License Cisco ESA in Cluster Configuration

Similar Messages

• Need help to Configure Cisco ACE 4710 Cluster Deployment

  Dear Experts,
  I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between  two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
  http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
  This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
  This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
  My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
  Thanks....!
  -Amal-

  Dear Kanwal,
  I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
  Following detail required for configuring Oracle EBS Apps tier on HA:
  LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
  Suggested IP and Name for LBR:
  IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
  ebiz.xxxx.lk [on port 80 for http protocol accessibility]
  This LBR IP & name must be resolve and respond on DNS network
  Server Farm detail for LBR Setup
  Following detail will be use for configuring the LBR:
  LBR IP and Name :
  IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
  ebiz.xxxx.lk [on port 80 for http protocol accessibility]
  This LBR IP & name must be resolve and respond on DNS network
  Server Farm Detail for LBR setup:
  Server 1 (EBS App1 Node, ap1ebs):
  IP : 172.25.45.19
  Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
  Protocol: http
  Port: 8000
  Server 2 (EBS App2 Node, ap2ebs):
  IP : 172.25.45.20
  Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
  Protocol: http
  Port: 8000
  Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
  Following are my latest config :
  probe http Get-Method
    description Check to url access /OA_HTML/OAInfo.jsp
    interval 10
    faildetect 2
    passdetect interval 30
    request method get url /OA_HTML/OAInfo.jsp
    expect status 200 200
  probe udp http-8000-iRDMI
    description IRDMI (HTTP - 8000)
    port 8000
  probe http http-probe
    description HTTP Probes
    interval 10
    faildetect 2
    passdetect interval 30
    passdetect count 2
    request method get url /index.html
    expect status 200 200
  probe https https-probe
    description HTTPS traffic
    interval 10
    faildetect 2
    passdetect interval 30
    passdetect count 2
    ssl version all
    request method get url /index.html
  probe icmp icmp-probe
    description ICMP PROBE FOR TO CHECK ICMP SERVICE
  rserver host ebsapp1
    description ebsapp1.xxxx.lk
    ip address 172.25.45.19
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    probe http-probe
    inservice
  rserver host ebsapp2
    description ebsapp2.xxxx.lk
    ip address 172.25.45.20
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    probe http-probe
    inservice
  serverfarm host ebsppsvrfarm
    description ebsapp server farm
    failaction purge
    predictor response app-req-to-resp samples 4
    probe http-probe
    probe icmp-probe
    inband-health check log 5 reset 500
    retcode 404 404 check log 1 reset 3
    rserver ebsapp1 80
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      inservice
    rserver ebsapp2 80
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      inservice
  sticky http-cookie jsessionid HTTP-COOKIE
    cookie insert browser-expire
    replicate sticky
    serverfarm ebsppsvrfarm
  class-map type http loadbalance match-any default-compression-exclusion-mime-type
    description DM generated classmap for default LB compression exclusion mime types.
    2 match http url .*gif
    3 match http url .*css
    4 match http url .*js
    5 match http url .*class
    6 match http url .*jar
    7 match http url .*cab
    8 match http url .*txt
    9 match http url .*ps
    10 match http url .*vbs
    11 match http url .*xsl
    12 match http url .*xml
    13 match http url .*pdf
    14 match http url .*swf
    15 match http url .*jpg
    16 match http url .*jpeg
    17 match http url .*jpe
    18 match http url .*png
  class-map match-all ebsapp-vip
    2 match virtual-address 172.25.45.21 tcp eq www
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  policy-map type loadbalance first-match ebsapp-vip-l7slb
    class default-compression-exclusion-mime-type
      serverfarm ebsppsvrfarm
    class class-default
      compress default-method deflate
      sticky-serverfarm HTTP-COOKIE
  policy-map multi-match int455
    class ebsapp-vip
      loadbalance vip inservice
      loadbalance policy ebsapp-vip-l7slb
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 455
  interface vlan 455
    ip address 172.25.45.36 255.255.255.0
    peer ip address 172.25.45.35 255.255.255.0
    access-group input ALL
    nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
    service-policy input remote_mgmt_allow_policy
    service-policy input int455
    no shutdown
  ft interface vlan 999
    ip address 10.1.1.1 255.255.255.0
    peer ip address 10.1.1.2 255.255.255.0
    no shutdown
  ft peer 1
    heartbeat interval 300
    heartbeat count 10
    ft-interface vlan 999
  ft group 1
    peer 1
    no preempt
    priority 110
    associate-context Admin
    inservice
  ip route 0.0.0.0 0.0.0.0 172.25.45.1
  Hope you will reply me soon
  Thanks....!
  -Amal-

