I have always been running a 2-node active/active cluster (with an external LB) with PSA-7000f appliances. With recent increased usage I would like to add an additional PSA-7000f. I'm assuming this is possible, but has anyone had experience with this?
So essentially, I need to add the 3rd node into the cluster without impacting sessions on the existing nodes. If you have experience or knowledge with this, I would greatly appreciated recommendations!
Thanks!
Solved! Go to Solution.
Yes, 3U Active/Active cluster is possible with PSA7000 devices, however it is recommended to add the 3rd node during maintenance window since cluster related activities will restart some services on the VPN servers.
Yes, 3U Active/Active cluster is possible with PSA7000 devices, however it is recommended to add the 3rd node during maintenance window since cluster related activities will restart some services on the VPN servers.
Excellent, thanks for the info (I will complete this during a maintenance window for sure).
Will users (VPN tunneling sessions) be disconnected from the other 2 nodes already in the cluster when the node is added?
I will accept your solution! But another follow-up question, what config will the new cluster member "learn" and what will I have to enter manually? If I remember correctly, I will have to manually enter Network, License, Syslog, SNMP, Archiving (?), Connection Profiles. But "cluster learned" data is: Resource profiles (ACLs), Security settings, Auth servers, Realms, Role mapping, Sign-in pages, etc.
Am I right? Missing anything important?
Thanks!
Service restart on the cluster nodes would cause the users to disconnect and reconnect automatically. Regarding the configuration part, you would need configure Network, License, and not really sure about Syslog and SNMP as they might be node specific too, archiving setting gets synced like rest of the data.
Syslog in cluster: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB20969/?kA1j0000000FjMv