Using clustering software

As shown in Figure 13-11, clustering software such as HACMP, MC/ServiceGuard, or MSCS is used to provide highly available service IP addresses, resource groups, and fault-monitoring mechanisms. For the clustering configuration, please refer to previous sections in this chapter.

Each node has a complete installation of IBM SecureWay eNetwork Firewall, CheckPoint FireWall-1, or another firewall. Configure both nodes in such a way that the equal and interchangeable configurations on both nodes are assured.

Figure 13-11 Clustered firewall for high availability

When the firewall process, network, or machine itself goes down, the clustering software will detect it and relocate the resource group, including the service IP address, to the backup node, then start the firewall service, as shown in Figure 13-12. The highly available firewall environment is reestablished after a failover. As soon as the primary firewall is up, the firewall service can automatically fall back to the primary node, or you can do this manually (this is determined by the clustering configuration settings).

Figure 13-12 Clustered firewall after failover

  Prev | Home | Next

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.