• Licensing for Cisco ESA c380

  I am putting a recommendation together for a client to upgrade their existing Cisco ESAs and trying to figure out how the licensing works.
  We are looking at c380s across multiple sites, upgrade from their current models which are c160s. Questions:
  1.) Do the mailbox licenses need to be procured separately for each c380. For e.g., if the total mailbox no. is 20000 across 4 sites, can the mailbox licenses be bought together and 'split' on individual installs of c380s OR they have to be bought separately for each c380.
  2.) If upgrading from the existing ESAs to new, can the licenses be imported from the existing c160s (which will be decommissioned) and exported to the new ESAs?

  1) each hardware appliance is licensed separately.  You'll need to work with account team/reseller to provide the #/size license as appropriate.
  2) If upgrading - yes, you'll just need to transfer the existing "as-is" license from the serial number of the existing appliance to the serial number of the newly purchased appliance.  Should be fairly exact to the RMA steps provided in the following article:
  http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118000-technote-esa-00.html
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• Is there a way to run Cisco Unified CM Assistant Configuration Wizard again in CCM 7.1(3)?

  I had issues when running the Assistant Configuration Wizard in the first time. Is there a way to run it again in CCM 7.1(3)?
  Thank you
  Marcos

  Marcos,
  The answer is no.  You can use the Cisco Unified Communications Manager Assistant Configuration Wizard only once in a Cisco Unified Communications Manager cluster configuration. The feature verifies the number of times that the configuration wizard has been run (zero or 1). If the configuration wizard has been run once, the summary window automatically displays. The summary window displays the details and status of the configuration wizard that was previously run. If the configuration has not been run, the configuration process continues.
  Hailey
  Please rate helpful posts!

• Live migration to HA failed leaving VHD on local storage and VM in cluster = Unsupported Cluster Configuration

  Hi all
  Fun one here, I've been moving non-HA VMs to a HA and everything has been working perfectly until now.  All this is being performed on Hyper-V 2012R2, Windows Server 2012R2 and VMM 2012R2.
  For some reason on the VMs failed the migration with an error 10608 "Cannot create or update a highly available virtual machine because Virtual Machine Manager could not locate or access Drive:\Folder"  The odd thing is the drive\folder is
  a local storage one and I selected a CSV in the migration wizard.
  The net result is that the VM is half configured into the cluster but the VHD is still on local storage.  Hence the "unsupported cluster configuration" error.
  The question is how do I roll back? I either need to get the VM out of the cluster and back into a non-HA state or move the VHD onto the CSV.  Not sure if the latter is really a option.
  I've foolishly clicked "Ignore" on the repair so now I can't use the "undo" option (brain fade moment on my part).
  Any help gratefully received as I'm a bit stuck with this.
  Thanks
  Rob

  Hi Simar
  Thanks for the advice, I've now got the VM back in a stable state and running HA.
  Just to finish off the thread for future I did the following
  - Shutdown the VM
  - Remove the VM from the Failover Cluster Manager (as you say this did leave the VM configuration intact)
  - I was unable to import the VM as per your instructions so I copied the VHD to another folder on the local storage and took a note of the VM configuration.
  - Deleted the VM from VMM so this removed all the configuration details/old VHD.
  - Built a new VM using the details I saved from the point above
  - Copied the VHD into the new VMs folder and attached it to the VM.
  - Started it up and reconfigured networking
  - Use VMM to make the VM HA.
  I believe I have found the reason for the initial error, it appears there was a empty folder in the Snapshot folder, probably from an old Checkpoint that hadn't cleaned up properly when it was deleted.
  The system is up and running now so thanks again for the advice.
  Rob

