Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring High Availability

    If your appliance is HA-ready, you will see two additional modes available on the Select Appliance Mode screen during appliance initialization.

    1. On the active appliance (the one that will be the primary appliance), enter TUI setup by typing sudo setup.
    2. Select Initialize Appliance and select either HA Master or HA Dedicated Master for the mode.

      Figure 1: TUI, Select HA

      TUI, Select HA

      The available modes are:

      • HA Master: If the appliance is in HA Master mode, it acts as a stand-alone system. The system's database will be stored on this node, and will be replicated/mirrored to the passive appliance (configured later). The appliance will also process traffic like a standard installation.
      • HA Dedicated Master: Just like in clustering, the Dedicated Master has no way to process traffic by itself. It only contains the database and the essential services to talk to the other appliances. If you want a WebApp Secure cluster configured for HA, you can select this mode to prevent the master from processing any traffic. Keep in mind you just utilize clustering to configure at least one Traffic Processing node. A copy of the master will still exist on the passive system.
    3. Once a mode is selected, you must bind the appliance to an interface. This must be the same interface that will accept incoming connections to the appliances and the same interface that the VIP is on. The HA interconnect interface can only be used as a link between HA appliances.
    4. After selecting the interface, you are prompted to enter the IPs belonging to the HA pair. This includes the IP of the current master (the active appliance) as well as the IP of the appliance to fail-over to (the passive appliance).

      Note: Be sure that each of the appliances are on the same WebApp Secure version (invoke mykonos-get-version from the appliance's command line). Appliances not on the same version as the master must be manually updated to the HA master's version before continuing on.

      Figure 2: TUI, Enter HA Node Addresses

      TUI, Enter HA Node Addresses
    5. Next, you are prompted to enter the Virtual IP (VIP) that the system will use as the IP of the currently active system. You may enter either the standard or the CIDR bitmask (for example, or /24) for the netmask.

      Figure 3: TUI, Enter Virtual Addresses

      TUI, Enter Virtual Addresses
    6. After allowing the Initialization process to complete, you can verify proper HA setup by navigating to the management interface https://VIP:5000 where VIP is the Virtual IP. Navigate to High Availability on the left-side menu to observe the status of the HA pair.

      Figure 4: HA Pair Status

      HA Pair Status

      Warning: Since the various HA appliances in a configuration need to interface with the database, port 5432 will be open. Be sure to restrict access to this port with your firewall to prevent unwanted incoming connections. WebApp Secure is not intended to be used as an edge device.

      Note: If the interconnect between an HA pair drops at any point, it is possible that both systems will try to assume the active system role. This leads to a condition known as split-brain, where data is not properly routed through the pair. To mitigate this, it is recommended that you bond the pair using the 10Gb ports on the front of the appliance. Follow the steps in the Network Configuration section of the TUI to setup the bond and then to configure it as you would any other interface.

      Note: You must use the VIP to access the configuration interface. If you attempt to use the management interface on the passive appliance, you will see a notification indicating "The Administrative interface is not accessible on this host because it is the secondary host in a High Availability cluster."

    Published: 2013-11-20