The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes reference configurations for installing Security Manager in an HA or DR environment. This chapter contains the following sections:
Note There are numerous configurations possible using different hardware setups. Consult the respective Microsoft and Veritas Hardware Compatibility Lists (HCLs).
Note Although we make every attempt to ensure the availability of third-party hardware and software platforms specified for Security Manager, we reserve the right to change or modify system requirements due to third-party vendor product availability or changes that are beyond our control.
To install Security Manager in a single-node HA environment, you can configure a fault-tolerant storage array or use internal disks.
The following are the server hardware specifications for a single-node site:
Figure 2-1 shows using two Ethernet connections from the server to the switch/router network for redundancy. If an Ethernet port or switch fails, communication to the server is maintained. If this level of network redundancy is not required, you can use a single connection to the switch/router network (that is, Eth 2 and its associated Ethernet switch are optional).
Figure 2-1 Ethernet Connections for a Single-Node Site
To install Security Manager in a dual-node HA environment, you need two servers that can access a shared storage array.
The following are the server hardware specifications for a dual-node site:
Figure 2-2 depicts the configuration of a dual-node site showing the Ethernet and external storage connections. Two Ethernet connections are used from the server to the switch/router network for redundancy. If an Ethernet port or switch fails, communications to the server is maintained. If this level of network redundancy is not required, you can use a single connection to the switch/router network (that is, Eth 4 and its associated Ethernet switch are optional). Two direct Ethernet connections are made between the servers for cluster heartbeat communications, although second heartbeat connection (Eth 3) is optional.
Figure 2-2 Ethernet and Storage Connections for a Dual-Node Site
The following software is required to install Security Manager in a local redundancy HA configuration:
Note Starting from version 4.13, Cisco Security Manager supports Microsoft Windows Server 2016
Note Veritas Infoscale 7.0 does not support Windows Sever 2016. However Veritas Infoscale 7.2 supports Windows Server 2016.
A Security Manager license is only required for the active server in a HA/DR configuration. Additional licenses for standby servers are not required.
Veritas Storage Foundation HA for Windows is licensed on a per-node basis. In the same local redundancy configuration example, each server needs to have its own license for running Veritas Storage Foundation HA for Windows.
The Veritas Dynamic Multipathing Option is required only if you plan to use external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.
The following software is required to install Security Manager in a geographic redundancy (DR) configuration:
Security Manager is licensed per active server in an HA/DR configuration. For example, in a geographic redundancy configuration with a single-node cluster at site A and a single-node cluster at Site B, you only need to purchase one copy of Security Manager, since Security Manager is only active on one server at any given time.
Veritas Storage Foundation HA for Windows is licensed on a per-node basis. In the same geographic redundancy configuration example with two servers (one per cluster), each server needs to have its own license for running Veritas Storage Foundation HA for Windows.
The Veritas Volume Replicator Option is licensed on a per-node basis.
The Veritas Dynamic Multipathing Option is required only if you plan to use external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.
The following software is required to install Security Manager in a geographic redundancy (DR) configuration without clustering:
Security Manager is licensed for each active server in a HA/DR configuration. For example, in a geographic redundancy configuration with replication running between a primary server and a secondary server, you need to purchase only one copy of Security Manager, because Security Manager is active on only one server at any given time.
Veritas Storage Foundation for Windows is licensed on a per-node basis. In the same geographic redundancy configuration example with two servers, each server must have its own license for running Veritas Storage Foundation for Windows.
Veritas Storage Foundation Basic for Windows versions 6.0.1 / 6.0.2 / 6.1 / Veritas InfoScale 7.0 work with up to four volumes and are available for free download.
The Veritas Volume Replicator Option is licensed on a per-node basis.
The Veritas Dynamic Multipathing Option is required only if you plan on using external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.
Use the preinstallation worksheet to plan your installation and to gather the information you will need during configuration. This section contains the following topics:
Before you install Security Manager in a local redundancy HA configuration, write down the information outlined in Table 2-1 to assist you in completing the installation.
|
|
|
---|---|---|
Shared Disk Group Name for Event Data1 |
||
Shared Volume Name for Event Data 1 |
||
Drive Letter for Security Manager Event Data 1 |
||
02 |
||
Cluster Service Virtual IP Address/Subnet mask3 |
||
|
|
|
Public Network Interface #24 and IP Address/Subnet Mask |
||
If you are installing Security Manager in a geographic redundancy (DR) configuration, write down the information outlined in Table 2-2 to assist you in completing the installation.
|
|
|
||
---|---|---|---|---|
Disk Group for Event Data5 |
||||
06 |
1 2 |
|||
|
|
|
|
|
Public Network Interface #2 and IP Address/Subnet Mask9 |
||||
Private Cluster Interconnect #110 |
||||
Private Cluster Interconnect #2 6 |