1. No category

High Availability Guide

Juniper Secure Analytics
High Availability Guide
Release
2014.4
Modified: 2015-02-25
Copyright © 2016, Juniper Networks, Inc.
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Copyright © 2016, Juniper Networks, Inc. All rights reserved.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
Juniper Secure Analytics High Availability Guide
Copyright © 2016, Juniper Networks, Inc.
All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.
ii
Copyright © 2016, Juniper Networks, Inc.
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Part 1
High Availability
Chapter 1
What's New for Installers in High Availability Deployments in JSA
2014.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Configuring a Crossover Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2
High Availability Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Understanding High Availability Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Data Consistency for High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Real-time Data Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Post-failover Data Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
High Availability Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Failovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Primary High Availability Host Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Secondary High Availability Host Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Non-failover Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
High Availability Failover Event Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Network Connectivity Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Heartbeat Ping Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Primary Disk Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Manual Failovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 3
High Availability Deployment Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Appliance Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Software and Virtual Appliance Requirements . . . . . . . . . . . . . . . . . . . . . . . . 15
IP Addressing and Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Link Bandwidth and Latency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Data Backup Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Offboard Storage Requirements for High Availability . . . . . . . . . . . . . . . . . . . . . . . 17
Copyright © 2016, Juniper Networks, Inc.
iii
Juniper Secure Analytics High Availability Guide
Chapter 4
High Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Status of High Availability Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Viewing High Availability Cluster IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Creating an High Availability Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Disconnecting an High Availability Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Editing an High Availability Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Setting an High Availability Host Offline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Setting an High Availability Host Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Switching a Primary High Availability Host to Active . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 5
Recovery Options for High Availability Appliances . . . . . . . . . . . . . . . . . . . . . 29
Notebook Hyperterminal Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Network Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Recovering a Secondary High Availability Console or Non-console . . . . . . . . . . . . 31
Recovering a Failed Primary High Availability Host . . . . . . . . . . . . . . . . . . . . . . . . . 32
Recovering a Failed Secondary High Availability Host to JSA 2014.3 . . . . . . . . . . . 33
Recovering a Failed Primary High Availability Flow Processor . . . . . . . . . . . . . . . . 34
Recovering JSA on a Secondary High Availability Console or Non-console
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Recovering JSA on a Failed Primary High Availability Console or Non-console . . . 36
Recovering a Secondary High Availability Host to a Previous Version or Factory
Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Chapter 6
Troubleshooting JSA High Availability Deployments . . . . . . . . . . . . . . . . . . . 39
Status Combinations and Possible Resolutions . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Identifying Active Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Restoring a Failed Secondary High Availability Host . . . . . . . . . . . . . . . . . . . . . . . . 41
Restoring a Failed Primary High Availability Host . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Verifying the Status of Primary and Secondary Hosts . . . . . . . . . . . . . . . . . . . . . . 42
Setting the Status of the Primary High Availability Host to Online . . . . . . . . . . . . 43
Part 2
Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
iv
Copyright © 2016, Juniper Networks, Inc.
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Part 1
High Availability
Chapter 3
High Availability Deployment Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Table 3: Requirements for Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Table 4: Minimum and Optional Memory Requirements for JSA Virtual
Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 4
High Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Table 5: High Availability Status Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Table 6: Type Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Table 7: Show Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 5
Recovery Options for High Availability Appliances . . . . . . . . . . . . . . . . . . . . . 29
Table 8: Hyperterminal Connection Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Table 9: JSA Network Setting Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Chapter 6
Troubleshooting JSA High Availability Deployments . . . . . . . . . . . . . . . . . . . 39
Table 10: System and License Management Window Host Statuses . . . . . . . . . . 39
Copyright © 2016, Juniper Networks, Inc.
v
Juniper Secure Analytics High Availability Guide
vi
Copyright © 2016, Juniper Networks, Inc.
About the Documentation
•
Documentation and Release Notes on page vii
•
Documentation Conventions on page vii
•
Documentation Feedback on page ix
•
Requesting Technical Support on page x
Documentation and Release Notes
®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Documentation Conventions
Table 1 on page viii defines notice icons used in this guide.
Copyright © 2016, Juniper Networks, Inc.
vii
Juniper Secure Analytics High Availability Guide
Table 1: Notice Icons
Icon
Meaning
Description
Informational note
Indicates important features or instructions.
Caution
Indicates a situation that might result in loss of data or hardware damage.
Warning
Alerts you to the risk of personal injury or death.
Laser warning
Alerts you to the risk of personal injury from a laser.
Tip
Indicates helpful information.
Best practice
Alerts you to a recommended use or implementation.
Table 2 on page viii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
Convention
Description
Examples
Bold text like this
Represents text that you type.
To enter configuration mode, type the
configure command:
user@host> configure
Fixed-width text like this
Italic text like this
Italic text like this
viii
Represents output that appears on the
terminal screen.
user@host> show chassis alarms
•
Introduces or emphasizes important
new terms.
•
•
Identifies guide names.
A policy term is a named structure
that defines match conditions and
actions.
•
Identifies RFC and Internet draft titles.
•
Junos OS CLI User Guide
•
RFC 1997, BGP Communities Attribute
Represents variables (options for which
you substitute a value) in commands or
configuration statements.
No alarms currently active
Configure the machine’s domain name:
[edit]
root@# set system domain-name
domain-name
Copyright © 2016, Juniper Networks, Inc.
About the Documentation
Table 2: Text and Syntax Conventions (continued)
Convention
Description
Examples
Text like this
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy levels;
or labels on routing platform
components.
•
To configure a stub area, include the
stub statement at the [edit protocols
ospf area area-id] hierarchy level.
•
The console port is labeled CONSOLE.
< > (angle brackets)
Encloses optional keywords or variables.
stub <default-metric metric>;
| (pipe symbol)
Indicates a choice between the mutually
exclusive keywords or variables on either
side of the symbol. The set of choices is
often enclosed in parentheses for clarity.
broadcast | multicast
# (pound sign)
Indicates a comment specified on the
same line as the configuration statement
to which it applies.
rsvp { # Required for dynamic MPLS only
[ ] (square brackets)
Encloses a variable for which you can
substitute one or more values.
community name members [
community-ids ]
Indention and braces ( { } )
Identifies a level in the configuration
hierarchy.
; (semicolon)
Identifies a leaf statement at a
configuration hierarchy level.
(string1 | string2 | string3)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
GUI Conventions
Bold text like this
Represents graphical user interface (GUI)
items you click or select.
> (bold right angle bracket)
Separates levels in a hierarchy of menu
selections.
•
In the Logical Interfaces box, select
All Interfaces.
•
To cancel the configuration, click
Cancel.
In the configuration editor hierarchy,
select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can provide feedback by using either of the following
methods:
•
Online feedback rating system—On any page of the Juniper Networks TechLibrary site
at http://www.juniper.net/techpubs/index.html, simply click the stars to rate the content,
and use the pop-up form to provide us with information about your experience.
Alternately, you can use the online feedback form at
http://www.juniper.net/techpubs/feedback/.
Copyright © 2016, Juniper Networks, Inc.
ix
Juniper Secure Analytics High Availability Guide
•
E-mail—Send your comments to [email protected]. Include the document
or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or Partner Support Service
support contract, or are covered under warranty, and need post-sales technical support,
you can access our tools and resources online or open a case with JTAC.
•
JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
•
Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
•
JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
•
Find CSC offerings: http://www.juniper.net/customers/support/
•
Find product documentation: http://www.juniper.net/techpubs/
•
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
•
Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
•
Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
•
Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
•
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
x
•
Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
•
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
Copyright © 2016, Juniper Networks, Inc.
About the Documentation
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
Copyright © 2016, Juniper Networks, Inc.
xi
Juniper Secure Analytics High Availability Guide
xii
Copyright © 2016, Juniper Networks, Inc.
PART 1
High Availability
•
What's New for Installers in High Availability Deployments in JSA 2014.4 on page 3
•
High Availability Overview on page 5
•
High Availability Deployment Planning on page 13
•
High Availability Management on page 19
•
Recovery Options for High Availability Appliances on page 29
•
Troubleshooting JSA High Availability Deployments on page 39
Copyright © 2016, Juniper Networks, Inc.
1
Juniper Secure Analytics High Availability Guide
2
Copyright © 2016, Juniper Networks, Inc.
CHAPTER 1
What's New for Installers in High
Availability Deployments in JSA 2014.4
Juniper Secure Analytics (JSA) 2014.4 high availability deployments include configuration
options for crossover cables and IPv6 support.
