Understanding the vGW Series High Availability Solution

This topic gives an overview of the vGW Series high availability (HA) feature. It includes the following sections:

vGW Series HA

vGW Series provides high availability support for VMware environments for both the vGW Security Design VM and vGW Security VMs. The high availability feature maintains solution resiliency in the event of a failure. It allows you to deploy primary and secondary, or standby, vGW Security Design VMs and vGW Security VMs in which the secondary instance of the component takes control if the primary one is unavailable. vGW Series HA is effective in situations in which both primary components are inactive or only one is.

Note: vGW Series HA is an optional component which requires a separate license. You must purchase a separate 'VGW-HA' license for each vGW Security VM for which you plan to use the feature. The license allows the use of vGW HA for both the vGW Security Design VM and the vGW Security VM. You do not need to buy additional licenses for vGW Security VMs.

vGW Series HA and VMware HA

vGW Series is compatible with VMware HA. You can configure any regular VM in your virtualized environment with VMware HA and still protect it with vGW Series security. Additionally, you can configure the vGW Security Design VM for VMware HA or fault tolerance (FT). When it is in effect, the VMware vCenter heartbeat does not impact vGW Series adversely.

Note: It is neither necessary nor possible to configure VMware HA or FT on vGW Security VMs.

vGW Series HA maintains two separate vGW Security VMs. It checks the health between these systems. If for some reason an OS or service crash occurs in the primary vGW Security VM, the secondary vGW Security VM takes over functionality.

vGW Series HA for the vGW Security Design VM

The vGW Security Design VM, also referred to as the management center, is the main point of control for the entire vGW Series infrastructure. It presents the vGW Series interface to users, and it implements firewall security by distributing policy to the vGW Security VMs that protect ESX/ESXi hosts. You use it to configure the features that vGW Series provides and to view the wide range of information reported in its graphs, charts, and statistics. It consolidates logging information and it hosts the network monitoring database. If the vGW Security Design VM is unavailable, for example, because it crashed or it was turned off, an administrator cannot make configuration changes to the infrastructure nor benefit from information that the vGW Security Design VM gathers from virtualized environment and reports on. To protect against your inability to access this information, you can configure vGW Series HA support to enable a secondary vGW Security Design VM to take over when the primary one is unavailable.

vGW Series option to deploy both primary and secondary vGW Security Design VMs allows the secondary vGW Security Design VM to continue to serve up policy until the primary one can be brought back online. As a result, all normal network activity can continue without interruption, and new VMs powered on ESX/ESXi hosts can retrieve policy rather than defaulting to VMware failure mode.

Note: vGW Series high availability is meant to be used as an emergency solution, not as a replacement system. If the primary vGW Security Design VM fails, it can be recovered from a backup or snapshot copy. For details, see Configuring the vGW Series Backup and Restore Feature.

After you use the Settings module vGW Application Settings > High Availability page to select the vGW Security Design VM to use as the secondary one, the secondary vGW Security Design VM is automatically powered on and configured. The process takes approximately ten minutes.

Installing an Additional vGW Security Design VM and Configuring the Primary vGW Security Design VM to Use It for High Availability explains the process for creating a secondary vGW Security Design VM.

The standby vGW Security Design VM presents the same address configuration options. Supported address types include:

When you configure the address for the secondary vGW Security Design VM, you must use the address type that you used to configure the primary vGW Security Design VM. However, if, for some reason, the address type configuration differs, you need to take into consideration problems that can ensue.

In an environment in which the vGW Security Design VM is configured for dual stack communication and you configure the secondary, or standby, vGW Security Design VM differently, that is, not for dual stack, communication problems should not occur. However, problems will occur if both the primary vGW Security Design VM and the standby vGW Security Design VM are not configured for dual stack and the protocol types of the IP addresses bound to them differ.

When your environment has a standby vGW Security Design VM that has only an IPv6 address bound to it, if you attempt to change the primary vGW Security Design VM from dual stack to single with only an IPv4 address bound to it, vGW Series displays the following message:

"The interface for management communications must have an IPv6 configuration, because there is a Standby Appliance with IPv6 interface.”

See Installing an Additional vGW Security Design VM and Configuring the Primary vGW Security Design VM to Use It for High Availability.

Note: By default, a dual stack vGW Security Design VM communicates with a vGW Security VM using the IPv4 protocol. However, you can use the vGW CLI to change the default IP protocol used by setting the center.dual.stack.default.communication.ipv4 parameter to false.

center.dual.stack.default.communication.ipv4=false

By default, this parameter is set to true.

This parameter is relevant only if the vGW Security Design VM is configured for dual stack and one or more vGW Security VMs is also configured for dual stack. In all other cases, the protocol used is the one that is common to both the vGW Security Design VM and the vGW Security VM, and this parameter is irrelevant.

vGW Security Design VM HA Behavior

vGW Series high availability for the vGW Security Design VM behaves in the following ways:

vGW Series HA for the vGW Security VM

In addition to providing for a secondary vGW Security Design VM, it is important to have redundancy at the vGW Security VM level. A vGW Security VM might become inactive, for example, when the vGW Security Design VM is inactive and its secondary takes over.

When the primary vGW Security VM becomes inactive, the secondary one becomes active in 60 seconds.

High availability considerations for the vGW Security VM differ from those of the vGW Security Design VM.

The secondary vGW Security VM is the same as the primary one, and it has the same capability, given certain circumstances.

A vGW Security VM is installed on each ESX/ESXi host to be protected. It is designed to interface directly with the hypervisor on its host. It is responsible for protecting VMs only on its host. Because of the tight coupling of a vGW Security VM and its host, it is important that a vGW Security VM not be moved to a new ESX/ESXi host. If the host is down, there is nothing to be protected.

Problems can occur if a vGW Security VM is not reinstated to its original position after failure. To protect against potential problems in this area, the vGW Series automatically sets the VMware high availability and Distributed Resource Schedule (DRS) settings to restrict vGW Security VMs from being moved through high availability or DRS.

To install a secondary vGW Security VM, you build another virtual machine from the original vGW Security VM. Unlike the process for creating a secondary vGW Security Design VM anew, when you create a secondary vGW Security VM, vGW Series clones the existing vGW Security VM.

For details on how to install a vGW Security VM, see Installing a Secondary vGW Security VM for High Availability.

It is important to consider that the IP protocol address type of the IP address bound to the management interface of the secondary vGW Security VM must correspond to that of the vGW Security Design VM management interface with which it communicates. However, if both or either one is configured for dual stack, communication problems should not occur. If both are not configured for dual stack and the types of the IP addresses bound to their management interfaces differs, communication problems will ensue. For further information, see Installing vGW Security VMs on ESX/ESXi Hosts.

This pane allows you to change the IP protocol family that is used for the vGW Security VM management interface when that protocol does not match that of the vGW Security Design VM with which it must communicate. For information on conditions that would cause an IP address type mismatch between the management interfaces of the vGW Security VM and the vGW Security Design VM, see Setting Up vGW Series and Installing vGW Security VMs on ESX/ESXi Hosts.

Related Documentation