Understanding the vGW Series High Availability Solution

About the vGW Series High Availability

In VMSafe mode deployments, the VMware high availability feature allows for deployment of primary and secondary vGW Security Design VMs and vGW Security VMs to maintain solution resiliency in the event of a failure.

The vGW Series high availability feature is effective in situations in which both primary components are inactive or only one is.

About High Availability For the vGW Security Design VM

The vGW Security Design VM is the main point of control for the entire vGW Series infrastructure. You can configure vGW Series high availability support to enable a secondary vGW Security Design VM to take over when the primary one is unavailable.

Note: For the vGW Security Design VM, high availability is meant to be used as an emergency solution in which the primary vGW Security Design VM is recovered from a backup or snapshot copy.

When you configure high availability for the vGW Security Design VM, the secondary one is automatically powered on and configured. The process takes approximately ten minutes.

vGW Series high availability for the vGW Security Design VM behaves in the following ways:

For details on how to configure a secondary vGW Security Design VM, see Installing and Configuring a Secondary vGW Security Design VM for High Availability.

About High Availability for the vGW Security VM

In addition to providing for a secondary vGW Security Design VM, it is important to have redundancy at the vGW Security VM level. A vGW Security VM might become inactive, for example, when the vGW Security Design VM is inactive and its secondary takes over.

When the primary vGW Security VM becomes inactive, the secondary one becomes active in 60 seconds.

High availability considerations for the vGW Security VM differ from those of the vGW Security Design VM.

The secondary vGW Security VM is the same as the primary one, and it has the same capability, given certain circumstances.

A vGW Security VM is installed on each ESX host to be protected. It is designed to interface directly with the hypervisor on its host. It is responsible for protecting VMs only on its host. Because of the tight coupling of a vGW Security VM and its host, it is important that a vGW Security VM not be moved to a new ESX/ESXi host. If the host is down, there is nothing to be protected.

Problems can occur if a vGW Security VM is not reinstated to its original position after failure. To protect against potential problems in this area, the vGW Series automatically sets the VMware high availability and Distributed Resource Schedule (DRS) settings to restrict vGW Security VMs from being moved through high availability or DRS.

To install a secondary vGW Security VM, you must build another virtual machine from the original vGW Security VM. Unlike the process for creating a secondary vGW Security Design VM, when you create a secondary vGW Security VM, vGW Series clones the existing vGW Security VM.

For details on how to install a vGW Security VM, see Installing a Secondary vGW Security VM for High Availability.

Related Documentation