• Hyper-V Failover Cluster Configuration Confirmation

  Dear All,
          I have created a Hyper-V Failover Cluster and I want you to confirm if the configuration I have done is okay and I have not missed
  out anything that is mandatory for a Hyper-V Failover Cluster to work.  My configuration is below:
  1. Presented Disks to servers, formatted and taken offline
  2. Installed necessary features, such as failover clustering
  3. Configured NIC Teaming
  4. Created cluster, not adding storage at the time of creation
   - Added disks to the cluster
   - Added disks as CSV
   - Renamed disks to represent respective CSV volumes
   - Assigning each node a CSV volume
   - Configured quorum automatically which configured the disk witness
   - There were two networks so renamed them to Management and Cluster Communication
   - Exposed Management Network to Cluster and Clients
   - Exposed Cluster Communication Network to Cluster only
  5. Installed Hyper-V
   - Changed Virtual Disks, Configuration and Snapshots Location
   - Assigned one CSV volume to each node
   - Configured External switch with allow management option checked
  1. For minimum configuration, is this enough?
  2. If I create a virtual machine and make it highly available from hyper-v console, would it be highly available and would live
  migrate, etc.?
  3. Are there any configuration changes required?
  4. Please, suggest how it can be made better?
  Thanks in advan

  Hi ,
  Please refer to following steps to build a hyper-v failover cluster :
  Step 1: Connect both physical computers to the networks and storage
  Step 2: Install Hyper-V and Failover Clustering on both physical computers
  Step 3: Create a virtual switch
  Step 4: Validate the cluster configuration
  Step 5: Create the cluster
  Step 6: Add a disk as CSV to store virtual machine data
  Step 7: Create a highly available virtual machine 
  Step 8: Install the guest operating system on the virtual machine
  Step 9: Test a planned failover
  Step 10: Test an unplanned failover
  Step 11: Modify the settings of a virtual machine
  Step 12: Remove a virtual machine from a cluster
  For details please refer to following link:
  http://technet.microsoft.com/en-us//library/jj863389.aspx
  Hope it helps
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Cisco ESA Deployment

  Hello Everyone,
  I have seen deployment guides of Cisco ESA stating that the ESA is to be deployed in the DMZ network
  Can We deploy Cisco ESA and also the internal mail server in the same network ?

  You can, but you need to make sure that email (inbound and outbound) flows through the ESA and nothing is direct to your email server. Putting ESA on the edge does make the deployment and future troubleshooting easier.
  Hope it helps.

• HFM Cluster configuration is failing in distributed environment

  Hi Gurus,
  I am configuring HFM 11.1.2 on windows 2008 server with sql server 2005.This is a distributed installation.
  Server 1:
  Financial Management Server
  Server 2:
  Financial Management Web Services Web Application
  Financial Management Web Services IIS Web Application
  Financial Management Smart View IIS Web Application
  Financial Management IIS Web Application
  Financial Management LCM IIS Web Application
  Server 3: SQL Server 2005
  on server 1 i am able to configure the hfm but when i tried cluster configuration from server 2 then its failing and giving the error "Tue Sep 14 05:43:13 2010) Failed to register cluster: Access is denied. Line:3809 File: .\CEPMWindowsConfig.cpp Error code:0x80070005 Error: Access is denied.
  (Tue Sep 14 05:43:13 2010) Failed to register cluster containing server adc6140810: IDispatch error #1553"
  can you help me to ressolve this issue.
  Thanks
  Krishna

  Hello Krishna,
  Any luck fixing this issue? I am experiencing the same issue. Please advise, thank you.

• Cross-WAN Cluster Configuration in JMQ

  Hi MQ experts,
  Here I have some questions regarding the JMQ cluster configuration
  with regard to the cross WAN support. Let say there are two JMQ
  brokers located in two different geo locations (e.g. one in NY and the
  other in SF) configured to participating in the same JMQ cluster, and
  several JMQ clients are configured to talk to their local JMQ broker in
  either site.
  Given the above configuration, here are my questions:
  * Does this configuration work from the functionality point of view?
  * What is the protocol/mechanism used for the inter-broker communication?
  * Does this configuration (cross WAN) work from the performance's point of view? If so, is there s is any specific configuration that needs to be done (for instance, we heard if HTTP is being used for the data synchronization between these two brokers across the WAN then it's possible, etc.)?
  * For the clients on each site, if the home broker fails, then does the failover mechanism work well in this cross-WAN configuration?
  * If this is indeed a supported configuration, is there any other documentation/performance benchmark reporting from which we can get more information?
  Thanks in advance for any information that you can share with us.
  -Alan

  hi alan,
  1) yes it will work functionally
  2) dont know exactly but i think there are several
  3) what will you use about openmq? what are the charackteristics for your usage? queues/topics temp queues .... lots of things to ask.
  4) it will work
  5) i think it is not supported since WAN capabilities are just in development and are planned for the next releases.
  regards chris

