Table Of Contents
System Requirements
Hardware Requirements for a Single-Node Site
Server Configuration for Single-Node Site
Hardware Requirements for a Dual-Node Site
Server Configuration for Dual-Node Site
Software Requirements for a Local Redundancy Configuration
Software Requirements for a Geographic Redundancy Configuration
Software Requirements for Replication without Clustering
Preinstallation Worksheets
Local Redundancy Configuration Worksheet
Geographic Redundancy Configuration Worksheet
System Requirements
This chapter describes reference configurations for installing Security Manager in an HA or DR environment. This chapter contains the following sections:
•Hardware Requirements for a Single-Node Site
•Hardware Requirements for a Dual-Node Site
•Software Requirements for a Local Redundancy Configuration
•Software Requirements for a Geographic Redundancy Configuration
•Software Requirements for Replication without Clustering
Note There are numerous configurations possible using different hardware setups. Consult the respective Microsoft and Symantec/VERITAS Hardware Compatibility Lists (HCLs).
Note Although we make every attempt to ensure the availability of third-party hardware and software platforms specified for Security Manager, we reserve the right to change or modify system requirements due to third-party vendor product availability or changes that are beyond our control.
Hardware Requirements for a Single-Node Site
To install Security Manager in a single-node HA environment, you can configure a fault-tolerant storage array or use internal disks.
Server Configuration for Single-Node Site
The following are the server hardware specifications for a single-node site:
•Server which meets the basic processor and RAM requirements as described in Installation Guide for Cisco Security Manager 3.1.
•Minimum of one Ethernet interface (two recommended)
•Minimum of two physical drives (six recommended)
Figure 1-1 shows using two Ethernet connections from the server to the switch/router network for redundancy. If an Ethernet port or switch fails, communication to the server is maintained. If this level of network redundancy is not required, then you can use a single connection to the switch/router network (i.e., Eth 2 and its associated Ethernet switch are optional).
Figure 1-1 Ethernet Connections for a Single-Node Site
Hardware Requirements for a Dual-Node Site
To install Security Manager in a dual-node HA environment, you need two servers that can access a shared storage array.
Server Configuration for Dual-Node Site
The following are the server hardware specifications for a a dual-node site:
•Server that meets the basic processor and RAM requirements, as described in Installation Guide for Cisco Security Manager 3.1.
•Minimum of two Ethernet interfaces (Four recommended)
•Minimum of one internal physical drive (Two recommended)
•Minimum of one external drive (Two recommended; Four recommended if using replication)
Figure 1-2 depicts the configuration of a dual-node site, showing the Ethernet and external storage connections. Two Ethernet connections are used from the server to the switch/router network for redundancy. If an Ethernet port or switch fails, communications to the server is maintained. If this level of network redundancy is not required, then you can use a single connection to the switch/router network (i.e., Eth 4 and its associated Ethernet switch are optional). Two direct Ethernet connections are made between the servers for cluster heartbeat communications, although second heartbeat connection (Eth 3) is optional.
Figure 1-2 Ethernet and Storage Connections for a Dual-Node Site
Software Requirements for a Local Redundancy Configuration
The following software is required to install Security Manager in a local redundancy HA configuration:
•Cisco Security Manager 3.1
•Symantec VERITAS Storage Foundation HA for Windows 4.3 with Maintenance Pack 1 or Symantec VERITAS Storage Foundation HA for Windows 5.0
•Symantec Dynamic Multipathing Option
Security Manager is licensed for each active server in an HA/DR configuration. For example, in a local redundancy configuration with two servers in the cluster, you only need to purchase one copy of Security Manager, since Security Manager is active on only one server at any given time.
VERITAS Storage Foundation HA for Windows is licensed on a per-node basis. In the same local redundancy configuration example, each server needs to have its own license for running VERITAS Storage Foundation HA for Windows.
The VERITAS Dynamic Multipathing Option is required only if you plan to use external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.
Software Requirements for a Geographic Redundancy Configuration
The following software is required to install Security Manager in a geographic redundancy DR configuration:
•Cisco Security Manager 3.1
•Symantec VERITAS Storage Foundation HA for Windows 4.3 with Maintenance Pack 1 and Global Cluster Option or Symantec VERITAS Storage Foundation HA/DR for Windows 5.0
•Symantec VERITAS Volume Replicator Option
•Symantec VERITAS Dynamic Multipathing Option
Security Manager is licensed per active server in an HA/DR configuration. For example, in a geographic redundancy configuration with a single-node cluster at site A and a single-node cluster at Site B, you only need to purchase one copy of Security Manager, since Security Manager is only active on one server at any given time.
