High Availability mode

High Availability mode (HA) lets you replicate data between two Central Management Consoles (CMC).

Figure 1. High Availability (HA) settings

High Availability (HA) settings

General

To enable the highest level of resiliency, both Central Management Console (CMC)s must replicate each other. This is to ensure that when a CMC stops working, the connected sensors continue to send data to the replica CMC. This will also ensure that the data on each CMC will be kept up to date with the other CMC.

Passwords

When configuring high availability (HA), we recommend that users choose the same admin password for both CMCs to avoid confusion. This is because during HA configuration, admin accounts are merged across both HA and CMCs and local users are synchronized. If each CMC has a different password for the admin account, then after HA configuration, only one of the passwords will work and it will be the same password for both CMCs.

Active Directory

Users from Active Directory are not replicated.

Threat Intelligence and Asset Intelligence

Threat Intelligence (TI) and Asset Intelligence (AI) contents are only available if the CMC has a valid license for those products (TI and AI, respectively).

Data integrations

Data integrations are not replicated. To avoid sending duplicated information, you must manually configure the same data integration on both machines, in the same exact manner. For example, with the same endpoint and options.

Replicated data

When two CMCs are configured to work together for HA, to avoid duplications and conflict, you need to perform some configurations only on one CMC. For more details, see Replicated data. The CMC will take care of replicating the configuration options. For example, alert rules and zone configurations are replicated from one CMC to another.

Failover functionality

When one CMC fails, sensors will automatically fail over to the replicated CMC.

HA update policy

This section lets you control these settings:

  • Allow the software update to propagate to the HA partner CMC
    Note: While this is set to Allow, the CMC running the newer version of Nozomi Networks Operating System (N2OS) will propagate the update bundle to the other CMC.
  • Deny the software update from propagating to the HA partner CMC
    Note: While this is set to Deny, the CMC running the newer version of N2OS will not propagate the update bundle to the other CMC.
  • Force update to propagate to the HA partner CMC
    Note: The CMC running the newer version of N2OS will propagate the update bundle to the other CMC just once. As soon as the update is completed, the Force update option will be automatically disabled.