cancel
Showing results for 
Search instead for 
Did you mean: 

3 node PSA-7000f Cluster - Active/Active/Active - possible?

SOLVED
Highlighted
Occasional Contributor

3 node PSA-7000f Cluster - Active/Active/Active - possible?

I have always been running a 2-node active/active cluster (with an external LB) with PSA-7000f appliances.  With recent increased usage I would like to add an additional PSA-7000f.  I'm assuming this is possible, but has anyone had experience with this?

 

So essentially, I need to add the 3rd node into the cluster without impacting sessions on the existing nodes.  If you have experience or knowledge with this, I would greatly appreciated recommendations!

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Moderator

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Yes, 3U Active/Active cluster is possible with PSA7000 devices, however it is recommended to add the 3rd node during maintenance window since cluster related activities will restart some services on the VPN servers.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

3 REPLIES 3
Highlighted
Moderator

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Yes, 3U Active/Active cluster is possible with PSA7000 devices, however it is recommended to add the 3rd node during maintenance window since cluster related activities will restart some services on the VPN servers.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

Occasional Contributor

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Excellent, thanks for the info (I will complete this during a maintenance window for sure). 

Will users (VPN tunneling sessions) be disconnected from the other 2 nodes already in the cluster when the node is added?

 

I will accept your solution!  But another follow-up question, what config will the new cluster member "learn" and what will I have to enter manually?  If I remember correctly, I will have to manually enter Network, License, Syslog, SNMP, Archiving (?), Connection Profiles.   But "cluster learned" data is:  Resource profiles (ACLs), Security settings, Auth servers, Realms, Role mapping, Sign-in pages, etc.

Am I right?  Missing anything important?  

Thanks!

 

 

Highlighted
Moderator

Re: 3 node PSA-7000f Cluster - Active/Active/Active - possible?

Service restart on the cluster nodes would cause the users to disconnect and reconnect automatically. Regarding the configuration part, you would need configure Network, License, and not really sure about Syslog and SNMP as they might be node specific too, archiving setting gets synced like rest of the data.

 

Syslog in cluster: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB20969/?kA1j0000000FjMv

PCS Expert
Pulse Connect Secure Certified Expert