Table Of Contents
Preface
Overview
HA/DR Solution
Symantec VERITAS Products
Audience
Conventions
Related Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Preface
Overview
This section provides the following overviews:
•
HA/DR Solution
•Symantec VERITAS Products
HA/DR Solution
This document explains how to install Cisco Security Manager (Security Manager) in a high availability (HA) or disaster recovery (DR) environment. The Security Manager HA/DR solution is based on Symantec's VERITAS Storage Foundation and High Availability solutions. The Security Manager HA/DR solutions support the following applications:
•Security Manager 3.1 and later
•Resource Manager Essentials 4.0.5 and later
•Auto Update Server 3.1 and later1 .
The HA/DR solution does not support Performance Monitor or IPS Event Viewer (IEV), which are also included with Security Manager.
The HA solution supports both local redundancy (HA) and geographic redundancy (DR) configurations.
The local redundancy configuration provides an automatic failover solution in the event of software or hardware failures without the need to reconfigure IP addresses or DNS entries on your switched/routed network.
The geographic redundancy configuration provides disaster recovery by replicating application data between two sites. Failover between sites can be initiated manually or performed automatically.
Figure 1 illustrates the local redundancy HA configuration. Figure 2 illustrates a geographic redundancy HA (disaster recovery) configuration.
Note The servers in Figure 1 andFigure 2 optionally contain mirrored internal boot disks. We recommend that they be the same make, model, and storage capacity. We recommend a fault-tolerant switched/routed network for communicating with the HA servers.
Figure 1 Local Redundancy HA Configuration
Figure 2 Geographic Redundancy DR (Disaster Recovery) Configuration
Symantec VERITAS Products
The Security Manager HA/DR solutions described in this document are based on Symantec VERITAS products. This section gives a brief summary of each of the specific VERITAS applications.
•VERITAS Storage Foundation for Windows (VSFW)
VSFW provides volume management technology, quick recovery, and fault tolerant capabilities to Windows enterprise computing environments. VSFW provides the foundation for VCS and VVR.
•VERITAS Cluster Server (VCS)
VCS is a clustering solution for reducing application downtime. The Global Cluster Option (GCO) for VCS supports managing multiple clusters (such as used in a DR configuration).
•VERITAS Volume Replicator (VVR)
VVR provides a foundation for continuous data replication over IP networks, enabling rapid and reliable recovery of critical applications at remote recovery sites.
Audience
The primary audience for this guide is system administrators who are responsible for installing and managing the HA/DR solutions. This guide assumes that you are familiar with the topics in Table 1.
Table 1 Topics in this Guide
Configuration
|
Topics
|
Local Redundancy
|
•Cisco Security Manager
•Microsoft Windows Administration (Windows Server 2003)
•Symantec VERITAS Storage Foundation HA for Windows 4.3 or 5.0
|
Geographic Redundancy
|
•Cisco Security Manager
•Microsoft Windows Administration (Windows Server 2003)
•Symantec VERITAS Storage Foundation HA for Windows 4.3 and Global Cluster Option or Symantec VERITAS Storage Foundation HA/DR for Windows 5.0
•Symantec VERITAS Volume Replicator Option (4.3 or 5.0)
|
Geographic Redundancy without Clustering
|
•Cisco Security Manager
•Microsoft Windows Administration (Windows Server 2003)
•Symantec VERITAS Storage Foundation for Windows 4.3 or Symantec VERITAS Storage Foundation Basic for Windows 5.0
•Symantec VERITAS Volume Replicator Option for Storage Foundation for Windows (4.3 or 5.0)
|
Because the Security Manager HA/DR solutions utilize Symantec's VERITAS Storage Foundation and High Availability Solutions for Windows, we highly recommend the following Symantec courses for a local redundancy solution:
•VERITAS Storage Foundation for Windows
•VERITAS Cluster Server for Windows
For a geographically redundant solution, the following additional courses are highly recommended:
•VERITAS Volume Replicator for Windows
•Disaster Recovery Using VVRand Global Cluster Option for Windows
For more information, please refer to the Symantec website.
