Management High Availability

In This Section:

High Availability is redundancy and database backup for management servers. Synchronized servers have the same policies, rules, user definitions, network objects, and system configuration settings. The first management server installed is the primary. If the primary Security Management Server fails, or is off line for maintenance, the secondary server takes over.

Note: High Availability for Security Gateways is covered the Security Gateway Technical Reference Guide and the ClusterXL Administration Guide.

The High Availability Environment

A Management High Availability environment includes:

One Active Security Management Server
One or more Standby Security Management Server

For full redundancy, the primary management server periodically synchronizes its database with the secondary server or servers.

Active vs. Standby

The active server lets you manage gateways, network objects and system configuration. The synchronized standby server gives backup and redundancy. Only one Security Management Server can be Active at a time. If the Active server fails, you can manually change the Active server to Standby, or the Standby server to Active. The standby server always opens in Read Only mode.

Primary Server vs. Secondary Server

The order in which you install management servers defines them as Primary or Secondary. The first management server installed becomes the Primary active server. When you install more Security Management Servers, you define them as Secondary. Secondary servers are Standby servers.

Planning for Management High Availability

When you plan your High Availability deployment, think about:

Remote versus Local Installation of the Standby Security Management Server
Connectivity issues on the LAN will not affect a standby server installed remotely.
Different physical locations
As a best practice for successful disaster recovery, install at least one standby Security Management Server in a physical location different from that of the active server.

Configuring a Secondary Server in SmartConsole

In the SmartConsole connected to the Primary server, create a network object to represent the Secondary Security Management Server. Then synchronize the Primary with the Secondary.

To configure the secondary server in SmartConsole:

Open SmartConsole.
In Object Categories, click New > More > Network Object > Gateways and Servers > Check Point Host.
On the General Properties page, enter a unique name and IP address for the server.
Note: Do not initialize SIC at this time.
In the Software Blades, section, select the Management tab.
Select Network Policy Management.
This automatically selects the Secondary Server, Logging and Status, and Provisioning.
Create SIC trust between the Secondary Security Management Server and the Primary:
1. Click Communication.
2. Enter the SIC Activation Key of the secondary server.
3. Click Initialize.
4. Click Close.
Click OK.
Click Publish to save these session changes to the database.
On publish, the databases of the primary and secondary server synchronize and continue to synchronize every three minutes.
Wait for the Task List in the System Information Area to show that a full sync has completed.
Open the High Availability Status window and make sure there is one active server and one standby.

Monitoring High Availability

The High Availability Status window shows the status of each Security Management Server in the High Availability configuration.

To see the status of the servers in your High Availability environment:

Open SmartConsole and connect to a primary or secondary server.
On the Menu, click High Availability.
The High Availability Status window opens.

For the management server and its peer or peers in the High Availability configuration, the window shows:

Field	Description
Server Name	The name of the Security Management Server.
Mode	If the server is Active or Standby.
Status	The synchronization status between the Security Management Servers: Last sync There is an HA conflict in the system Some servers could not be synchronized Synchronized See Synchronization Status for a complete description.

Field

Description

Server Name

The name of the Security Management Server.

Mode

If the server is Active or Standby.

Status

The synchronization status between the Security Management Servers:

Last sync
There is an HA conflict in the system
Some servers could not be synchronized
Synchronized

See Synchronization Status for a complete description.

Synchronizing Active and Standby Servers

The Active server periodically sends the latest changes to the standby server or servers. Active and Standby servers also synchronize when you publish a session.

How Synchronization Works

Synchronization can run automatically or you can start it manually. When synchronizing, the system does these steps without user intervention:

Locks the policy and object databases on the Active Security Management Server.
Takes a snapshot of the databases and save it to local disk.
Unlocks policy and object databases.
Compresses snapshot data and copies the snapshot from Active Security Management Server to all standby Security Management Servers.
The Standby Security Management Servers overwrite their databases with the snapshot.
Standby Security Management Servers send a Restore status notification to the Active Security Management Server.
The Active and Standby servers delete the snapshots.

While the Active Security Management Server is taking a snapshot (step 2 above), the databases are locked and you cannot add, change or delete these system objects:

Security Gateways, Security Management Servers and other network objects
VPN Communities
Services, resources and OPSEC applications
Policies and rules
Deployment rules and packages
Reports and queries

This is necessary to prevent database corruption and other errors.

If the environment includes Endpoint Security, the Active Security Management Server and clients continue to dynamically update these database objects even while the Security Management Server takes a snapshot:

Full Disk Encryption recovery data
Media Encryption & Port Protection recovery data
Endpoint monitoring data
Endpoint heartbeat data

Synchronization Status

The High Availability status window shows this information about synchronization between the active and standby servers:

Name, status, and actions of the connected server
Names, statuses, and actions of peers

Status messages can be general, or apply to a specified active or standby server. General messages show in the yellow overview banner.

General Status messages in overview banner	Description
Synchronized	The database of the primary Security Management Server is identical with the database of the secondary.
Some servers could not be synchronized	A communication issue prevents synchronization, or some other synchronization issue exists.
No HA	The active and standby servers are not communicating.
Communication Problem	The `fwm` service is down or cannot be reached.
Collision or HA conflict	More than one management server configured as active. Two active servers cannot sync with each other.

When connected to a specified active management server:

Status window area:	Specified Status Messages	Description
Connected to:	Active	SmartConsole is connected to the active management server.
Peers	Standby	The peer is in standby. The message can also show: Sync problem, last time sync Ok, last sync time: <time> Last sync failed: <date> Error, partial error No SIC
	Not communicating, last sync time
	Active	A state of collision exists between two servers both defined as active.

When connected to a specified standby management server:

Status window area:	Specified Status Messages	Description
Connected to:	Standby	The message also shows: last sync time.
Peers	Active	The peer is in standby. The message can also show: No communication, last sync time OK, last sync time: <time> Sync problem, last sync time (in any direction)
	Standby/Master unknown	The message can also show: no communication.

Status window area:

Specified Status Messages

Description

Connected to:

Standby

The message also shows: last sync time.

Peers

Active

The peer is in standby. The message can also show:

No communication, last sync time
OK, last sync time: <time>
Sync problem, last sync time (in any direction)

Standby/Master unknown

The message can also show: no communication.

High Availability Troubleshooting

These error messages show in the High Availability Status window when synchronization fails:

No SIC

Solution:

Open the Properties window of the Security Management Server.
On the General Properties page, click Test SIC Status.
Follow the instructions in the SIC Status window.

Not communicating

Solution:

From the main SmartConsole menu, select Management High Availability.
The High Availability Status window opens.
For the active server, click Actions > Sync now.

Collision or HA Conflict

More than one management server is configured as active. Solution:

From the main SmartConsole menu, select Management High Availability.
The High Availability Status window opens.
Use the Actions button to set one of the active servers to standby.

Failover Between Active and Standby

Failover between the primary (active) and secondary (standby) management server is not automatic. If the Active fails or it is necessary to change the Active to a Standby, you must do so manually. The two servers synchronize before failover to the new active server. After the failover, you cannot use the former active server to make changes.

If the Active Security Management Server is responsive:

In the High Availability status window, change the active server to standby or the standby to active.