Installing an Additional vGW Security Design VM and Configuring the Primary vGW Security Design VM to Use It for High Availability

This topic explains how to install an additional vGW Security Design VM to be used when the primary one is unavailable. You can install more than one additional vGW Security Design VM. It also explains how to configure the primary vGW Security Design VM for HA and how to determine the secondary one to use for it. The process entails:

Caution: Be sure to back up your primary vGW Security Design VM. vGW Series does not rebuild a primary vGW Security Design VM from a secondary one created for HA. For details on backing up the primary vGW Security Design VM, see Configuring the vGW Series Backup and Restore Feature.

To create a secondary vGW Security Design VM:

  1. Load the OVA file for the vGW Security Design VM using the VMware vSphere Client. (Use File > Virtual Appliance > Import in VMware vCenter.)
  2. Follow the Virtual Appliance Wizard process. Accept the defaults for the virtual appliance import.

    Note: If you need further information about installing the secondary vGW Security Design VM, you can read about how it is done for the primary vGW Security Design VM. See Understanding the Open Virtualization Format OVA Template Method and Using the OVA Single File Method to Integrate the vGW Security Design VM with VMware, and related topics that they refer to.

    The OVA import process prompts you for a database disk. You can accept the default 8.0 GB size even if your primary vGW Security Design VM is configured for a larger size. The secondary vGW Security Design VM does not store the same type of information as the primary one. Therefore it does not require more than 8.0 GB capacity.

    Caution: After the import completes, do not power on the newly created secondary vGW Security Design VM.

To configure the primary vGW Security Design VM for HA:

  1. Configure the vGW Security Design VM for HA in the Settings module:
    1. To configure the secondary vGW Security Design VM, select vGW Application Settings > High Availability. See Figure 152.

      Figure 152: Configuring the Secondary vGW Security Design VM

      Configuring the Secondary vGW Security
Design VM
    2. From the Standby Appliance list, select the vGW Security Design VM to be used as the secondary (standby) vGW Security Design VM.
    3. Select the IP address type to assign to the secondary vGW Security Design VM and how it will obtain the address. You can select an IPv4 or IPv6 address.

      Note: IPv4 DHCP is enabled by default.

      From the Internet Protocol list select:

      • For IPv4
        • Disabled

          Disable IPv4 and use an IPv6 address for the secondary vGW Security Design VM.

        • DHCP

          Use DHCP to assign an IPv4 address dynamically to the secondary vGW Security Design VM.

        • Static IP

          Specify a static IPv4 address, its network mask routing prefix, and the default gateway to use for the secondary vGW Security Design VM.

      • For IPv6:
        • Disabled

          Disable IPv6 and assign an IPv4 address to the secondary vGW Security Design VM.

        • DHCPv6

          Use a DHCPv6 server to obtain the IPv6 address to assign to the secondary vGW Security Design VM.

          According to RFC 3315, “The Dynamic Host Configuration Protocol for IPv6 (DHCP) enables DHCP servers to pass configuration parameters such as IPv6 network addresses to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to "IPv6 Stateless Address Autoconfiguration" (RFC 2462), and can be used separately or concurrently with the latter to obtain configuration parameters.”

        • Autoconfiguration

          Use stateless address autoconfiguration to obtain the IPv6 address for the secondary vGW Security Design VM. IPv6 stateless address autoconfiguration allows network devices attached to an IPv6 network to automatically acquire IP addresses and connect to the Internet without intermediate interaction with a DHCPv6 server. Refer to RFC 2462, “IPv6 Stateless Address Autoconfiguration" for details.

        • Static IP

          Specify a static IPv6 address, its prefix (the initial bits of the address that denote the network address, akin to a netmask), and the default gateway to use for the secondary vGW Security Design VM.

    4. Click Save.
  2. Configure the proxy server and time configuration settings for the secondary vGW Security Design VM.
    1. Specify whether to use the proxy settings configured for the primary vGW Security Design VM for the standby (secondary) one. See Configuring vGW Series Proxy Settings.

      The Security Design vGW connects to the Juniper Networks update server to check for available downloads of software updates. If the server does not have direct access to the Internet, a proxy can be used. For the primary vGW Security Design VM, the Settings module Appliance Settings > Proxy Settings page specifies configuration information about a proxy server, if one is required to make outbound http/https connections.

    2. Specify whether to use the time configuration settings configured for the primary vGW Security Design VM on the standby (secondary) one. See Configuring vGW Series Time Settings.
    3. Click Save.

After you complete this configuration, the secondary vGW Security Design VM is automatically powered on and configured. This process takes approximately ten minutes. After the operation completes, you can log in to the secondary vGW Security Design VM through the IP address that you specified during the configuration.

vGW Series monitors connectivity between the two vGW Security Design VM management centers. It initiates promotion of the secondary system if there is no response from the primary one within three minutes.

When the primary vGW Security Design VM is brought back online after it has recovered or the host it was on is repaired, it automatically takes control again. vGW Series HA is not designed to replace normal backup operations. Rather, it is expected that the primary vGW Security Design VM will be brought back online quickly.

Related Documentation