VSX Clusters

A VSX cluster consists of two or more identical, interconnected VSX Gateways that ensure continuous data synchronization and transparent failover. Furthermore, Virtual System Load Sharing (VSLS) enhances throughput by distributing Virtual Systems, together with their traffic load, amongst multiple, redundant machines.

VSX supports the following cluster environments:

• Check Point ClusterXL
• Crossbeam X-Series Chassis

VSX supports the following Bridge Mode solutions for ClusterXL deployments:

• STP Bridge Mode: Provides path redundancy while preventing undesirable loops between redundant switches.
• Active/Standby Bridge Mode: Provides full path redundancy and loop prevention, while offering seamless support for Virtual System Load Sharing and overcomes many STP limitations.

The VSX Clusters chapter provides detailed conceptual information, while the Cluster Management chapter provides detailed configuration procedures, including instructions for enabling and using all VSX clustering features. For more about Check Point ClusterXL features and functionality see the R77 ClusterXL Administration Guide.

Included Topics High Availability Virtual System Load Sharing (VSLS)

High Availability

VSX provides High Availability and transparent failover for VSX Gateways and/or for Virtual Systems. If the active VSX Gateway member fails, all sessions continue to run, securely and without interruption, on a standby cluster member. If an individual Virtual System fails, you can configure that Virtual System to fail over to a standby member while all other Virtual Systems continue to function on the active VSX Gateway member.

Users need not reconnect and re-authenticate, nor do they notice that an alternate machine has taken over. The Selective Sync feature allows you to selectively activate, delay or disable cluster member synchronization.

Virtual System Load Sharing (VSLS)

Load Sharing offers significant performance advantages while providing failover for individual Virtual Systems. Using multiple Gateways instead of a single gateway significantly increases performance for CPU intensive applications such as VPNs, Security servers, Policy servers, and Active Directory (LDAP).

By distributing Virtual System instances between different cluster members, the performance load is efficiently spread amongst the members. For example, active Virtual System 1 runs on member A, while active Virtual System 2 runs on member B. Standby and backup Virtual System instances are likewise distributed amongst members to maximize throughput, even in a failover scenario.

VSLS provides an excellent scalability solution, allowing administrators to add additional physical members to an existing VSLS cluster as traffic loads and performance requirements increase.

VSLS is available only in a Check Point ClusterXL environment.