Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 6837 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot set up HA between two physical UTM9s (Advantech ARK20s)

John Ypsilantis

I have been running UTM9 for about a year now, with no issues, on an Advantech ARK-20 industrial PC. The unit is running the latest version of UTM9 as at 3/Feb/2018 (ver.9.506-2).

I have tried to set up an identical ARK-20 as a hot standby, with auto configuration and manually. In each case, the new device is detected and starts to sync, but once the new unit restarts its NICs (during the course of sync), communication between the two is lost and the new node is reported as dead.

I am running a home licence at the moment, which appears to allow configuration of HA. Do I need to purchase a licence to enable this feature?

I have tried a number of combinations for setting up the second ARK-20, using information from this community. However, the result is always the same - a "dead" slave unit shortly after sync starts.

I would much prefer to run the second ARK-20 as an online backup, rather than a cold spare.

Any assistance would be greatly appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi John and welcome to the UTM Community!

    I'm sure that the home-use license doesn't allow Hot-Standby.  The cost for a commercial license with the same capabilities as the home license is over US$60/month when purchased as a 3-year subscription, so the cold spare is probably more practical.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1 in reply to BAlfson

    Hi there,

    Bob, sorry you are wrong. I'm running a HA with home use license since years as a hyper-v active / passive System.

    Maybe there is a cable issue.

    Regards

    mod

  • 0 in reply to mod2402

    Thanks, mod, I haven't ever used my home license, but I saw that it had ClusterNodes = 0.  I see now that that's the case at one client site that's definitely on Hot-Standby.  I was mis-remembering a time when I generated a demo license so that a client could see if they might want to have an Active-Active cluster.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to mod2402

    Dear all,

    Thanks for your comments.

    As it turns out, the home licence does in fact allow HA (but not clustering).

    I think that my problem stems from the fact that I tried to retrofit a HA backup to a system that had been running for about a year, and had a years' updates applied, and/or the fact that the heartbeat NIC appeared as eth2 on one system, and eth4 on the other. After trying a few combinations, I managed to get a HA server pair running as follows:

    1. Ensure that the primary server was up to date,

    2. Backup the primary server and save the backup offline

    3. Download the latest .iso and use it to install reinitialise the primary, with all NICs installed

    4. Reapply licence to the primary, restore backup and set it up for HA. Connect all NICs except heartbeat, and start the server

    5. Install and initialise the secondary server with all NICs in place

    6. Apply licence to the secondary, and select "Automatic Configuration" 

    7. Connect the secondary's NICs, connect the heartbeat between the two systems, and start the secondary

     

    The only caveat is that all history, logs etc are lost. Not an issue for myself but it could be for others

     

    The secondary successfully auto-configured when I followed the above steps. I have since failed the servers over and back a few times and everything seems to be working perfectly.

     

    Best regards,

    John

Reply
  • 0 in reply to mod2402

    Dear all,

    Thanks for your comments.

    As it turns out, the home licence does in fact allow HA (but not clustering).

    I think that my problem stems from the fact that I tried to retrofit a HA backup to a system that had been running for about a year, and had a years' updates applied, and/or the fact that the heartbeat NIC appeared as eth2 on one system, and eth4 on the other. After trying a few combinations, I managed to get a HA server pair running as follows:

    1. Ensure that the primary server was up to date,

    2. Backup the primary server and save the backup offline

    3. Download the latest .iso and use it to install reinitialise the primary, with all NICs installed

    4. Reapply licence to the primary, restore backup and set it up for HA. Connect all NICs except heartbeat, and start the server

    5. Install and initialise the secondary server with all NICs in place

    6. Apply licence to the secondary, and select "Automatic Configuration" 

    7. Connect the secondary's NICs, connect the heartbeat between the two systems, and start the secondary

     

    The only caveat is that all history, logs etc are lost. Not an issue for myself but it could be for others

     

    The secondary successfully auto-configured when I followed the above steps. I have since failed the servers over and back a few times and everything seems to be working perfectly.

     

    Best regards,

    John

Children
  • 0 in reply to John Ypsilantis

    An alternative would have been to change the NIC order on the new device:

    edit /etc/udev/rules.d/70-persistent-net.rules

    Save the file and restart the UTM so the new order is loaded.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML