how to create a redyndency for the PM server

Scholar

how to create a redyndency for the PM server

hi all

 

if I want to make a redundency for the Policy Manager Server !!

how to do this ??

 

so if a server fails (like hardware damadge) the other takes the role !??

 

kindly share only the guide lines and I will take care of the details,

 

thanks,

 

7 REPLIES 7
F-Secure Product Expert
F-Secure Product Expert

Re: how to create a redyndency for the PM server

We unfortunately don't have official guidelines to implement this kind of set-up.

 

However in case of failure of PMS, client should fall back to our Update servers by default, to get virus definition updates.

In addition you can take regular backups of the H2 database as advised in page 47 of the admin guide. This should allow for a quick restoration of an instance of your PMS, should a problem occur.



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Scholar

Re: how to create a redyndency for the PM server

thank you for your reply

Chu
Supporter

Re: how to create a redyndency for the PM server

Have one way (not officially) to create PM Server redundancy.

 

Just create another PM Server and create a bat file to stop fsms service in the two or more servers (make a task to execute this bat file when dont have anyone using the PMS) and after this, sincronize  the main server to slaves servers (copy the folder from main server C:\Program Files (x86)\F-Secure\Management Server 5\data to all slave servers). After this, just restart the service.

 

With this, you have two or more PMS syncronized at least once time per day. If the main server goes down, in the slave server, just put the same name and same IP of the main server.

Scholar

Re: how to create a redyndency for the PM server

if I will use the same name and same IP address, that will make an issue when resolving arp cache !!

 

because the mac address of them are different, and the mac table in the network switches will have a problem then !!

 

 

 

 

Chu
Supporter

Re: how to create a redyndency for the PM server

The redundancy where I showed its passive, not active-active (using the same IP address), you will just put the same name and IP address when the main server goes down.

 

As the F-Secure Database is H2DB, maybe have a way to go inside the database and replicate to another server without stop fsms service.

F-Secure Product Expert
F-Secure Product Expert

Re: how to create a redyndency for the PM server

There is unfortunately no perfect solution to make that redundancy happen.

 

I think what Chu was providing was a workaround to automate the backup of the database as much as possible.

 

A manual intervention in case of problem(active PM going down), will be however necessary. 



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Superuser

Re: how to create a redyndency for the PM server

Hello,

 

Another situation where redundancy / cluster synchronisation would be useful:

 

A company has many laptops, running FSCS 11.60 (Standard Edition). Laptops often leave the corporate HQ and lose connection to the Windows-based PM 11.22, which is located on the company LAN.

 

The officially encouraged solution would be to install VPN clients on all laptops and always have them connect into the company network via an encrypted tunnel through the public net, as long as they are outside the headquarters. However, this is an expensive solution, especially considering the VPN server-side appliance costs.

 

Thus the company wishes to add a second server, running a Linux-based PM 10.43, to face the public net and maintain policy control over roaming laptops which are connecting to internet. (Many companies have a ban on any Windows servers facing the public net and demand the use of Un*x family solutions for such a dangerous task.)

 

Thus, it would be nice, if two F-Secure PM servers, in this case one running on Linux and one on Windows, could automatically maintain syncronised coherency between their H2 databases or even act as a kind of cluster. Thus, the Linux-based PM server could be slaved to the Windows-based one.

 

(Or the PM server of a filiale location could be slaved to the headquarters PM server. Some kind of a Super Policy Manager edition)

 

Best regards: Tamas Feher, Hungary.