Preparing to Add High Availability (HA) to a System
A High Availability (HA) system is a local, redundant system that is created, then added to a primary system. In the event of a virtual machine failure, the system falls back to the HA system.
If you are planning to add HA and update the system, we recommend that you add HA before updating the system, then update the combined (primary and HA) system; the HA system is updated automatically when the primary system is updated. If you update the primary system first, then to add HA, you must independently deploy and then update the HA system (so both the primary and HA systems are at the same version).
The HA system has the following constraints:
-
A system running HA cannot join a Multi-data Center (MDC). (To remove HA, see Removing High Availability from a System.)
-
The HA system size must be the same as the primary system size.
-
The HA system must be at the same release version as the primary system.
If you update the primary system, the HA system must be updated.
-
If the primary system currently has HA and you are deploying a new HA system, you cannot reuse the virtual machines in the original HA system. Remove the old HA virtual machines before deploying the new HA system with new virtual machines.
-
Because this process adds new virtual machines to your system, your current security certificate becomes invalid and requires an updated certificate unless you are using a self-signed certificate.
-
Your HA system must be configured with the same OVA and patch as your primary system. If the versions of your primary and high-availability systems do not match, you are instructed to upgrade to the higher version of the two.
Note
Use the same base version OVA as was used to deploy the current system. For example, assume that originally you deployed internal virtual machines by using 2.5.1.29 OVA and over time updated your system to 2.7.1.12 version. If you use 2.5.1.29 OVA file to deploy an IRP virtual machine and add Public Access, the process will fail with the message, "The primary system is a different version than the Internet Reverse Proxy virtual machines. Redeploy the Internet Reverse Proxy virtual machines by using the same OVA file used to deploy the primary system."
-
The HA system internal virtual machines must be on the same subnet as the primary system internal virtual machines.
-
If you have added public access on the primary system, add it to the HA system. Also, the HA system Internet Reverse Proxy virtual machine must be on the same subnet as the primary system Internet Reverse Proxy virtual machine.
-
Most of the features on your HA system are prohibited. For example you do not have access to the HA system to upgrade, configure SNMP, access storage or configure email servers. You can view system properties, but modification to the HA system is prohibited.
-
Load Balancing is not configurable; it is automatic and built into the system. Any Load Balancer configured as separate machine is not supported.
Before You Begin
The following conditions must be met before adding HA to a primary system:
-
Verify:
-
The target primary system is deployed and not part of an MDC.
-
There is a redundant network between virtual machines.
-
The network is a 10–gbps high-bandwidth network.
-
Network Time Protocol (NTP) configured on the primary and HA system, and that the clocks are synchronized.
-
-
Create a backup of the primary system. See Creating a Backup by Using VMware vCenter.
-
Verify that all virtual machines are functioning normally. Determine virtual machine status by viewing the System Monitor on the Dashboard.
-
We recommend that you take a snapshot on the high-availability virtual machines before you perform this procedure. Redo the procedure from the snapshot in the event of an error.
-
Record the fully qualified domain name (FQDN) of the high-availability virtual machine; you must know the FQDN to add high-availability to the primary system.