Management
Management

Backup Security Director installation?

‎04-22-2019 10:21 AM
Hi,

Can I install another Security Director server (ESXi) at one of my other data centres and configure it to act as the backup server? I do this at the moment with Checkpoint - the primary and secondary servers have a heart beat link ... if primary goes down then the secondary realises and makes itself the primary to push out firewall policies to the gateways.

Thanks
8 REPLIES 8
Management

Re: Backup Security Director installation?

‎04-22-2019 11:07 AM
Hi,

You can deploy second server as a secondary fabric node, while the ova deployment it will ask if it will be a part of cluster or not, you can say yes there and then add it as a fabric.


For more details please check: https://www.juniper.net/documentation/en_US/junos-space17.1/platform/topics/concept/junos-space-gett...


Regards,
PL
Management

Re: Backup Security Director installation?

‎04-22-2019 11:17 AM

Also, in case your network is not allowing multicast communication, try this: 

 

https://www.juniper.net/documentation/en_US/junos-space17.2/platform/topics/task/operational/junos-s...

 

 

Management

Re: Backup Security Director installation?

‎04-22-2019 11:21 AM
Thanks,

But really I need a second installation as a failover server for security director.

The above guide needs both servers to be in the same subnet which won’t work for my scenario.

I will have these servers in completely different locations on different subnets. They can communicate but will not be in the same subnet.

Can I just setup a second security director installation and tell this one it is the failover?
Management

Re: Backup Security Director installation?

‎04-22-2019 11:51 AM

We use Junos Space disaster recovery with our ESX setup

 

One site is primary one is secondary files are copied down to the secondary site every day and the seconday junos space server only takes over if their is a total failure at the primary location

 

You have to match memeory cpu's and hard drive space on the ESX host in both the primary and secondary sites

Attachments

Highlighted
Management

Re: Backup Security Director installation?

‎04-22-2019 11:55 AM
That’s interesting - do you need special license for that product to work? Does it cost money etc?

Thanks
Management

Re: Backup Security Director installation?

‎04-22-2019 01:35 PM

There is an official disaster recovery solution for Junos Space with a standby enviroment with database syncronization. The description can be found here:

https://www.juniper.net/documentation/en_US/junos-space18.1/platform/topics/concept/disaster-recover...

 

In general you would only need licenses for Junos Space and Security Director on the primary/active installation. Doing the manual disaster recovery will import the licenses from the backup.

 

Right now I cannot find information on the full disaster recovery solution will require licenses on both sites. I will try to find out an update this thread if other people have not been able to answer before me.


--
Best regards,

Jonas Hauge Klingenberg
Systems Engineer, SEC DATACOM A/S (Denmark)
Management

Re: Backup Security Director installation?

‎04-22-2019 07:21 PM

Ideally, you would need JS-Platform license for each node in a Space Cluster or Fabric deployment.

Management
Solution
Accepted by topic author oban3jimmy
‎05-11-2019 11:30 AM

Re: Backup Security Director installation?

‎04-30-2019 04:30 AM

Just got information back from internal ressources:

 

If you deploy a set of DR Space instances, these will need to be licensed as well as your primary site.

So a fabric of two space nodes on each site will require 4 x JS-PLATFORM licenses as well as application licenses on top (eg. JS-SECDIR-X).


--
Best regards,

Jonas Hauge Klingenberg
Systems Engineer, SEC DATACOM A/S (Denmark)