General Cluster Maintenance
This section covers the following topics:
•Managing Network Settings for Cluster Nodes
•Upgrading the Cluster Service Package
•Migrating Cluster Configurations to a Replacement Cluster
•Configuring Certificates for Cluster Ports
Managing Network Settings for Cluster Nodes
To modify the network settings for a cluster or each individual node in a cluster, click System > Network. You can make your changes on the Network Settings pages. After you create a cluster, these pages provide a drop-down list from which you can select the entire cluster or a specific node to modify. When you save changes on a Network page, the settings are saved for the specified cluster or cluster node. If you change network settings for an entire cluster, they propagate to every node in the cluster.
You can access a node-specific Network page by clicking System > Clustering > Cluster Status on the node's name in the Member Name column.
Upgrading Cluster Nodes
Connect Secure offers the ability to easily upgrade every node in a cluster. You simply install a newer service package on one node and, once the installation completes and the node reboots, the node pushes the service package to all nodes in the cluster.
Upgrading the Cluster Service Package
Install a newer service package on one cluster node only. When the installation process completes and the cluster node reboots, it instructs the other nodes to upgrade.
Migrating Cluster Configurations to a Replacement Cluster
To migrate system and user configurations from a Connect Secure cluster (C1) to a replacement cluster (C2) using different Connect Secure devices:
1.Export the system and user configuration from C1's primary node (PN1).
Note the following information:
•Cluster name
•Cluster password
•Name of the node where the export was done (PN1)
•Internal IP address of PN1
•Internal network mask of PN1
•Internal network gateway of PN1
•Name of all other nodes in the C1 cluster, including their internal network IP address, network masks and gateways
2.Shut down all Connect Secure devices in cluster C1.
3.Power on one of the new servers (must be running software release 6.1R1 or later) that is part of cluster C2 and is on the same network to which PN1 was attached. This server device is called PN2 for the remainder of these steps.
4.When prompted, configure the internal network settings of PN2 to the same internal network settings of PN1.
5.Install the new primary license on PN2.
6.From the admin GUI on PN2, select System > Clustering> Create Cluster. Create the cluster C2 using the same cluster name and cluster password that were in use at cluster C1. Node PN2 must also be assigned the same node name as PN1.
7.Open the cluster status page and add the remaining nodes to the cluster configuration. Nodes being added must be assigned the same names that existed in original cluster C1. The internal network settings of the newly added nodes must also match the corresponding settings in the original cluster C1.
Do not join the newly added nodes to cluster C2 yet.
8.Import the data exported from PN1 into PN2.
9.When importing the system configuration, select the option Import everything (except Device Certificate(s)).
10.Power on the remaining new Connect Secure devices assigned to cluster C2. Configure the bare minimal internal network settings needed to bring up the machine. The network settings must match what has already been configured on node PN2.
Do not do make any other configuration changes on these machines as they will be lost when these machines join the cluster. Do not add licenses on these machines yet.
11.Join the Ivanti Connect Secure to cluster C2 and wait for the cluster status to stabilize.
12.Install the CL licenses on the newly joined nodes.