Conventions
This document uses the conventions listed in the table below.
Table 2 Document Conventions
Item
|
Convention
|
Commands and keywords
|
boldface font
|
Variables for which you supply values
|
italic font
|
Displayed session and system information
|
|
Information you enter
|
|
Variables you enter
|
|
Menu items and button names
|
boldface font
|
Selecting a menu item
|
Option > Network Preferences
|
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.
Caution Means
reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Timesaver Means the described action saves time. You can save time by performing the action described in the paragraph.
Tip Means the following information will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information, similar to a Timesaver.
Related Documentation
Refer to the following Cisco publications for additional information. These documents are available at http://www.cisco.com/en/US/products/ps6498/index.html.
•Installation Guide for Cisco Security Manager 3.1
•User Guide for Cisco Security Manager 3.1
•Release Notes for Cisco Security Manager 3.1
Refer to the following Symantec publications for additional information concerning VERITAS Storage Foundation 4.3:
•VERITAS Storage Foundation and High Availability Solutions 4.3 Installation and Upgrade Guide
•Hardware Compatibility List (HCL) for VERITAS Storage Foundation (tm) and High Availability Solutions 4.3 for Windows
•Software Compatibility List (SCL) for Veritas Storage Foundation™ & High Availability Solutions 4.3 for Window
•VERITAS Storage Foundation (tm) 4.3 for Windows and High Availability - Release Notes - 07/07/2005
•VERITAS Storage Foundation (tm) 4.3 Maintenance Pack 1 for Windows and VERITAS Storage Foundation (tm) HA 4.3 Maintenance Pack 1 for Windows - Release Notes - 12/30/2005
•VERITAS Storage Foundation (tm) 4.3 and Storage Foundation HA 4.3 for Windows - Getting Started Guide
•VERITAS Storage Foundation (tm) 4.3 for Windows and High Availability Solutions - Solutions Guide
•VERITAS Storage Foundation (tm) 4.3 for Windows - Administrator's Guide
•VERITAS Storage Foundation (tm) 4.3 for Windows Volume Replicator - Administrator's Guide
•VERITAS Cluster Server 4.3 - Administrator's Guide
•VERITAS Storage Foundation (tm) HA 4.3 for Windows -- VERITAS Cluster Server (tm) Bundled Agents Reference Guide
•VERITAS Storage Foundation™ 4.3 Volume Replicator Advisor User's Guide
Refer to the following Symantec publications for additional information concerning VERITAS Storage Foundation 5.0:
•Veritas Storage Foundation™ and High Availability Solutions Installation and Upgrade Guide 5.0
•Hardware Compatibility List (HCL) for Veritas Storage Foundation™ & High Availability Solutions 5.0 for Windows
•Software Compatibility List (SCL) for Veritas Storage Foundation™ & High Availability Solutions 5.0 for Windows
•Veritas Storage Foundation™ and High Availability Solutions Release Notes 5.0
•Veritas Storage Foundation™ and High Availability Solutions Getting Started Guide 5.0
•Veritas Storage Foundation™ and High Availability Solutions, Solutions Guide 5.0
•Veritas Storage Foundation™ Administrator's Guide 5.0
•Veritas Storage Foundation™ Volume Replicator Administrator's Guide 5.0
•Veritas™ Cluster Server Administrator's Guide 5.0
•Veritas™ Cluster Server Bundled Agents Reference Guide 5.0
•Veritas Volume Replicator Advisor User's Guide 5.0
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
1 Since devices contact the AUS server directly using the AUS server IP address, it is necessary for the device to support defining up to two AUS servers for a disaster recovery configuration, where the AUS server at each site has a different IP address. Defining more than one AUS server IP address is supported only by the ASA 5500 Series beginning with release 7.2.1.
