Preparing to Install High Availability

HA is designed to maintain the great majority of network connections. During a reboot (an orderly shutdown), the active Screen being rebooted notifies the passive Screens, and the appropriate passive Screen takes over as the active Screen without loss of connections. Because the passive Screens do not forward, reject, or log packets, the load on passive Screens is less than the load on the active Screen. Consequently, load-induced faults that affect the active Screen are unlikely to have affected the passive Screens. Once the previously-passive secondary Screen becomes active, of course, it is subject to the same load that caused the failure.

The machines that are used as the HA Screen should all be of equivalent power, so that the passive HA Screen can keep up with nearly all the processing of the active HA Screen.

No traffic is allowed out of the passive HA Screens with the exception of administration traffic, such as normal GUI administration, HA administration, and HA heartbeat (the communication signal on the dedicated network that assures that the network is working). This means, for example, that you cannot use telnet to connect to the passive HA hosts. You can, however, use telnet to connect to active HA hosts.

Using the /etc/hosts File for Name Resolution

When you configure the hostname resolution in the /etc/nsswitch.conf file for HA hosts, the key word files must appear first in the "hosts line" because:

• Using the /etc/hosts file for hostname resolution is more reliable than using DNS or NIS or both.

• An HA Screen in the passive mode cannot send packets over the network; therefore, remote hostname resolution, such as DNS or NIS, will fail for passive HA Screens.

Defining HA

The primary HA Screen manages secondary HA Screens in an HA cluster. A passive HA Screen within an HA cluster mirrors the state of the active Screen, which can be the primary or a secondary HA Screen. When the active Screen fails, the passive Screen that has been running the longest takes over as the active Screen. Primary means the system is the HA administration host for the HA configuration. It does not necessarily mean that the system is the active host

You must use the unique HA interface address for administration. If you use one of the shared addresses, then that address will always resolve to the HA Screen that is currently active. Because the active host is not necessarily the primary administration host, you must use the unique HA interface address to ensure that you are communicating with the correct host.

If you do not use the unique HA interface address, then the connection will be lost and the administration GUI will hang immediately if the remotely administered primary HA Screen is shut down. You will still be able to administer the active HA Screen from the command line, using the command ssadm, but you will be unaware that you are administering a secondary HA Screen. This will not propagate the configuration to any other HA Screen; instead, the configuration will be overwritten when the primary HA Screen comes up again and a policy is activated.