This chapter describes about the following sections:
•
Configuring a Crossover Cable on page 3
•
IPv6 on page 3
Configuring a Crossover Cable
In a high volume high availability deployment, the interfaces on both the primary and
secondary high availability hosts can become saturated. If performance is impacted, you
can use a second pair of interfaces on the primary and secondary high availability hosts
to manage high availability and data replication.
IPv6
You can configure IPv6 hosts for high availability.
Copyright © 2016, Juniper Networks, Inc.
3
Juniper Secure Analytics High Availability Guide
4
Copyright © 2016, Juniper Networks, Inc.
CHAPTER 2
High Availability Overview
This chapter describes about the following sections:
•
Understanding High Availability Overview on page 5
•
Data Consistency for High Availability on page 6
•
High Availability Clusters on page 7
•
Failovers on page 9
Understanding High Availability Overview
If your hardware or network fails, Juniper Secure Analytics (JSA) can continue to collect,
store, and process event and flow data by using high availability appliances.
To enable high availability, JSA connects a primary high availability host with a secondary
high availability host to create an high availability cluster.
If a primary high availability host fails, then the secondary high availability host maintains
access to the same data as the primary by using data synchronization or shared external
storage.
NOTE: You must purchase a separate HA license to set up high availability.
However, the license should not be allocated to the secondary console or
the secondary managed host.
For more information about using shared external storage with high availability, for
example iSCSI or NFS, see the Configuring Offboard Storage Guide.
Unless otherwise noted, all references to JSA refer to JSA and JSA Log Manager.
For more information, see “High Availability Clusters” on page 7”. A high availability
cluster consists of a primary high availability host, a secondary high availability host, and
cluster virtual IP address.
For more information, see “Data Consistency for High Availability” on page 6. When an
high availability failover occurs, JSA ensures the consistency of your data.
Copyright © 2016, Juniper Networks, Inc.
5
Juniper Secure Analytics High Availability Guide
Related
Documentation
•
Data Consistency for High Availability on page 6
•
High Availability Clusters on page 7
•
Failovers on page 9
Data Consistency for High Availability
When an high availability failover occurs, Juniper Secure Analytics (JSA) ensures the
consistency of your data.
The type of storage that you use determines how high availability data consistency is
maintained. If you configure high availability with external storage, data consistency is
maintained by using a component such as an iSCSI storage device. See “Offboard Storage
Requirements for High Availability” on page 17.
If you do not use external storage devices, then JSA high availability maintains data
consistency between a primary and secondary high availability host by using Distributed
Replicated Block Device (DRBD).
DRBD is not enabled by default for a JSA Flow Processor. To synchronize JSA Flow data,
you must configure an high availability cluster by using the console or managed host that
is collecting JSA Flow data.
Data synchronization occurs in the following situations in an high availability environment:
•
When you initially configure an high availability cluster.
•
When a primary high availability host is restored after a failover.
•
During normal high availability operation, data is synchronized in real time between
the primary and secondary host.
For more information, see “High Availability Overview” on page 5 . If your hardware or
network fails, JSA can continue to collect, store, and process event and flow data by
using high availability appliances.
For more information, see “Link Bandwidth and Latency” on page 16. To configure high
availability, you must consider the bandwidth and latency between the primary and
secondary high availability hosts.
For more information, see “Status of High Availability Hosts” on page 19. You can review
the status of the primary and secondary host in your high availability cluster.
Real-time Data Synchronization
When you configure an high availability cluster, the /store file system on the primary high
availability host is automatically synchronized with the /store partition on the secondary
high availability host by using DRBD.
If the primary high availability host fails over, the /store file system on the secondary high
availability host is automatically mounted to its local disk, where it continues to read
from and write to the data received by the primary high availability host before the failover.
6
Copyright © 2016, Juniper Networks, Inc.
Chapter 2: High Availability Overview
After synchronization is complete, the secondary high availability host assumes a status
of standby.
Depending on the size of the primary /store partition and performance, disk
synchronization can take an extended time period. Ensure that the connection between
the primary and secondary high availability host has a minimum bandwidth of 1 GBps.
For more information, see “Status of High Availability Hosts” on page 19. You can review
the status of the primary and secondary host in your high availability cluster.
Post-failover Data Synchronization
Data that is collected by a primary high availability host, up to the point of failover, is
maintained virtually, in real time, by the secondary high availability host. The high
availability host uses Distributed Replicated Block Device (DRBD).
When restored from a failover, the status of the primary high availability host becomes
offline. You must set the primary high availability host to an online state before it can
become the active host. Disk replication with the secondary high availability host is
enabled while the primary high availability host remains offline.
When the primary high availability host is restored, only the data that is collected by the
secondary high availability host in the intervening period is synchronized with the primary
high availability host. Therefore, post-failover disk synchronization is faster than initial
disk synchronization, unless the disk on the primary high availability host was replaced
or reformatted when the host was manually repaired.
For more information, see “Setting an High Availability Host Online” on page 26 . You can
set the primary or secondary high availability host to Online.
Related
Documentation
•
Understanding High Availability Overview on page 5
•
High Availability Clusters on page 7
•
Failovers on page 9
High Availability Clusters
A high availability cluster consists of a primary high availability host, a secondary high
availability host, and cluster virtual IP address.
NOTE: You must purchase a separate HA license to set up high availability.
However, the license should not be allocated to the secondary console or
the secondary managed host.
Primary High Availability Host
The primary high availability host is any console or managed host in your Juniper Secure
Analytics (JSA) deployment that requires protection from data loss in the event of a
failure.
Copyright © 2016, Juniper Networks, Inc.
7
Juniper Secure Analytics High Availability Guide
When you create an high availability cluster, the IP address of the primary high availability
host is automatically reassigned to a cluster virtual IP address. Therefore, you must assign
an unused IP address to the primary high availability host.
The primary high availability host can act as a standby system for the secondary high
availability host. For example, if the primary high availability host is repaired after a
failover, the status changes to standby.
Secondary High Availability Host
The secondary high availability host is the standby system for the primary high availability
host.
If the primary high availability host fails, the secondary high availability host automatically
takes over all the responsibilities of the primary high availability host.
Virtual IP Address
When you create an high availability cluster, the cluster virtual IP address takes the IP
address of the primary high availability host.
Configuring the Cluster
Use the high availability wizard to configure the primary host, secondary host, and cluster
virtual IP address.
The following items are validated when you configure by using the high availability wizard:
•
the secondary high availability host is not part of another high availability cluster
•
the software versions on the primary and secondary high availability hosts are the
same
•
if the primary high availability host is configured with an external storage device, the
secondary high availability host is configured to access the same external storage
device.
•
the primary and secondary high availability hosts support the same Device Support
Module (DSM), scanner, and protocol RPMs.
For more information, see “High Availability Overview” on page 5 . If your hardware or
network fails, JSA can continue to collect, store, and process event and flow data by
using high availability appliances.
For more information, see “Primary High Availability Host Failure” on page 9 . If the
secondary high availability host detects a primary failure, it automatically takes over the
responsibilities of the primary high availability host and becomes the active system.
For more information, see “Status of High Availability Hosts” on page 19. You can review
the status of the primary and secondary host in your high availability cluster.
For more information, see “IP Addressing and Subnets” on page 16. To configure high
availability, you must consider the subnet that is used by the secondary high availability
host and the virtual IP address.
8
Copyright © 2016, Juniper Networks, Inc.
Chapter 2: High Availability Overview
For more information, see “Creating an High Availability Cluster” on page 22. Pairing a
primary host, secondary high availability host, and a virtual IP address using JSA creates
an high availability cluster.
Related
Documentation
•
Understanding High Availability Overview on page 5
•
Data Consistency for High Availability on page 6
•
Failovers on page 9
Failovers
When a primary or secondary high availability host fails, Juniper Secure Analytics (JSA)
maintains data consistency.
The following scenarios cause failover:
•
A power supply failure.
•
A network failure that is detected by network connectivity tests.
•
An operating system malfunction that delays or stops the heartbeat ping tests.
•
A complete Redundant Array of Independent Disks (RAID) failure on the primary high
availability host.
•
A manual failover.
•
A management interface failure on the primary high availability host.
Primary High Availability Host Failure
If the secondary high availability host detects a primary failure, it automatically takes
over the responsibilities of the primary high availability host and becomes the active
system.
