Some vCloud Networking and Security Q&A’s

Q. When I configure vCNS Edge HA, what is the “Management IP” referring to?

A. HA Management IP is the IP Address used for communication between the active and standby Edge. By default, the user does not need to worry about it (we call it zero-configuration), but the user has the option to explicitly specify it (and its interface). As you know, the IP Address is shared between the active and standby Edge, except this HA Management IP, which should be different.

Q. If I enable HA, will it reboot the current Edge device during the installation of the new HA Edge device?

A. No. When a user enables HA, vCNS Manager will deploy the secondary Edge device and republish the new configuration to both Edge devices. No reboot of the original Edge is required. In most cases, the original Edge device will be the initial active device, so there is no service disruption.

Q. Does vCNS v5.1.x provide any way of checking what ports are OPEN?

A. Yes, vCloud Networking and Security v5.1.x has a NEW CLI command that was introduced to check that all the relevant ports 443 and 902 are open.

Q. In vCloud Networking and Security v5.1.x, do we support SSO group-based role assignment?

A. Yes, but for group-based role assignment, we only support the FQDNgroupname format. The domain alias based format is currently not supported.

Q. Has anyone seen the vCloud Networking and Security Edge appliance HA pair get into a split-brain scenario? This is where the Edge appliance goes into what seems like an Active-Active state, which is highly undesirable.

A. Yes, we have seen this recently. This could be related to the HA pairs not being able to communicate with each other. If the communication between them is intermittent, this can happen. Are you using VXLAN as tenant networks? If so, check the MTU on the switch. We have seen this kind of issue when the MTU is not set properly.

Q. Is there any way to have with vCNS Load Balancer configured in Active/Passive mode?

A. If the vCNS Edge is configured with HA enabled, the Load Balancer will work in Active/Passive mode.  However, our Load Balancer does not support stateful switch over, which means, when the Active Edge is down and the  Passive Edge takes over, the existing connections (from

clients) to the  Load Balancer will be terminated and the clients will have to the reconnect to Load Balancer.

As always thanks to Michael Haines for providing the answers to these common questions.

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright David Hill

Powered by WordPress. Designed by Woo Themes

%d bloggers like this: