Maestro Auto-Scaling

Overview of Auto-Scaling

The Maestro Auto-Scaling feature assigns available Security Appliances (Scale Units) to a Security Group when certain conditions are met.

You configure these conditions on the Quantum Maestro Orchestrator for each Security Group.

Prerequisites for Auto-Scaling

A Maestro Security Group must contain Security Appliances of the same model.

You must enable SMO Image Cloning in the Security Group.

Run in Gaia gClish on the Security Group:

set smo image auto-clone state on

show smo image auto-clone state

Important - Various procedures for installing software packages require you to disable SMO Image Cloning. After you install the required software packages, you must enable SMO Image Cloning again.

If the Security Group has internet connectivity, the Scale Unit fetches the license from the User Center. If there is no internet access, you must manually prepare the license by following the instructions in sk180461 before applying the Auto-Scaling feature.

Limitations of Auto-Scaling

In R81.20, it is not supported to configure Auto-Scaling Settings if a Maestro Security Group contains different appliance models.
If the CPU utilization on the Security Group is high, the Orchestrator might consider the Security Group Members as "Expired".

Auto-Scaling Terms

Term	Definition
KPI	Key Performance Indicator
Scale Unit	A Security Appliance that can automatically be assigned to a Security Group, if a minimum of one "Scale Up" policy rule is met, or automatically removed from a Security Group if all "Scale Down" policy rules are met.
Scale Up policy	A set of rules configured based on the Security Group's KPIs. If a minimum of one rule is matched (for a consecutive amount of seconds), a Scale Unit (of the same hardware) is assigned to that Security Group.
Scale Down Policy	A set of rules configured based on the Security Group's KPIs. If a minimum of one rule is matched (for a consecutive amount of seconds), a Scale Unit is marked as a release candidate.
Release Candidate	A Scale Unit that is currently assigned to a Security Group is ready to be moved to another Security Group if one of its "Scale Up" policy rules is met.

Configuration of Auto-Scaling

Configure Auto-Scaling on the Orchestrator in Gaia Portal or Gaia Clish.

Configuration in Gaia Portal

Field	Available Values
When	Each Member Measures the value according to "Each Member" KPIs. "Asks" for new Security Appliances to be added to the Security Group when "Each Member" passes the threshold configured in the rule. Security Group (Average) Measures the value according to "Security Group (Average)" KPIs. "Asks" for new Security Appliances to be added to the Security Group when the "Security Group (Average)" passes the threshold configured in the rule.
With	CPU Utilization (%) Throughput (Gbps) Packets (p/s) Connections The KPI for the rule.
More than	Configure the threshold between: 1 and 100 for the CPU utilization metric. 1 and 1099511627776 (1TB) for other metrics.
For consecutive period of	Configure the duration between 1 and 86400 seconds (1 day).

Field	Available Values
When	Security Group (Average) Measures the value according to "Security Group (Average)" KPIs. Marks the scale unit that is currently occupied by the Security Group (if there is such a one) as a release candidate when the "Security Group (Average)" is less than the threshold configured in the rule. This means the Security Group can release the current scale unit.
With	CPU Utilization (%) Throughput (Gbps) Packets (p/s) Connections The KPI for the rule.
Less than	Configure the threshold between: 1 and 100 for the CPU utilization metric. 1 and 1099511627776 (1TB) for other metrics.
For consecutive period of	Configure the duration between 1 and 86400 seconds (1 day).

Configuration in Gaia Clish

Monitoring of Auto-Scaling

To view the current Security Groups and KPIs

To view the current Auto-Scaling rules

Troubleshooting of Auto-Scaling

Auto-Scaling Service

Auto-Scaling Log File