When a primary high availability host is recovered from a failover, it does not automatically
take over the active status in the high availability cluster. Instead, the secondary high
availability host remains the active system and the primary host acts as the standby
system.
You must switch the primary back to the active status after successfully recovering from
a primary failure.
For more information, see “High Availability Clusters” on page 7. A high availability cluster
consists of a primary high availability host, a secondary high availability host, and cluster
virtual IP address.
For more information, see “Switching a Primary High Availability Host to Active” on
page 27. You can set the primary high availability host to be the active system.
Copyright © 2016, Juniper Networks, Inc.
9
Juniper Secure Analytics High Availability Guide
Secondary High Availability Host Failure
If the primary high availability host detects a secondary failure, it automatically assumes
the responsibilities of the secondary high availability host and becomes the active system.
If the primary high availability host detects a secondary failure, it automatically assumes
the responsibilities of the secondary high availability host and becomes the active system.
Non-failover Scenarios
High availability failover does not occur when JSA detects software errors or disk capacity
issues.
The following issues do not cause an automatic high availability failover:
•
If a JSA process develops an error, stops functioning, or exits with an error.
•
If a disk on your primary high availability host reaches 95% capacity, JSA data collection
stops, but the primary high availability host continues to function.
High Availability Failover Event Sequence
JSA initiates a sequence of events when a primary high availability host fails.
During failover, the secondary high availability host assumes the responsibilities of the
primary high availability host. The following actions in sequence are completed in
sequence:
1.
If configured, external shared storage devices are detected and the file systems are
mounted. For more information, see Configuring Offboard Storage Guide.
2. A management interface network alias is created, for example, the network alias for
eth0 is eth0:0.
3. The cluster virtual IP address is assigned to the network alias.
4. All JSA services are started.
5. The secondary high availability host connects to the console and downloads
configuration files.
Network Connectivity Tests
To test network connectivity, the primary high availability host automatically pings all
existing managed hosts in your JSA deployment.
If the primary high availability host loses network connectivity to a managed host, but
the connection to the secondary high availability host remains intact. The secondary high
availability host completes another network connectivity test with the managed hosts.
If the test succeeds, the primary high availability host completes a controlled failover to
the secondary high availability host. If the test fails, high availability failover is not
completed because the secondary high availability host might also be experiencing
network connectivity problems.
10
Copyright © 2016, Juniper Networks, Inc.
Chapter 2: High Availability Overview
For more information, see “Creating an High Availability Cluster” on page 22. Pairing a
primary host, secondary high availability host, and a virtual IP address using JSA creates
an high availability cluster.
Heartbeat Ping Tests
You can test the operation of the primary high availability host by configuring the time
interval of heartbeat ping tests.
If the secondary high availability host does not receive a response from the primary high
availability host within a preconfigured time period, automatic failover to the secondary
high availability host is completed.
For more information, see “Creating an High Availability Cluster” on page 22. Pairing a
primary host, secondary high availability host, and a virtual IP address using JSA creates
an high availability cluster.
Primary Disk Failure
If RAID completely fails and all disks are unavailable, the primary high availability host
completes a shutdown and fails over to the secondary high availability host.
After a failover, the primary high availability host assumes a status of Failed.
For more information, see “Status of High Availability Hosts” on page 19. You can review
the status of the primary and secondary host in your high availability cluster.
Manual Failovers
You can manually force a failover from a primary high availability host to a secondary
high availability host.
Manually forcing a failover is useful for planned hardware maintenance on a console or
managed host. Ensure the following before you conduct a manual failover:
•
The primary and secondary high availability hosts are synchronized.
•
The secondary high availability host has a status of standby.
Hardware maintenance on a primary and secondary high availability host is conducted
while the secondary high availability host is in standby. Set the secondary high availability
host offline and power off the primary high availability host. If the primary and secondary
high availability hosts are synchronizing, power off the primary.
For more information on manual failovers, see “Manual Failovers” on page 11.
Do not manually force a failover on a primary high availability host when you install
patches or install software upgrades. For more information, see the Upgrading Juniper
Secure Analytics to 2014.4 guide.
For more information, see “Setting an High Availability Host Offline” on page 25. You can
set the primary or secondary high availability host to Offline from the Active or Standby
state.
Copyright © 2016, Juniper Networks, Inc.
11
Juniper Secure Analytics High Availability Guide
Related
Documentation
12
•
Understanding High Availability Overview on page 5
•
Data Consistency for High Availability on page 6
•
High Availability Clusters on page 7
Copyright © 2016, Juniper Networks, Inc.
CHAPTER 3
High Availability Deployment Planning
Plan your high availability deployment.
Before you implement high availability, review all the requirements to understand and
prepare your Juniper Secure Analytics (JSA) deployment.
This chapter describes about the following sections:
•
Appliance Requirements on page 13
•
IP Addressing and Subnets on page 16
•
Link Bandwidth and Latency on page 16
•
Data Backup Requirements on page 17
•
Offboard Storage Requirements for High Availability on page 17
Appliance Requirements
Before you add a secondary host to your Juniper Secure Analytics (JSA) console, you
must review the hardware configuration differences between your primary and secondary
appliances.
Appliances that you order as primary and secondary high availability pairs are matched
to ensure compatibility. However, replacing an appliance or adding high availability to
an older console with a different hardware configuration can lead to data replication
issues. Data replication issues can occur when you replace end-of-life hardware or create
primary and secondary high availability pairs that have appliances from different
manufacturers.
/Store Partition Requirements
•
The file system of the /store partition must match between your primary and secondary
host.
Example: If the /store partition on the primary uses ext-3 as the file system, then your
secondary must also use ext-3 for /store. A mismatch of the file system for the /store
partition is not allowed.
•
The size of the /store partition on the secondary must be equal to or larger than the
/store partition of the primary.
Copyright © 2016, Juniper Networks, Inc.
13
Juniper Secure Analytics High Availability Guide
For example, do not pair a primary host that uses a 3 TB /store partition to a secondary
host that has a 2 TB /store partition.
Storage Requirements
Follow these storage requirements when you replace an appliance:
•
Ensure that the replacement appliance includes storage capacity that is equal to or
greater than the original hardware you replace.
•
Secondary replacement appliances can have larger storage capacity than the primary
appliance. If so, partitions on the secondary are resized to match the storage capacity
of the primary appliance when you configure the high availability pair.
•
Primary replacement appliances can have larger storage capacity than the secondary
appliance. If so, partitions on the primary are resized to match the storage capacity of
the secondary appliance when you configure the high availability pair.
•
If you replace both primary and secondary appliances, then the system resizes the
storage partition that is based on the appliance with the smallest capacity.
Managed Interfaces
•
The primary host does not contain more physical interfaces than the secondary.
If there is a failover, the network configuration of the primary is replicated to the
secondary host. If the primary is configured with more interfaces, any additional
interfaces cannot be replicated to the secondary during a failover.
•
The secondary host must use the same management interface as the primary high
availability host.
If the primary high availability host uses eth0, for example, as the management
interface, the secondary high availability host must also use eth0.
•
The management interface supports one cluster virtual IP address.
•
TCP port 7789 must be open and allow communication between the primary and
secondary for Distributed Replicated Block Device (DRBD) traffic.
DRBD traffic is responsible for disk replication and is bidirectional between the primary
and secondary host.
•
You must ensure the JSA software version is identical between the primary and
secondary host before you pair a primary to a secondary appliance for the first time.
If the JSA version between your primary and secondary differ, you must patch either
the primary or secondary appliance to ensure both appliances use the same software
version.
After the primary and secondary appliances are paired together, disk replication ensures
that any additional software updates are also applied to the secondary.
•
14
Ensure that the secondary host has a valid high availability activation key.
Copyright © 2016, Juniper Networks, Inc.
Chapter 3: High Availability Deployment Planning
Software and Virtual Appliance Requirements
System Requirements for Virtual Appliances
To ensure that JSA works correctly, ensure that virtual appliance that you use meets the
minimum software and hardware requirements.
Before you install your virtual appliance, ensure that the requirements decribed in
Table 3 on page 15.
Table 3: Requirements for Virtual Appliances
Requirement
Description
VMware client
VMware ESXi Version 5.0
VMware ESXi Version 5.1
For more information about VMWare clients, see the VMware
website (www.vmware.com).
Virtual disk size on JSA Flow Processor, Event Collector,
Event Processor, Flow Processor, All-in-One, and Log
Manager appliances
Minimum: 256 GB
Virtual disk size for JSA Flow Processor appliances
Minimum: 70 GB
NOTE: For optimal performance, ensure that an extra 2-3 times of
the minimum disk space is available.