VERITAS Storage Foundation HA for Windows is licensed on a per-node basis. In the same geographic redundancy configuration example with two servers (one per cluster), each server needs to have its own license for running VERITAS Storage Foundation HA for Windows.
The VERITAS Volume Replicator Option is licensed on a per-node basis.
The VERITAS Global Cluster Option (4.3) is licensed on a per-site basis.
The VERITAS Dynamic Multipathing Option is only required only if you plan to use external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.
Software Requirements for Replication without Clustering
The following software is required to install Security Manager in a geographic redundancy DR configuration without clustering:
•Cisco Security Manager 3.1
•Symantec VERITAS Storage Foundation for Windows 4.3 with Maintenance Pack 1 or Symantec VERITAS Storage Foundation Basic for Windows 5.0
•Symantec VERITAS Volume Replicator Option
•Symantec VERITAS Dynamic Multipathing Option
Security Manager is licensed for each active server in an HA/DR configuration. For example, in a geographic redundancy configuration with replication running between a primary server and a secondary server, you need to purchase only one copy of Security Manager, because Security Manager is active on only one server at any given time.
VERITAS Storage Foundation for Windows 4.3 is licensed on a per-node basis. In the same geographic redundancy configuration example with two servers, each server must have its own license for running VERITAS Storage Foundation for Windows 4.3.
VERITAS Storage Foundation Basic for Windows 5.0 works with up to four volumes and is available for free download from Symantec.
The VERITAS Volume Replicator Option is licensed on a per-node basis.
The VERITAS Dynamic Multipathing Option is required only if you plan on using external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.
Preinstallation Worksheets
Local Redundancy Configuration Worksheet
Before you install Security Manager in a local redundancy HA configuration, write down the information outlined in Table 1-1. The information will assist you in completing the installation.
Table 1-1 Preinstallation Worksheet for a Local Redundancy Configuration
Information
|
Primary Site
|
Shared Disk Group Name
|
datadg
|
Shared Volume Name
|
cscopx
|
Drive Letter for Security Manager
|
|
Cluster Name:
|
CSManager_Primary
|
Cluster ID:
|
01
|
Security Manager Virtual IP Address/Subnet mask:
|
|
Cluster Service Virtual IP Address/Subnet mask:
|
|
|
Primary Server
|
Secondary Server
|
Hostname:
|
|
|
Public Network Interface #1 and IP Address/Subnet Mask:
|
|
|
Public Network Interface #22 and IP Address/Subnet Mask:
|
|
|
Private Cluster Interconnect #1:
|
|
|
Private Cluster Interconnect #2:
|
|
|
Geographic Redundancy Configuration Worksheet
If you are installing Security Manager in a geographic redundancy DR configuration, write down the information outlined in Table 1-2. The information will assist you in completing the installation.
Table 1-2 Preinstallation Worksheet for a Geographic Redundancy Configuration
Information
|
Primary Site
|
Secondary Site
|
Disk Group
|
datadg
|
datadg
|
Data Volume
|
cscopx
|
cscopx
|
Drive Letter for Security Manager
|
|
|
Storage Replicator Log Volume
|
data_srl
|
data_srl
|
Replicated Data Set
|
CSM_RDS
|
Replicated Volume Group
|
CSM_RVG
|
Cluster Name:
|
CSManager_Primary
|
CSManager_Secondary
|
Cluster ID:
|
01
|
11
|
Security Manager Virtual IP Address/Subnet Mask:
|
|
|
Replication Virtual IP Address/Subnet Mask
|
|
|
Cluster Service Virtual IP Address/Subnet Mask2 :
|
|
|
|
Primary Server
|
Secondary Server
|
Primary Server
|
Secondary Server
|
Hostname:
|
|
|
|
|
Public Network Interface #1 and IP Address/Subnet Mask:
|
|
|
|
|
Public Network Interface #2 and IP Address/Subnet Mask:3 :
|
|
|
|
|
Private Cluster Interconnect #14 :
|
|
|
|
|
Private Cluster Interconnect #23:
|
|
|
|
|