectivity Test List peer IP addresses (comma delimited)

    The IP addresses of the hosts that you want the secondary HA host to ping. The default is to ping all other managed hosts in the JSA deployment.

    For more information about network connectivity testing, see Network connectivity testsTo test network connectivity, the JSA Console automatically pings all existing managed hosts in your JSA deployment..

    Disk Synchronization Rate (MB/s)

    The disk synchronization rate. The default is 100 MB/s.

    Disable Disk Replication

    This option is displayed only when you are configuring an HA cluster by using a managed host.

    Configure Crossover Cable

    Crossover cables allow JSA to isolate the replication traffic from all other JSA traffic, such as events, flows, and queries.

    You can use crossover cables for connections between 10 Gbps ports, but not the management interface.

    Crossover Interface

    Select the interfaces that you want to connect to the primary HA host.

    Note: All interfaces with an established link, or an undetermined link, appear in the list. Select interfaces with established links only.

    Crossover Advanced Options

    Select Show Crossover Advanced Options to enter, edit, or view the property values.

  9. Click Next, and then click Finish.Note

    When an HA cluster is configured, you can display the IP addresses that are used in the HA cluster. Hover your mouse over the Host Name field on the System and License Management window.

  10. Click Admin >Advanced >Deploy Full Configuration to enable network connectivity tests.