Table 4 on page 15 describes the minimum memory requirements for virtual appliances.
Table 4: Minimum and Optional Memory Requirements for JSA Virtual Appliances
Appliance
Minimum memory
requirement
Suggested memory
requirement
JSA Flow Processor 1299
6 GB
6 GB
JSA Event Collector Virtual 1599
12 GB
16 GB
JSA Event Processor Virtual 1699
12 GB
48 GB
JSA Flow Processor Virtual 1799
12 GB
48 GB
JSA All-in-One Virtual 3199
24 GB
48 GB
JSA Log Manager Virtual 8090
24 GB
48 GB
Related
Documentation
•
IP Addressing and Subnets on page 16
•
Link Bandwidth and Latency on page 16
•
Data Backup Requirements on page 17
Copyright © 2016, Juniper Networks, Inc.
15
Juniper Secure Analytics High Availability Guide
IP Addressing and Subnets
To configure high availability you must consider the subnet that is used by the secondary
high availability host and the virtual IP address.
Administrators must ensure that the following conditions are met:
•
The secondary host is in the same subnet as the primary host.
•
When the IP address of the primary host is reassigned as a cluster virtual IP, the new
IP address that you assign must be in the same subnet.
•
The secondary high availability host that you want to add to the high availability cluster
is not a component in another high availability cluster.
For more information, see “High Availability Clusters” on page 7. A high availability cluster
consists of a primary high availability host, a secondary high availability host, and cluster
virtual IP address.
Related
Documentation
•
Offboard Storage Requirements for High Availability on page 17
•
Link Bandwidth and Latency on page 16
•
Data Backup Requirements on page 17
Link Bandwidth and Latency
To configure high availability, you must consider the bandwidth and latency between
the primary and secondary high availability hosts.
If your high availability cluster is using disk synchronization, the following conditions must
be met:
•
The connection between the primary and secondary high availability host has a
minimum bandwidth of 1 gigabits per second (GBps).
•
The latency between the primary and secondary high availability host is less than 2
milliseconds (MS).
NOTE: If your high availability solution uses a wide area network (WAN) to
geographically distribute the hosts in your cluster, latency increases with
distance. If latency rises above 2 MS, then system performance is affected.
For more information, see “Data Consistency for High Availability” on page 6. When an
high availability failover occurs, Juniper Secure Analytics (JSA) ensures the consistency
of your data.
Related
Documentation
16
•
Offboard Storage Requirements for High Availability on page 17
•
IP Addressing and Subnets on page 16
Copyright © 2016, Juniper Networks, Inc.
Chapter 3: High Availability Deployment Planning
•
Data Backup Requirements on page 17
Data Backup Requirements
There are items to consider for data backup before you configure hosts for high availability.
If a backup archive originates on an high availability cluster, click Deploy Full Configuration
to restore the high availability cluster configuration after the restore is complete. If disk
replication is enabled, the secondary high availability host immediately synchronizes
data after the system is restored.
If the secondary high availability host is removed from the deployment after a backup is
completed, the secondary high availability host displays a Failed status on the System
and License Management window.
For more information about restoring backup archives in an high availability environment,
see the Juniper Secure Analytics Administration Guide.
Related
Documentation
•
Offboard Storage Requirements for High Availability on page 17
•
IP Addressing and Subnets on page 16
•
Link Bandwidth and Latency on page 16
Offboard Storage Requirements for High Availability
You can implement high availability when the Juniper Secure Analytics (JSA) /store
partition is mounted to an external storage solution, such as an iSCSI.
If you implement an external storage solution, the data that is received by the primary
high availability host is automatically moved to the external device. It remains accessible
for searching and reporting.
If a failover occurs, the /store partition on the secondary high availability host is
automatically mounted to the external device. On the external device, it continues to
read and write to the data received by the primary high availability host before the failover.
For more information about configuring shared external storage with high availability,
see the Configuring Offboard Storage Guide.
Administrators must review the following high availability requirements before you
implement an offboard storage device:
•
The primary high availability host must be configured to communicate with the external
device. The data in the /store partition of the local disk must be moved to the external
storage device.
•
The secondary high availability host must be configured to communicate with the
external device. In doing so, when a primary high availability host fails over, the
secondary high availability host can detect the external storage device.
Copyright © 2016, Juniper Networks, Inc.
17
Juniper Secure Analytics High Availability Guide
•
You must create an high availability cluster only after the secondary high availability
host is configured to access the same external storage device.
•
If you must reconfigure your external storage device or high availability cluster settings,
you must remove the high availability cluster between the primary and secondary high
availability host. For more information, see “Disconnecting an High Availability Cluster”
on page 24.
•
Ensure that there is at least a 1 GBps connection between each high availability host
and your external device.
NOTE: During an upgrade to JSA, you must reconfigure the external storage
device connections to the hosts in your high availability cluster. For more
information, see the Reconfiguring offboard storage during an JSA upgrade
technical note.
Related
Documentation
18
•
Offboard Storage Requirements for High Availability on page 17
•
IP Addressing and Subnets on page 16
•
Data Backup Requirements on page 17
Copyright © 2016, Juniper Networks, Inc.
CHAPTER 4
High Availability Management
If you are required to tune, troubleshoot, or update your high availability settings, use the
System and License Management window on the Juniper Secure Analytics (JSA) Admin
tab.
Administrators can use the System and License management window to complete the
following high availability tasks:
•
Monitor the state of an high availability cluster.
•
Force the manual failover of a primary high availability host to complete maintenance
on the primary host.
•
Disconnect an high availability cluster to alter the partitions of the primary and
secondary high availability hosts.
•
Configure the ping test time period after which automatic failover to a secondary high
availability host occurs.
•
Modify the high availability cluster settings that are used to control network connectivity
testing.
This chapter describes about the following sections:
•
Status of High Availability Hosts on page 19
•
Viewing High Availability Cluster IP Addresses on page 21
•
Creating an High Availability Cluster on page 22
•
Disconnecting an High Availability Cluster on page 24
•
Editing an High Availability Cluster on page 25
•
Setting an High Availability Host Offline on page 25
•
Setting an High Availability Host Online on page 26
•
Switching a Primary High Availability Host to Active on page 27
Status of High Availability Hosts
You can review the status of the primary and secondary host in your high availability
cluster.
Copyright © 2016, Juniper Networks, Inc.
19
Juniper Secure Analytics High Availability Guide
Table 5 on page 20 describes the status of each host that is displayed in the System and
License Management window.
Table 5: High Availability Status Descriptions
Status
Description
Active
Specifies that the host is the active system and that all services are running normally. The primary or
secondary high availability host can display the active status.
NOTE: If the secondary high availability host displays the active status, the primary high availability host
failed.
Standby
Specifies that the host is acting as the standby system. In the standby state, no services are running but
data is synchronized if disk replication is enabled. If the primary or secondary high availability host fails,
the standby system automatically becomes the active system.
Failed
Specifies that the primary or secondary host failed.
If the primary high availability host displays Failed, the secondary high availability host assumes the
responsibilities of the primary high availability host and displays the Active status.
If the secondary high availability host displays Failed, the primary high availability host remains active,
but is not protected by high availability.
A system in a failed state must be manually repaired or replaced, and then restored. If the network fails,
you might need access to the physical appliance.
Synchronizing
Specifies that data is synchronizing between hosts.
NOTE: This status is displayed only when disk replication is enabled.
Online
Specifies that the host is online.
Offline
Specifies that an administrator manually set the high availability host offline. Offline mode indicates a
state that is typically used to complete appliance maintenance.
When an appliance indicates a status of offline:
Data replication is functioning between the active and offline high availability hosts.
Services that process events, flows, offenses, and heartbeat ping tests are stopped for the offline high
availability host.
Failover cannot occur until the administrator sets the high availability host online.
Restoring
Specifies that the host is restoring. For more information, see “Verifying the Status of Primary and Secondary
Hosts” on page 42.
Needs License
Specifies that a license key is required for the high availability cluster. In this state, no processes are
running.
For more information about applying a license key, see your Administration Guide.
Setting Offline
Specifies that an administrator is changing the status of an high availability host to offline.
Setting Online
Specifies that an administrator is changing the status of an high availability host to online
20
Copyright © 2016, Juniper Networks, Inc.
