This is so that they can spoof the virtual MAC addresses of the virtual IP's that are shared by the HA pair. This should ensure that they are identified as eth0, eth1 and eth2.įor each adapter, you also need to enable MAC address spoofing. Double check to ensure that the interfaces of the host itself do in fact bind to the desired network.Īttach the network adapters in order. The requirement is also for the replica to support broadcast UDP, which may not be enabled in your switch infrastructure.Ĭreate a Sohpos UTM Virtual Machine on each hostīoth virtual machines need to be identical from a network interface perspective so take extra care to make sure you get this right. It is rare for switch gear to fail but you don’t want a power outage on the switches to cause your HA cluster to start failing back and forth. I suggest using a crossover cable for the heartbeat network. All three switches are of the External Type. Sophos UTM has a minimum requirement of three network interfaces:Ĭreate three switches that correlate to the networks. NOTE: Although it is possible to build a HA pair on a single Hyper-V host, it does not work 100% due to the way MAC spoofing is handled. This of course, means that all of the steps below need to be configured on both hyper-V hosts. This is typical since the hardware failure of a single host should not affect both of your Sophos UTM virtual machines.
I am going to build the Active - Passive High Availability (HA) deployment over two hyper-V hosts. Preparing the virtual switch requirements In this article, I will take you through the steps to deploy Sophos UTM in Hot Standby mode using Hyper-V. Building a Sophos UTM Hot Standby (Active Passive) Environment You would need to perform a factory reset on the devices before you can break the cluster. You can change your deployment from Hot Standby to Cluster but you cannot change it back. It is therefore almost a given that if you have enough virtual infrastructure you should be running an Active Passive pair. In a virtual deployment you don’t even need to purchase the UTM hardware. This mode allows for high availability but without the performance gain.ĭue to the way Sophos UTM is licensed, this is a very attractive deployment since only the active node needs to be licensed. The other node is ready and waiting to take over should the master fail. Hot Standby (Active-Passive) In this mode you have a primary or master node that is handling all of the traffic. This mode allows for increased throughput in your UTM environment since all nodes are doing their share of the workload. You can configure Sophos UTM to operate in one of two High Availability modes:Ĭluster (Active – Active) In this mode, both nodes are actively handling traffic.
SET UP SOPHOS HOME UTM PATCH
A common example of this is routine periodic patch cycles that require a reboot of the host.
Deploying Sophos UTM in a High Availability pair allows for continuous uptime of the Sophos UTM services in the event that one of the UTM nodes fails.įailures can occur due to hardware or system crashes on the UTM, or in a virtual environment the failure can occur on the hypervisor host itself.
0 kommentar(er)