• Unsupported Cluster configuration.

  Hi 
  Im getting below error on refershing the host cluster I get below error . I have 2 hosts in the cluster and VMs report unsupported cluster configuration. SCVMM 2012 SP1 dont seem to see the Logical Switches . Although Upon restarting WMI Services on the
  host seem to fix the issue but after couple of weeks time I get the same error again. Upon doing some research I suspect when NIC Team moves the VNICs around and SCVMM agent doesnt get the latest information and therefore shows this error . 
  Solutions I have applied so for and get no joy are below 
  1. No snapshots are saved 
  2. No ISO files are mounted 
  3. VSS service set to manual 
  4. Host switches have same name 
  5. all VHD files are stored on CSV Volumes. 
  6. Set one NIC in team as standby because MAC Address of the host management network  is same as physical address as I have inherited the settings while creating logical networks. 
  Can Anyone please help 

  Hi Ed -
  thanks for response
  Although the other thread is referring to same error . I have already read that thread before starting a new one. This has been a known issue from 2008 R2 era . I have updated my SCVMM 2012 SP1 to rollup 7 but still seem to be an issue somewhere .  I
  can confirm that DNS server are same on both the hosts . 
  Does anyone think of anything else . Im happy to post the logs if anyone knows .
  Thanks
  Mumtaz 

• O2cb_ctl : unable to load cluster configuration file while  RAC setup.

  OCFS2: unable to load cluster configuration file
  Hi,
  I installed OCFS2 successfully.
  I successfully install 3 RPMs.
  I am getting error while running ocfs2console to do cluster configuration.
  I tried to run this manully using "o2cb_ctl -C -n NODENAME -t node -a number=NODENUM -a ip_address=IPADDR -a ip_port=IPPORT -a cluster=CLUSTERNAME "
  this commnd. but getting error as
  "o2cb_ctl: Unable to access cluster service while creating node Could not add node "
  Then I edited this file manually and copied to another nodes using SCP. Then tried to use o2cg_ctl utility as
  # /etc/init.d/o2cb offline ocfs2
  # /etc/init.d/o2cb unload
  # /etc/init.d/o2cb configure
  Configuring the O2CB driver.
  Next, I configure /etc/ocfs2/cluster.conf:
  cluster:
  node_count = 2
  name = oracle
  node:
  ip_port = 7777
  ip_address = 140.187.222.222
  number = 1
  name = ocvmrh2053
  cluster = oracle
  node:
  ip_port = 7777
  ip_address = 140.187.222.222
  number = 2
  name = ocvmrh2051
  cluster = oracle
  Next, I try to load ocfs2 modules by command: o2cb load - everything messages is OK
  And I try switch ocfs2 cluster to online (by o2cb online oracle), write this error message:
  Starting cluster oracle: Failed
  o2cb_ctl: Unable to load cluster configuration file "/etc/ocfs2/cluster.conf"
  Stopping cluster oracle: Failed
  o2cb_ctl: Unable to load cluster configuration file "/etc/ocfs2/cluster.conf"
  I think both errors i get are due to same issue. Please kindly reply if anyone having idea.
  Thanks.
  Please anyone can help me to resolve this.
  Message was edited by:
  user596035

  provide output of this command from all OCFS2 nodes:
  ls -l /etc/ocfs2/cluster.conf
  Regards,
  Martin

• Windows 2003 Standard Edition (Cluster Configuration Storage page)