Chapter 4: High Availability Management
Table 5: High Availability Status Descriptions (continued)
Status
Description
Needs Upgrade
Specifies that the secondary high availability host requires a software upgrade.
When the Needs Upgrade status is displayed, the primary remains active, but is not protected against
failover. Disk replication of events and flows continues between the primary and the secondary high
availability hosts.
Upgrading
Specifies that the secondary high availability host is being upgraded by the primary high availability host.
If the secondary high availability host displays the Upgrading status, the primary high availability host
remains active, but is not protected by high availability. Heartbeat monitoring and disk replication, if
enabled, continue to function.
After DSMs or protocols are installed and deployed on a console, the console replicates the DSM and
protocol updates to its managed hosts. When primary and secondary high availability hosts are
synchronized, the DSM and protocols updates are installed on the secondary high availability host.
Only a secondary high availability host can display an Upgrading status.
For more information, see “Real-time Data Synchronization” on page 6. When you
configure an high availability cluster, the /store file system on the primary high availability
host is automatically synchronized with the /store partition on the secondary high
availability host by using DRBD.
For more information, see “High Availability Clusters” on page 7. A high availability cluster
consists of a primary high availability host, a secondary high availability host, and cluster
virtual IP address.
For more information, see “Primary Disk Failure” on page 11. If RAID completely fails and
all disks are unavailable, the primary high availability host completes a shutdown and
fails over to the secondary high availability host.
For more information, see “Data Consistency for High Availability” on page 6. When an
high availability failover occurs, JSA ensures the consistency of your data.
For more information, see “Verifying the Status of Primary and Secondary Hosts” on
page 42. You must verify that the primary and secondary high availability hosts are
operational.
Related
Documentation
•
Creating an High Availability Cluster on page 22
•
Disconnecting an High Availability Cluster on page 24
•
Editing an High Availability Cluster on page 25
Viewing High Availability Cluster IP Addresses
You can display the IP addresses of all the components in your high availability cluster.
Copyright © 2016, Juniper Networks, Inc.
21
Juniper Secure Analytics High Availability Guide
To view the high availability cluster IP addresses:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click the System and License Management icon.
4. Identify the JSA primary console.
5. Hover your mouse over the host name field.
Related
Documentation
•
Setting an High Availability Host Offline on page 25
•
Creating an High Availability Cluster on page 22
•
Switching a Primary High Availability Host to Active on page 27
Creating an High Availability Cluster
Pairing a primary host, secondary high availability host, and a virtual IP address using
Juniper Secure Analytics (JSA) creates an high availability cluster.
If a primary high availability host has external storage configured, you must also configure
the secondary high availability host to use the same external storage options. For more
information, see the Configuring Offboard Storage Guide.
About this task
If disk synchronization is enabled, it might take 24 hours or more for the data in the /store
partition on the primary high availability host /store partition to initially synchronize with
the secondary high availability host.
If the primary high availability host fails and the secondary high availability host becomes
active, the Cluster Virtual IP address is assigned to the secondary high availability host.
In an high availability deployment, the interfaces on both the primary and secondary high
availability hosts can become saturated. If performance is impacted, you can use a second
pair of interfaces on the primary and secondary high availability hosts to manage high
availability and data replication. Use a crossover cable to connect the interfaces.
To create an high availability cluster:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click the System and License Management icon.
4. Select the host for which you want to configure high availability.
5. From the Actions menu, select Add High Availability Host and click OK.
6. Read the introductory text. click Next.
Table 6 on page 23 describes the Type Values for the parameters.
22
Copyright © 2016, Juniper Networks, Inc.
Chapter 4: High Availability Management
Table 6: Type Values
Option
Description
Primary Host IP address
A new primary high availability host IP address. The new IP address replaces the previous
IP address. The current IP address of the primary high availability host becomes the
Cluster Virtual IP address.
The new primary high availability host IP address must be on the same subnet as the
virtual host IP address.
For IPv6, if you selected Yes to auto-configure JSA for IPv6 during the installation, enter
the IP address that you recorded.
Secondary high availability host IP
address
The IP address of the secondary high availability host. The secondary high availability
host must be on the same subnet as the primary high availability host.
Enter the root password of the host
The root password for the secondary high availability host. The password must not
include special characters.
Confirm the root password of the
host
The root password for the secondary high availability host again for confirmation.
7. To configure advanced parameters, click the arrow beside Show Advanced Options.
Table 7 on page 23 provides the type values for the parameters.
Table 7: Show Advanced Options
Option
Description
Heartbeat Interval (seconds)
The time, in seconds, that you want to elapse between heartbeat pings. The default
is 10 seconds.
For more information about heartbeat pings, see “Heartbeat Ping Tests” on page 11.
Heartbeat Timeout (seconds)
The time, in seconds, that you want to elapse before the primary high availability
host is considered unavailable if no heartbeat is detected. The default is 30 seconds.
Network Connectivity Test List peer IP
addresses (comma delimited)
The IP addresses of the hosts that you want the secondary high availability host to
ping. The default is to ping all other managed hosts in the JSA deployment.
For more information about network connectivity testing, see “Network Connectivity
Tests” on page 10.
Disk Synchronization Rate (MB/s)
The disk synchronization rate. The default is 100 MB/s.
Disable Disk Replication
This option is displayed only when you are configuring an high availability cluster by
using a managed host.
Configure Crossover Cable
Crossover cables allow JSA to isolate the replication traffic from all other JSA traffic,
such as events, flows, and queries.
Crossover Interface
Select the interfaces that you want to connect to the primary high availability host.
Only interfaces with an active link appear in the list.
Copyright © 2016, Juniper Networks, Inc.
23
Juniper Secure Analytics High Availability Guide
Table 7: Show Advanced Options (continued)
Option
Description
Crossover Advanced Options
Select Show Crossover Advanced Options to enter, edit, or view the property values.
8. Click Next, and then click Finish.
NOTE: When an high availability cluster is configured, you can display the
IP addresses that are used in the high availability cluster. Hover your mouse
over the Host Name field on the System and License Management window.
For more information, see “High Availability Clusters” on page 7. A high availability cluster
consists of a primary high availability host, a secondary high availability host, and cluster
virtual IP address.
For more information, see “Network Connectivity Tests” on page 10. To test network
connectivity, the primary high availability host automatically pings all existing managed
hosts in your JSA deployment.
For more information, see “Heartbeat Ping Tests” on page 11. You can test the operation
of the primary high availability host by configuring the time interval of heartbeat ping
tests.
For more information, see “Recovering a Secondary High Availability Console or
Non-console” on page 31. You can install or recover a secondary high availability JSA or
non-console (managed host) appliance.
For more information, see “Recovering JSA on a Failed Primary High Availability Console
or Non-console” on page 36. You can recover JSA console or non-console (managed
host) software on your failed primary high availability host.
Related
Documentation
•
Viewing High Availability Cluster IP Addresses on page 21
•
Setting an High Availability Host Online on page 26
•
Switching a Primary High Availability Host to Active on page 27
Disconnecting an High Availability Cluster
By disconnecting an high availability cluster, the data on your primary high availability
console or managed host is not protected against network or hardware failure.
To disconnect an high availability cluster:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click the System and License Management icon.
24
Copyright © 2016, Juniper Networks, Inc.
Chapter 4: High Availability Management
4. Select the high availability host that you want to remove.
5. From the toolbar, select High Availability > Remove High Availability Host.
6. Click OK.
NOTE: When you remove an high availability host from a cluster, the host
restarts.
Related
Documentation
•
Viewing High Availability Cluster IP Addresses on page 21
•
Creating an High Availability Cluster on page 22
•
Switching a Primary High Availability Host to Active on page 27
Editing an High Availability Cluster
You can edit the advanced options for your high availability cluster.
To edit high availability cluster:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click the System and License Management icon.
4. Select the row for the high availability cluster that you want to edit.
5. From the toolbar, select High Availability > Edit High Availability Host.
6. Edit the parameters in Table 7 on page 23 in the advanced options section.
7. Click Next.
8. Review the information.
9. Click Finish.
Related
Documentation
•
Viewing High Availability Cluster IP Addresses on page 21
•
Setting an High Availability Host Offline on page 25
•
Switching a Primary High Availability Host to Active on page 27
Setting an High Availability Host Offline
You can set the primary or secondary high availability host to Offline from the Active or
Standby state.
Copyright © 2016, Juniper Networks, Inc.
25
Juniper Secure Analytics High Availability Guide
To set an high availability host offline:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click the System and License Management icon.
