Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

3 node PSA-7000f Cluster - Active/Active/Active - possible?

SOLVED
Go to solution
elevator4
Occasional Contributor
‎03-25-2020 12:49:PM
‎03-25-2020 12:49:PM

3 node PSA-7000f Cluster - Active/Active/Active - possible?

I have always been running a 2-node active/active cluster (with an external LB) with PSA-7000f appliances.  With recent increased usage I would like to add an additional PSA-7000f.  I'm assuming this is possible, but has anyone had experience with this?

 

So essentially, I need to add the 3rd node into the cluster without impacting sessions on the existing nodes.  If you have experience or knowledge with this, I would greatly appreciated recommendations!

 

Thanks!

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
r@yElr3y
Moderator
Moderator
‎03-25-2020 08:03:PM
‎03-25-2020 08:03:PM

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Yes, 3U Active/Active cluster is possible with PSA7000 devices, however it is recommended to add the 3rd node during maintenance window since cluster related activities will restart some services on the VPN servers.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

Reply
3 REPLIES 3
r@yElr3y
Moderator
Moderator
‎03-25-2020 08:03:PM
‎03-25-2020 08:03:PM

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Yes, 3U Active/Active cluster is possible with PSA7000 devices, however it is recommended to add the 3rd node during maintenance window since cluster related activities will restart some services on the VPN servers.

PCS Expert
Pulse Connect Secure Certified Expert
Reply
elevator4
Occasional Contributor
‎03-26-2020 02:40:PM
‎03-26-2020 02:40:PM

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Excellent, thanks for the info (I will complete this during a maintenance window for sure). 

Will users (VPN tunneling sessions) be disconnected from the other 2 nodes already in the cluster when the node is added?

 

I will accept your solution!  But another follow-up question, what config will the new cluster member "learn" and what will I have to enter manually?  If I remember correctly, I will have to manually enter Network, License, Syslog, SNMP, Archiving (?), Connection Profiles.   But "cluster learned" data is:  Resource profiles (ACLs), Security settings, Auth servers, Realms, Role mapping, Sign-in pages, etc.

Am I right?  Missing anything important?  

Thanks!

 

 

0 Kudos
Reply
r@yElr3y
Moderator
Moderator
‎03-26-2020 05:58:PM
‎03-26-2020 05:58:PM

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Service restart on the cluster nodes would cause the users to disconnect and reconnect automatically. Regarding the configuration part, you would need configure Network, License, and not really sure about Syslog and SNMP as they might be node specific too, archiving setting gets synced like rest of the data.

 

Syslog in cluster: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB20969/?kA1j0000000FjMv

PCS Expert
Pulse Connect Secure Certified Expert
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.