  I am trying to install RAC R2 on windows Server 2003 (Standard Edition). I am using FireWire 800 SIIG to connect to Maxtor OneTouch III External HDD.
  When installing cluster Services, i do not see the Cluster Storage Devices. When i go to Computer Management, i see all the partitions of the raw device.
  One "Cluster Configuration Storage" page, the Available Disks show no partitions.
  Oracle installtion documentation says "On the Cluster Configuration Storage page, identify the disks that you want to use for the Oracle Clusterware files and, optionally, Oracle Cluster File System (OCFS) storage. Highlight each of these disks one at a time and click Edit to open the Specify Disk Configuration page where you define the details for the selected disk"
  In my case, i do not see any disks. What am i missing?
  Any Thoughts. Please advise
  Thanks
  -Prasad
  Message was edited by:
  pinjam

  You have a more fundamental problem, Firewire disks will not work for RAC on Windows. The storage needs to be shared, Firewire disks can't be shared on Windows. On Linux, Oracle took the open source firewire driver and modified it to allow more than one host to connect. On Windows the driver is closed source so they can't do that.
  I presume you are wanting to try-out RAC on Windows, If so another solution may be to download one of the many iSCSI Servers that are available. Microsoft ship an iSCSI Initiator for Windows, this allows you to share a 'block device' which is what RAC needs - then you can choose your RAC Database storage method of choice, ASM, OCFS, RAW. I prefer ASM

• How to install webcenter sites 11.1.1.6 or 11.1.1.8 in cluster configuration and delivery mode?

  I am trying to install webcenter sites 11.1.1.6 using cluster configuration and in delivery mode but its not getting installed properly.
  Can anyone please share on the steps to follow while installing webcenter sites in delivery environment?

  The recommendation from the Oracle WebCenter & ADF Architecture Team is to keep the parts decoupled, installing WebCenter Sites on a separate machine. Otherwise it would be leading towards a 'Type 3' integration. Specifically looking at the proof-of-concept application 'Spark', which requires WebCenter Sites and WebCenter Portal installed on the same machine:
  +"Due to this co-deployment requirement, most clients have avoided installing or using Spark. And not without reason: installing two big, complex applications on the same environment is problematic with regards to scalability and tuning."+
  http://blogs.oracle.com/ATEAM_WEBCENTER/entry/integrating_webcenter_sites_with_webcenter3
  The introductory article on integrating WebCenter Sites and WebCenter Portal:
  http://blogs.oracle.com/ATEAM_WEBCENTER/entry/integrating_webcenter_sites_with_webcenter
  Thanks

• Cisco desktop administrator Services Configuration Multiline, Monitoring & Recording Remove VoIP/Recording & Playback Services

        I remove default VOIP Monitor Service in "Cisco desktop administrator>Services Configuration > Multiline, Monitoring & Recording >Remove VoIP/Recording & Playback Services". Now I can't choose in  "Services Configuration > Multiline, Monitoring & Recording > VoIP Monitoring Device" Default VOIP Monitor Service. How can I return choice my VOIP Monitor Service(IP UCCX)?     

  Hi Kalitamih,
  This can be regenerated by the Cisco Desktop VOIP Monitor Service.
  Please stop the service and start it (do not restart). Let me know how it goes and if it resolves the problem.
  Regards,
  Arundeep

• Alert: The backup operation for the cluster configuration data has been canceled due to an abort request

  Hello,
  Alert: The backup operation for the cluster configuration data has been canceled due to an abort request
  Alert description: The backup operation for the cluster configuration data has been canceled. The cluster Volume Shadow Copy Service (VSS) writer received an abort request.
  This is the backup of VSS which is sending this alert every morning.
  Event ID 1544
  All fixes I found are applied..
  kb2277439 has already been applied
  978527 is there too
  975921 is there too..
  any other id
  Cluster Node /Status gives both nodes up A & B
  The error is coming only on Node A...
  Any idea?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hi,
  Which backup software do you use to do a backup? Please also try to apply those hotfix on the Cluster:
  A transient communication failure causes a Windows Server 2008 R2 failover cluster to stop working
  http://support.microsoft.com/kb/2550886
  The network location profile changes from "Domain" to "Public" in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2524478
  Recommended hotfixes and updates for Windows Server 2008 R2 SP1 Failover Clusters
  http://support.microsoft.com/kb/2545685/EN-US
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.