4. Select the high availability host that you want to set to offline.
5. From the toolbar, select High Availability > Set System Offline.
For more information, see “Manual Failovers” on page 11. You can manually force a
failover from a primary high availability host to a secondary HA host.
Related
Documentation
•
Viewing High Availability Cluster IP Addresses on page 21
•
Creating an High Availability Cluster on page 22
•
Disconnecting an High Availability Cluster on page 24
•
Switching a Primary High Availability Host to Active on page 27
Setting an High Availability Host Online
You can set the primary or secondary high availability host to Online.
To set and high availability host online:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click the System and License Management icon.
4. Select the offline high availability host that you want to set to Online.
5. From the toolbar, select High Availability > Set System Online.
What to do next
On the System and License Management window, verify the status of the high availability
host. Choose from one of the following options:
•
If the primary high availability host displays a status of Active, high availability host is
restored.
•
If you experience a problem, restore the primary or secondary high availability host.
For more information, see “Restoring a Failed Secondary High Availability Host” on
page 41 or “Recovering a Failed Primary High Availability Host” on page 32.
For more information, see “Post-failover Data Synchronization” on page 7. Data that is
collected by a primary high availability host, up to the point of failover, is maintained
virtually, in real time, by the secondary high availability host. The high availability host
uses Distributed Replicated Block Device (DRBD).
26
Copyright © 2016, Juniper Networks, Inc.
Chapter 4: High Availability Management
Related
Documentation
•
Viewing High Availability Cluster IP Addresses on page 21
•
Creating an High Availability Cluster on page 22
•
Disconnecting an High Availability Cluster on page 24
Switching a Primary High Availability Host to Active
You can set the primary high availability host to be the active system.
The primary high availability host must be the standby system and the secondary high
availability host must be the active system.
About this task
If your primary host is recovered from a failure, it is automatically assigned as the standby
system in your high availability cluster. You must manually switch the primary high
availability host to be the active system and the secondary high availability host to be
the standby system.
To switch a primary high availability host to active:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click the System and License Management icon.
4. In the System and License Management window, select the primary high availability
host.
5. From the toolbar, select High Availability > Set System Offline.
NOTE: Your Juniper Secure Analytics (JSA) user interface might be
inaccessible during this time.
6. In the System and License Management window, select the secondary high availability
host.
7. From the toolbar, select High Availability > Set System Online.
What to do next
When you can access the System and License Management window, check the status
column. Ensure that the primary high availability host is the active system and the
secondary high availability host is the standby system.
For more information, see “Primary High Availability Host Failure” on page 9. If the
secondary high availability host detects a primary failure, it automatically takes over the
responsibilities of the primary high availability host and becomes the active system.
Related
Documentation
•
Viewing High Availability Cluster IP Addresses on page 21
Copyright © 2016, Juniper Networks, Inc.
27
Juniper Secure Analytics High Availability Guide
28
•
Creating an High Availability Cluster on page 22
•
Disconnecting an High Availability Cluster on page 24
Copyright © 2016, Juniper Networks, Inc.
CHAPTER 5
Recovery Options for High Availability
Appliances
You can reinstall or recover Juniper Secure Analytics (JSA) high availability appliances.
If your high availability cluster uses shared storage, manually configure your external
storage device. For more information, see Configuring Offboard Storage Guide.
This chapter describes about the following sections:
•
Notebook Hyperterminal Connections on page 29
•
Network Connections on page 30
•
Recovering a Secondary High Availability Console or Non-console on page 31
•
Recovering a Failed Primary High Availability Host on page 32
•
Recovering a Failed Secondary High Availability Host to JSA 2014.3 on page 33
•
Recovering a Failed Primary High Availability Flow Processor on page 34
•
Recovering JSA on a Secondary High Availability Console or Non-console
System on page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory
Default on page 37
Notebook Hyperterminal Connections
During the recovery of a Juniper Secure Analytics (JSA) appliance, you can use a notebook
to monitor the progress of the installation.
If you use HyperTerminal to monitor a JSA reinstallation or recovery, Table 8 on page 29
describes the parameters that are listed in hyperterminal connection.
Table 8: Hyperterminal Connection Parameters
Parameter
Description
Connect Using
Select the appropriate COM port of the serial connector.
Bits per second
Type 9600
Copyright © 2016, Juniper Networks, Inc.
29
Juniper Secure Analytics High Availability Guide
Table 8: Hyperterminal Connection Parameters (continued)
Parameter
Description
Stop Bits
Type 1
Data bits
Type 8
Type 8
Type None
For more information, see “Recovering a Secondary High Availability Console or
Non-console” on page 31. You can install or recover a secondary high availability JSA or
non-console (managed host) appliance.
Related
Documentation
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Network Connections
During the recovery or reinstallation of a Juniper Secure Analytics (JSA)appliance, you
can specify the network connection settings.
Use the information in the Table 9 on page 30 when you recover or reinstall a JSA
appliance.
Table 9: JSA Network Setting Parameters
Parameter
Description
Hostname
Type a fully qualified domain name as the system host name.
IP Address
Type the IP address of the system.
NOTE: If you are recovering an high availability appliance, the IP address is the primary high
availability host IP address. You can identify the IP address in the System and License Management
window.
Network Mask
Type the network mask address for the system.
Gateway
Optional: Type the Public IP address of the server. The Public IP address is a secondary IP address
that is used to access the server. Access is usually from a different network or the Internet, and is
managed by your network administrator. The Public IP address is often configured by using Network
Address Translation (NAT) services or firewall settings on your network.
Email Server
30
Type the email server. If you do not have an email server, type localhost in this field.
Copyright © 2016, Juniper Networks, Inc.
Chapter 5: Recovery Options for High Availability Appliances
Related
Documentation
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Recovering a Secondary High Availability Console or Non-console
You can install or recover a secondary high availability Juniper Secure Analytics (JSA) or
non-console (managed host) appliance.
To recover a secondary high availability console or non-console:
1.
Prepare your appliance.
a. Install all necessary hardware.
b. Connect a notebook to the serial port on the rear of the appliance, or connect a
keyboard and monitor to their respective ports.
For more information on your JSA appliance or appliance ports, see the Juniper
Secure Analytics Hardware Guide.
c. Turn on the system and log in as Username: root
NOTE: The user name is case-sensitive.
d. Press Enter.
e. Press the Spacebar to advance each window then type yes to accept the agreement
and press Enter.
2. Follow the instructions in the wizard.
3. Configure the JSA network settings.
4. Select Next and press Enter.
NOTE: If you are changing network settings with qchange_netsetup, select
Finish and press Enter. For more information about changing network
settings, see Juniper Secure Analytics Installation Guide or Log Manager
Installation Guide.
5. Configure the JSA root password:
a. Type your password, then select Next and press Enter.
b. Retype your new password. Select Finish and press Enter.
Copyright © 2016, Juniper Networks, Inc.
31
Juniper Secure Analytics High Availability Guide
NOTE: This process can take several minutes.
c. Press Enter to select OK.
6. Log in to the JSA user interface.
What to do next
Configure the High Availability Cluster.
For more information, see “Notebook Hyperterminal Connections” on page 29. During
the recovery of a JSA appliance, you can use a notebook to monitor the progress of the
installation.
For more information, see “Creating an High Availability Cluster” on page 22. Pairing a
primary host, secondary high availability host, and a virtual IP address using JSA creates
an high availability cluster.
Related
Documentation
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Recovering a Failed Primary High Availability Host
You can recover a failed primary high availability Juniper Secure Analytics (JSA) host.
If you need to reinstall JSA on a failed primary high availability host, you must consider
the build version of the secondary high availability host.
The build version of the primary high availability host must be the same as the JSA build
version installed on the secondary high availability host.
The secondary or primary high availability host must be patched to the correct build
version before you configure an high availability cluster.
To recover a failed primary high availability host:
1.
Install all necessary hardware.
2. Choose one of the following options:
•
Connect a notebook to the serial port on the rear of the appliance. For more
information, see “Notebook Hyperterminal Connections” on page 29.
•
Connect a keyboard and monitor to their respective ports.
3. Turn on the system and login:
Username: root
32
Copyright © 2016, Juniper Networks, Inc.
Chapter 5: Recovery Options for High Availability Appliances
4. Press Enter.
5. Press the Spacebar to advance each window then type yes to accept the agreement
and press Enter.
