Overview of High Availability

Multi-Domain Security Management implements High Availability at these levels:

• Multi-Domain Server High Availability is an Active/Active redundancy solution that uses two or more fully synchronized Multi-Domain Servers for continuous redundancy. All Multi-Domain Servers are Active. You can log into and work with the primary or secondary Multi-Domain Servers.

• Domain Management Server High Availability is both a redundancy and a Load Sharing solution for Domains. You create a Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. on two or more Multi-Domain Servers. These Domain Management Servers Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. synchronize fully for continuous redundancy.

  One Domain Management Server is Active and the others are Standby. Each Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. can have both Active and Standby Domain Servers. You can configure the Active Domain Management Server on different Multi-Domain Servers for effective load sharing.

All High Availability deployments include one Primary Multi-Domain Server and one or more Secondary servers. Synchronization occurs automatically when administrators publish sessions with changes to Policies, objects or configuration settings.

Primary and Secondary Multi-Domain Servers

The order in which you install Multi-Domain Servers is significant. You must define the first physical server as a Primary Multi-Domain Server in the First Time Wizard. You must define all other Multi-Domain Servers as Secondary in the First Time Wizard.

Active and Standby Domain Management Servers

You can only use the Active Domain Management Server to manage Domain Security Gateways, networks, Security Policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. objects and system configuration. Standby Domain Management Servers synchronize fully for redundancy. You can connect to a Standby Domain Management Server in the Read Only mode to look at current object configurations and Rule Base All rules configured in a given Security Policy. Synonym: Rulebase..

In the standard configuration, there is only one Active Domain Management Server for each Domain. All others are Standby Domain Management Servers. If the Active Domain Management Server fails, you must manually change a Standby Domain Management Server to Active.

On-premises and cloud:

You can configure Check Point Management High Availability between on-premises Management Servers and Management Servers in a cloud.

You must make sure the required Check Point traffic can flow between the on-premises servers and the servers in the cloud.

Important notes about backing up and restoring in Management High Availability environment: To back up and restore a consistent environment, make sure to collect and restore the backups and snapshots from all servers in the High Availability environment at the same time. Make sure other administrators do not make changes in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. until the backup operation is completed. For more information: About Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Backup and Gaia Snapshot, see the R81 Gaia Administration Guide. About the "migrate export" and "migrate import" commands, see the R81 CLI Reference Guide. About the "mds_backup" and "mds_restore" commands, see the R81 CLI Reference Guide. About Virtual Machine Snapshots, see the vendor documentation.

Multi-Site High Availability Deployment Example

This example shows a Multi-Site, High Availability deployment with two Multi-Domain Servers and one Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.. A real-life deployment will have many more assets.

Each Multi-Domain Server has two Domains configured for Load Sharing, where a different Domain Management Server is Active at each location. Administrators can connect to all Multi-Domain Servers. For best performance, connect to the Multi-Domain Server nearest to your geographical location.

Item	Description
1	London Multi-Domain Server with an Active Domain Management Server for London and a Standby Domain Management Server for Tokyo
2	Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs. with Domain Log Servers for London and Tokyo
3	Tokyo Multi-Domain Server with an Active Domain Management Server for Tokyo and a Standby Domain Management Server for London
4	Tokyo network
5	London network
6	Internet
	Active Domain Management Server
	Standby Domain Management Server
	Domain Log Server

This illustration shows the configuration grid in the SmartConsole Multi Domain view for the example deployment:

The system automatically creates the Global Domain when you install Multi-Domain Security Management.