SSL VPN
Reply
Contributor
mcm0362
Posts: 18
Registered: ‎02-19-2008
0

Cluster SA2000 procedure upgrade

Hello,

 

I need to upgrade a cluster of two SA 2000 (active/standby). I need to know which is the best procedure.

I'll do in this way:

  1. Shutdown the standby SA 2000 unit (in order to preserve a node in the working firmware).
  2. Upgrade the active node.
  3. Verify the firmware adn in case of problem shutdown this node and power on the standby unit.
  4. If all works fine I'll upgrade out of band the standby unit.
  5. Power on the standby unit

Can you agree with me??

Many thanks

Marco 

Contributor
joels
Posts: 18
Registered: ‎03-13-2008
0

Re: Cluster SA2000 procedure upgrade

There's not really any need to shut them down.

 

Just disable the cluster (otherwise known as 'breaking the cluster'), then ensure you can then connect as admin to each device.

 

Upgrade the OS on each device in turn, ensuring they come up again ok after a reboot.

 

Enable the cluster again. Check the cluster properties and the event log to make sure they are both ok.

 

Done.

 

Joel.

Contributor
joepope
Posts: 18
Registered: ‎11-14-2007
0

Re: Cluster SA2000 procedure upgrade

Why do it that way?  If it is a true Active/Passive cluster, you can upgrade the firmware without shutting down the passive node.

You connect to the Web GUI (with the VIP IP).  Make sure you make a local backup of your configuration (Maintenance > Archiving > Local Backups).  Then start the firmware upgrade (Maintenance > System > Upgrade/Downgrade).  The cool thing is that all connections will be switched to the Passive node while the Active node is upgraded.  Once that is complete, the connections will be switched back to the Active node and the Passive node will be upgraded.  You can upgrade the cluster while users are connected!

 

We do this on our SA4000 Active/Passive cluster and have never had a problem!

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: Cluster SA2000 procedure upgrade

Are you using NC?  Are NC sessions maintained for a A/P cluster during upgrade?
Contributor
mcm0362
Posts: 18
Registered: ‎02-19-2008
0

Re: Cluster SA2000 procedure upgrade

Hi,

 

my customer use clients with NC and the distribution of new NC is not so simply.

So we need to preserve an unit with the older version: we see that there are no problem to connect to IVE with new NC version.

I'll try to explain to my costumer this procedure.

Thanks to your help

Marco 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.