6. Select HA Recovery Setup. Select Next and press Enter.
7. Follow the instructions in the wizard.
8. Configure the JSA network settings.
9. Select Next and press Enter.
10. Configure the JSA root password.
11. Log in to the JSA user interface.
12. Restore the failed primary high availability host. For more information, see “Verifying
the Status of Primary and Secondary Hosts” on page 42.
Related
Documentation
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Recovering a Failed Secondary High Availability Host to JSA 2014.3
When you recover a failed secondary high availability host that used a previous Juniper
Secure Analytics (JSA) version, you can install JSA 2014.3 from an updated recovery
partition.
To recover a failed secondary high availability host to JSA 2014.3:
1.
Using SSH, log in to the secondary high availability host as the root user:
a. Username:root
b. Password:<password>
2. To obtain the JSA software:
a. Go the Juniper Customer Support website, www.juniper.net/support/downloads.
b. Click on any of the JSA series.
c. Select Software > 2014.3R1 ISO.
3. Copy the JSA 2014.3 ISO to the secondary high availability host by typing the following
command:
scp <iso file name> root@<ip_address>:/root
4. If the host is a non-console, stop the IPTables service to allow SmartCloud Provisioning.
Type the following command:
service iptables stop.
Copyright © 2016, Juniper Networks, Inc.
33
Juniper Secure Analytics High Availability Guide
5. Start the extracted recovery script by typing the following command:
./recovery.py -r --default --reboot <iso_file_name>
6. When prompted, press Enter to restart the appliance.
7. When prompted, type flatten and press Enter.
Results
The installer repartitions and reformats the hard disk, installs the Operating System, and
then reinstalls JSA. Wait for the flatten process to complete. This process can take up
to several minutes, depending on your system. When this process is complete, the normal
installation process proceeds.
Related
Documentation
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Recovering a Failed Primary High Availability Flow Processor
You can recover a failed primary high availability Juniper Secure Analytics (JSA) Flow
Processor.
To recover a failed primary high availability flow processor:
1.
Install all necessary hardware.
2. Choose one of the following options:
•
Connect a notebook to the serial port on the rear of the appliance. For more
information, see “Notebook Hyperterminal Connections” on page 29.
•
Connect a keyboard and monitor to their respective ports.
3. Turn on the system and login:
Username: root
4. Press Enter.
5. Press the Spacebar to advance each window then type yes to accept the agreement
and press Enter.
6. Select HA Recovery Setup. Select Next and press Enter.
7. Select your time zone continent or area. Select Next and press Enter.
8. Select your time zone region. Select Next and press Enter.
9. Select IPv4. Select Next and press Enter.
NOTE: Each interface with a physical link is denoted with a plus (+)
symbol.
34
Copyright © 2016, Juniper Networks, Inc.
Chapter 5: Recovery Options for High Availability Appliances
10. Select the management interface. Select Next and press Enter.
11. Type the Cluster Virtual IP address, then select Next and press Enter. For more
information, see “Viewing High Availability Cluster IP Addresses” on page 21.
12. Configure the JSA network settings.
13. Select Next and press Enter.
14. Configure the JSA root password.
15. Log in to the JSA user interface.
16. Restore the failed primary high availability host. For more information about restoring
a failed primary high availability host, see “Recovering a Failed Primary High Availability
Host” on page 32.
Related
Documentation
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Recovering JSA on a Secondary High Availability Console or Non-console System
You can install or recover JSA console or non-console (managed host) software on your
secondary high availability system.
These instructions are applicable to the installation or recovery of a JSA console and
non-console. You must choose different options according to the appliance you are
installing or recovering.
To recover JSA on a secondary high availability console or non-console system:
1.
Install the necessary hardware.
2. Log in as root.
3. Create the /media/cdrom directory by typing the following command:
mkdir /media/cdrom
4. Obtain the JSA software from the following location:
http://www.juniper.net/customers/support/
5. Mount the JSA ISO by typing the following command:
mount -o loop <path to the JSA ISO> /media/cdrom
6. Begin the installation by typing the following command:
/media/cdrom/setup
7. Press the Spacebar to advance each window then type yes to accept the agreement
and press Enter.
8. Configure the JSA network settings.
Copyright © 2016, Juniper Networks, Inc.
35
Juniper Secure Analytics High Availability Guide
9. Select Next and press Enter.
NOTE: If you are changing network settings by using qchange_netsetup,
select Finish and press Enter. For more information, see Juniper Secure
Analytics Installation Guide.
10. Configure the JSA root password.
11. Configure the JSA root password.
What to do next
Configure the high availability cluster.
Related
Documentation
•
Recovering a Failed Primary High Availability Flow Processor on page 34
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Recovering JSA on a Failed Primary High Availability Console or Non-console
You can recover Juniper Secure Analytics (JSA) console or non-console (managed host)
software on your failed primary high availability host.
These instructions are applicable to the installation or recovery of JSA on a primary
console and non-console. You must choose different options according to the appliance
you are installing or recovering.
To recover JSA on a failed primary high availability console or non-console:
1.
Install the necessary hardware.
2. Log in as root.
3. Create the /media/cdrom directory by typing the following command:
mkdir /media/cdrom
4. Obtain the JSA software from the following location:
www.juniper.net/customers/support/.
5. Mount the JSA ISO by typing the following command: mount -o loop <path to the JSA
ISO> /media/cdrom.
6. Begin the installation by typing the following command:
/media/cdrom/setup
NOTE: JSA verifies the integrity of the media before installation by checking
the MD5 sum. If a warning message is displayed, that the MD5 checksum
failed, redownload JSA. For further assistance, contact Juniper Customer
Support.
36
Copyright © 2016, Juniper Networks, Inc.
Chapter 5: Recovery Options for High Availability Appliances
7. Press the Spacebar to advance each window then type yes to accept the agreement
and press Enter.
8. Configure the JSA network settings.
9. Select Next and press Enter.
10. Configure the JSA root password.
11. Log in to JSA.
What to do next
Restore the failed primary high availability host. See “Verifying the Status of Primary and
Secondary Hosts” on page 42.
For more information, see “Creating an High Availability Cluster” on page 22. Pairing a
primary host, secondary high availability host, and a virtual IP address using JSA creates
an high availability cluster.
Related
Documentation
•
Recovering a Failed Primary High Availability Flow Processor on page 34
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
on page 37
Recovering a Secondary High Availability Host to a Previous Version or Factory Default
You can recover an Juniper Secure Analytics (JSA) secondary high availability host to a
previous version or factory default.
About This Task
You can recover a failed JSA secondary high availability host that does not include a
recovery partition or a USB port to a previous version. You can also restore the system
to factory defaults. When you recover the failed secondary high availability host, all data
is removed and the factory default configuration is restored on the host.
To recover a secondary high availability host to a previous version factory default:
1.
Using SSH, log in to the console as the root user.
2. Using SmartCloud Provisioning, copy the recovery.py script from the console to the
failed secondary high availability host.
NOTE: By default, the recovery.py script is downloaded to the /root
directory if you do not specify a location.
3. Obtain the JSA ISO from the following location: www.juniper.net/customers/support/
4. Using SmartCloud Provisioning, copy the ISO to the target JSA host.
Copyright © 2016, Juniper Networks, Inc.
37
Juniper Secure Analytics High Availability Guide
5. Using SSH, log in to the secondary high availability host.
6. Type the following commands:
chmod 755 recovery.py
./recovery.py -r --default --reboot <iso_file_name>
7. Press Enter when prompted to restart the system.
8. When prompted, type flatten and press Enter.
Results
The installer repartitions and reformats the hard disk, installs the Operating System, and
then installs JSA. Wait for the flatten process to complete. This process can take up to
several minutes. After the process is complete, the normal installation process continues.
Related
Documentation
38
•
Recovering a Failed Primary High Availability Flow Processor on page 34
•
Recovering JSA on a Secondary High Availability Console or Non-console System on
page 35
•
Recovering JSA on a Failed Primary High Availability Console or Non-console on page 36
Copyright © 2016, Juniper Networks, Inc.
CHAPTER 6
Troubleshooting JSA High Availability
Deployments
Use the status of the high availability hosts in the System and License Management
window to help you troubleshoot.
This chapter describes about the following sections:
•
Status Combinations and Possible Resolutions on page 39
•
Identifying Active Hosts on page 40
•
Restoring a Failed Secondary High Availability Host on page 41
•
Restoring a Failed Primary High Availability Host on page 41
•
Verifying the Status of Primary and Secondary Hosts on page 42
•
Setting the Status of the Primary High Availability Host to Online on page 43
Status Combinations and Possible Resolutions
Table 10 on page 39 describes the possible status settings for primary and secondary
high availability hosts. Each status combination requires a different troubleshooting
approach.
