Management High Availability

In This Section:

Overview of Management High Availability

High Availability is redundancy and database backup for management servers. Synchronized servers have the same policies, rules, user definitions, network objects, and system configuration settings.

Management High Availability uses the built-in revisions technology and allows the High Availability procedure to synchronize only the changes done since the last synchronization. This provides:

Real-time updates between management peers.
Minimal effect on the management server resources.

The first management server installed is the primary. If the primary Security Management Server fails, or is off line for maintenance, the administrator can initiate a changeover, so that the secondary server takes over.

Notes:

High Availability (and Load Sharing) for Security Gateways is covered in the R80.10 ClusterXL Administration Guide.
For Endpoint Security environments, see the R80.10 Endpoint Security Administration Guide.

Management High Availability Video

The High Availability Environment

A Management High Availability environment includes:

One Active Security Management Server
One or more Standby Security Management Server

For full redundancy, the active management server at intervals synchronizes its database with the secondary server or servers.

Active vs. Standby

In a standard High Availability configuration there is one Active server at a time. The administrator uses the Active server manage the High Availability configuration. The Active server automatically synchronizes the standby server(s) at regular intervals. You can open a Standby server only in Read Only mode. If the Active server fails, you can initiate a changeover to make a Standby server become the Active server. If communication with the Active server fails, there may be more than one Active server. This is called Collision Mode.

Primary Server vs. Secondary Server

The sequence in which you install management servers defines them as Primary or Secondary. The first management server installed becomes the Primary active server. When you install more Security Management Servers, you define them as Secondary. Secondary servers are Standby servers by default.

Important notes about backing up and restoring in Management High Availability environment:

To back up and restore a consistent environment, make sure to collect and restore the backups and snapshots from all servers in the High Availability environment at the same time. (This does not apply to Multi-Domain Log Servers.)
Make sure other administrators do not make changes in SmartConsole until the backup operation is completed.

For more information:

About Gaia Backup and Gaia Snapshot, see the R80.10 Gaia Administration Guide.
About the migrate export and migrate import commands, see the R80.10 CLI Reference Guide.
About the mds_backup and mds_restore commands, see the R80.10 Multi-Domain Security Management Administration Guide.
About Virtual Machine Snapshots, see the vendor documentation.

Configuring a Secondary Server in SmartConsole

In the SmartConsole connected to the Primary server, create a network object to show the Secondary Security Management Server. After you publish, synchronize starts between the primary and secondary servers.

To configure the secondary server in SmartConsole:

Open SmartConsole.
In Object Categories, click New > More > Network Object > Gateways and Servers > Check Point Host.
On the General Properties page, enter a unique name and IP address for the server.
In the Software Blades section, select the Management tab.
Select Network Policy Management.
This automatically selects the Secondary Server, Logging and Status, and Provisioning.
Create SIC trust between the Secondary Security Management Server and the Primary:
1. Click Communication.
2. Enter the SIC Activation Key of the secondary server.
3. Click Initialize.
4. Click Close.
Click OK.
Click Publish to save these session changes to the database.
On publish, the initialization and synchronization between the servers start.
Monitor these tasks in the Task List, in the SmartConsole System Information area. Wait for the Task List to show that a full sync has completed.
Open the High Availability Status window and make sure there is one active server, and one standby.

Synchronizing Active and Standby Servers

At intervals, the Active server synchronizes with the standby server or servers, and when you publish the session. Sessions that are not published are not synchronized.

Monitoring High Availability

The High Availability Status window shows the status of each Security Management Server in the High Availability configuration.

To see the server status in your High Availability environment:

Open SmartConsole and connect to a primary or secondary server.
On the Menu, click High Availability.

The High Availability Status window opens.

For the management server and its peer or peers in the High Availability configuration, the High Availability Status window shows:

A Warning or Error message – The message shows if there is a problem between the High Availability peers.
Connected To - The server that SmartConsole is connected to. Also, the High Availability mode of the server (Active or Standby), and the synchronization status and actions of the server.
Peers - The servers that the connected server sees. Also, the High Availability mode of each server (Active or Standby), and the synchronization status and actions of each server.

Monitoring Synchronization Status and Actions

Status messages can be general, meaning that they apply to the full system, or they can apply to a specified active or standby server. General messages show in the yellow overview banner.

General Status messages in overview banner	Description
	The database of the primary Security Management Server is identical with the database of the secondary.
Some servers could not be synchronized	A communication issue prevents synchronization, or some other synchronization issue exists.
	The active and standby servers are not communicating.
Communication Problem	Some services are down or cannot be reached.
Collision or HA conflict	More than one management server configured as active. Two active servers cannot sync with each other.

When connected to a specified active management server:

Status window area:	Peer Status	Additional Information
Connected to:	Active	SmartConsole is connected to the active management server.
Peers	Standby	The peer is in standby. The message can also show: Sync problem, last time sync Synchronized successfully. Last sync time: <time> No communication
	Not communicating, last sync time
	Active	A state of collision exists between two servers both defined as active.

When connected to a specified standby management server:

Status window area:	Peer Status	Description
Connected to:	Standby	Also shows: last sync time.
Peers	Active	The peer is in standby. The message can also show: No communication, last sync time OK., last sync time: <time> Sync problem, last sync time (in any direction)
	Standby or Unknown	Can also show: no communication.

Status window area:

Peer Status

Description

Connected to:

Standby

Also shows: last sync time.

Peers

Active

The peer is in standby. The message can also show:

No communication, last sync time
OK., last sync time: <time>
Sync problem, last sync time (in any direction)

Standby or Unknown

Can also show: no communication.

Changeover Between Active and Standby

Changeover between the primary (active) and secondary (standby) management server is not automatic. If the Active fails or it is necessary to change the Active to a Standby, you must do this manually. When the management server becomes Standby it becomes Read Only, and gets all changes from the new Active server.