Table 10: System and License Management Window Host Statuses
Primary high
availability host status
Secondary high
availability host status
Active
Failed or Unknown
Ensure that the secondary host is on, and that you can log on to it as a
root user by using SSH. If you can connect, see “Restoring a Failed
Secondary High Availability Host” on page 41.
Failed or Unknown
Active
Ensure that the primary host is on, and that you can log on to it as a root
user by using SSH. If you can connect, see “Restoring a Failed Primary
High Availability Host” on page 41.
Unknown
Unknown
If you cannot connect to the primary or secondary high availability host
by using SSH, ensure that your network and hardware configuration is
operational.
Copyright © 2016, Juniper Networks, Inc.
Possible action
39
Juniper Secure Analytics High Availability Guide
Table 10: System and License Management Window Host Statuses (continued)
Primary high
availability host status
Secondary high
availability host status
Offline
Active
Related
Documentation
Possible action
To set the primary host online, see “Switching a Primary High Availability
Host to Active” on page 27.
•
Restoring a Failed Primary High Availability Host on page 41
•
Verifying the Status of Primary and Secondary Hosts on page 42
•
Setting the Status of the Primary High Availability Host to Online on page 43
Identifying Active Hosts
You can identify the most recent active host in your high availability cluster by using SSH.
To identify active hosts:
1.
To display the high availability cluster configuration, type the following command:
cat /proc/drbd
2. Review the following line: in the output:
0: cs:Connected ro:Primary/Secondary ds:UpToDate/UpToDate
•
If the line does not display the following text, cs:Connected, determine the most
recent active high availability host in the high availability cluster.
•
If the output displays the following text, Secondary/Primary, the secondary high
availability Host is the active system.
•
If the output displays the following text, ro:Primary/Secondary, the primary high
availability Host is the active system.
3. If the line displays ro:Secondary/Secondary, review the following line in the output:
0: cs:Connected ro:Secondary/Secondary
Related
Documentation
40
•
If the output displays the following text, ds:< >/UpToDate, the secondary high
availability Host is the active system.
•
If the output displays the following text, ds:UpToDate/< >, the primary high
availability Host is the active system.
•
If the output displays the following text, ds:< >/< >, determine the most recent
active high availability host in your high availability cluster.
•
If the output displays the following text, ds:UpToDate/UpToDate, determine the
most recent active high availability host in your high availability cluster.
•
Status Combinations and Possible Resolutions on page 39
•
Restoring a Failed Primary High Availability Host on page 41
•
Verifying the Status of Primary and Secondary Hosts on page 42
Copyright © 2016, Juniper Networks, Inc.
Chapter 6: Troubleshooting JSA High Availability Deployments
Restoring a Failed Secondary High Availability Host
You can restore a failed secondary high availability host.
To restore a failed secondary high availability host:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click System and License Management.
4. Select the secondary high availability host that you want to restore.
5. From the High Availability menu, click Restore System.
6. If the secondary high availability host displays a status of Failed or Unknown in the
System and License Management window, use SSH to log in to the secondary high
availability host as the root user to ensure that the host is operational.
7. Restart the secondary high availability host by typing reboot.
8. After the system is restarted, if the secondary high availability host displays a status
of Failed or Unknown, from the High Availability menu, click Restore System.
For more information, see “Verifying the Status of Primary and Secondary Hosts” on
page 42. You must verify that the primary and secondary high availability hosts are
operational.
Related
Documentation
•
Status Combinations and Possible Resolutions on page 39
•
Identifying Active Hosts on page 40
•
Restoring a Failed Primary High Availability Host on page 41
•
Verifying the Status of Primary and Secondary Hosts on page 42
•
Setting the Status of the Primary High Availability Host to Online on page 43
Restoring a Failed Primary High Availability Host
You can restore a failed primary high availability host.
To restore a failed primary high availability host:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click System and License Management.
4. Select the primary high availability host that you want to restore.
5. From the High Availability menu, click Restore System.
6. Verify the status of the primary high availability host.
Copyright © 2016, Juniper Networks, Inc.
41
Juniper Secure Analytics High Availability Guide
7. If the primary high availability host displays a status of Offline, in the System and
License Management window, click High Availability > Set System Online.
8. Restart the primary high availability host by typing the following command:
reboot
For more information, see “Setting the Status of the Primary High Availability Host to
Online” on page 43. If the primary high availability host displays a status of offline, you
can reset the status to online.
Related
Documentation
•
Status Combinations and Possible Resolutions on page 39
•
Identifying Active Hosts on page 40
•
Restoring a Failed Secondary High Availability Host on page 41
Verifying the Status of Primary and Secondary Hosts
You must verify that the primary and secondary high availability hosts are operational.
To verify the status of primary and secondary hosts:
1.
Identify whether the primary high availability host was configured as a console or
managed host.
2. If the primary high availability host is configured as a console, use SSH to log in to the
Cluster Virtual IP address as the root user:
•
If you can connect to the Cluster Virtual IP address, restore access to the JSA. For
more information, see Juniper Secure Analytics Troubleshooting Guide.
•
If you cannot connect to the Cluster Virtual IP address, use SSH to log in to the
secondary high availability host as the root user to ensure that it is operational.
3. If your secondary host is configured as a managed host, use SSH to log in to the
secondary high availability host as the root user.
•
If you cannot connect to the primary or secondary high availability host by using
SSH, ensure that your network and hardware configuration is operational.
•
If you can connect to the primary and secondary high availability host, identify the
most recently active high availability host in your high availability cluster.
For more information, see “Status of High Availability Hosts” on page 19. You can review
the status of the primary and secondary host in your high availability cluster.
For more information, see “Verifying the Status of Primary and Secondary Hosts” on
page 42. You must verify that the primary and secondary high availability hosts are
operational.
Related
Documentation
42
•
Status Combinations and Possible Resolutions on page 39
•
Identifying Active Hosts on page 40
•
Restoring a Failed Secondary High Availability Host on page 41
Copyright © 2016, Juniper Networks, Inc.
Chapter 6: Troubleshooting JSA High Availability Deployments
Setting the Status of the Primary High Availability Host to Online
If the primary high availability host displays a status of offline, you can reset the status
to online.
To set the status of the primary high availability host to online:
1.
Click the Admin tab.
2. On the navigation menu, click System Configuration.
3. Click System and License Management.
4. Select the primary high availability host that you want to restore.
5. In the System and License Management window, if the primary high availability host
displays a status of Offline, your must restore the primary high availability host.
For more information, see “Restoring a Failed Primary High Availability Host” on page 41.
You can restore a failed primary high availability host.
Related
Documentation
•
Status Combinations and Possible Resolutions on page 39
•
Identifying Active Hosts on page 40
•
Restoring a Failed Secondary High Availability Host on page 41
Copyright © 2016, Juniper Networks, Inc.
43
Juniper Secure Analytics High Availability Guide
44
Copyright © 2016, Juniper Networks, Inc.
PART 2
Index
•
Index on page 47
Copyright © 2016, Juniper Networks, Inc.
45
Juniper Secure Analytics High Availability Guide
46
Copyright © 2016, Juniper Networks, Inc.
T
technical support
contacting JTAC.................................................................x
Index
Symbols
#, comments in configuration statements.....................ix
( ), in syntax descriptions.......................................................ix
< >, in syntax descriptions.....................................................ix
[ ], in configuration statements...........................................ix
{ }, in configuration statements..........................................ix
| (pipe), in syntax descriptions............................................ix
B
braces, in configuration statements..................................ix
brackets
angle, in syntax descriptions........................................ix
square, in configuration statements.........................ix
C
comments, in configuration statements.........................ix
conventions
text and syntax................................................................viii
curly braces, in configuration statements.......................ix
customer support......................................................................x
contacting JTAC.................................................................x
D
documentation
comments on....................................................................ix
F
font conventions.....................................................................viii
M
manuals
comments on....................................................................ix
P
parentheses, in syntax descriptions..................................ix
S
support, technical See technical support
syntax conventions................................................................viii
Copyright © 2016, Juniper Networks, Inc.
47
Juniper Secure Analytics High Availability Guide
48
Copyright © 2016, Juniper Networks, Inc.

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz